Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
Last month I tested 5 security products and 5 browser addons against new phising and malwaresites.

Phishing sites:
Mcafee add-on85.09%
Norton add-on66.29%
Bitdefender add-on65.42%
Trend Micro IS63.81%
Trend Micro add-on55.90%
Emsisoft54.06%
F-Secure Safe50.00%
G-Data IS49.55%
Malwarebytes add-on41.18%
Sophos Home Pro30.53%

Malware sites:
Bitdefender add-on77.13%
McAfee add-on71.50%
Malwarebytes add-on66.52%
G-Data IS65.18%
Trend Micro IS62.37%
F-Secure Safe57.53%
Sophos Home Pro52.01%
Emsisoft41.62%
Norton add-on41.16%
Trend Micro add-on30.65%
That’s a great ranking!
Whats noticeable though, is that phishing detection can go downhill for some vendors depending on the region. For example most phishing websites in greek language have poor detection rates from vendors that are pretty good on non region specific websites.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
That’s right. The in-product blocking abilities (Web Shield) are based on technology that was acquired by AVG from Exploit Prevention Lab. This technology was developed to detect drive-by downloads and other attempts to exploit browser vulnerabilities. In the beginning, it used to scan all sites in real time one by one as they are displayed on Google searches.
This quickly caused outrage and headlines such as this:

It was then changed to Just-in-Time (JIT) analysis as users open the website to reduce complaints from web admins.
This analysis is based on heuristics and other data and is more powerful than just using a blacklist as the extension or the mobile products do.
Interesting! I thought it was just their db. Nice to see such technologies that can detect new phishing sites without the need to be already known.
I wonder if other big players such as NortonLifelock, Kaspersky &. ESET do the same.
Norton for example I think uses its IPS for finding malicious patterns in traffic that’s also not db based (provided their addon is not installed).
Phishing is going to become an even bigger problem according to predictions and vendors are still mediocre at that concerning that AI based content will thrive. 2/3 is not good. but it’s already a difficult war
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Interesting! I thought it was just their db. Nice to see such technologies that can detect new phishing sites without the need to be already known.
I wonder if other big players such as NortonLifelock, Kaspersky &. ESET do the same.
Norton for example I think uses its IPS for finding malicious patterns in traffic that’s also not db based (provided their addon is not installed).
Phishing is going to become an even bigger problem according to predictions and vendors are still mediocre at that.
More or less all of them use the same technology.

They use crawlers and automated analysis that will look for brand impersonation, suspicious Whois data and other signs. Many of them perform JIT (also called on-the-fly) analysis but there are several factors that will divide products in winner and loser groups:

  • How effective the heuristics are (depends on researchers and data scientists there)
  • How well the security vendor knows banks around the world
  • How effective and resistant to “fooling” the automated analysis is
  • How many users the product has — the more users, the more websites will be submitted for analysis
  • How big is the “honeynet” that captures phishing and SPAM
  • Other proprietary technologies such as page fingerprinting, etc.
Symantec/Norton use page fingeprinting, IPS (Deep Packet Inspection), reputation, heuristics, denylist and others.
I would assume Kaspersky uses all that too (excluding IPS). Eset boosts the phishing detection by adding heuristics to the antivirus engine.

Yes, it is not possible to identify 100% of all Phishing pages, just like it’s not possible to identify 100% of all malware or SPAM due to the lack of predictability.

Users should be looking at the URL carefully and should ensure that they enter their information on the correct page. A bank or an institution will never send them an email asking for personal information — any bank knows more about its clients than they know about themselves.
It’s always better to contact an institution directly over the phone or through their mobile app.

Solutions like F-Secure with its banking protection that adds a green border are useful as well - users can make sure they use genuine website by looking for the green border.
 
Last edited:

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
Fake eshops are also a problem. I have found like 8 Timberland fake estores (with bad greek translation - Later on, accessible AI will help with automated precise translation) that have very small detection rates from most vendors. Kaspersky, Norton, Fsecure , Safe Web addon (not IPS) & BitDefender (traffic light & AV) detect almost all of them. Eset detects one or two, McAfee 3, Avast about half.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Fake eshops are also a problem. I have found like 8 Timberland fake estores (with bad greek translation - Later on, accessible AI will help with automated precise translation) that have very small detection rates from most vendors. Kaspersky, Norton, Fsecure , Safe Web addon (not IPS) & BitDefender (traffic light & AV) detect almost all of them. Eset detects one or two, McAfee 3, Avast about half.
I created a video on this topic:


What’s interesting is that scammers have definitely seen this video. They took the sites displayed there down and attempted to do slightly better. They failed.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
I created a video on this topic:


What’s interesting is that scammers have definitely seen this video. They took the sites displayed there down and attempted to do slightly better. They failed.

Great educating video, but my conceen is that AI will very soon “fix” most abnormalities that can make the average user not fall victim. There are already fake shops with normal prices & product categories for example. So, attention to technical things, flags & code vs code aka anti phishing (man vs code is a lost war already) is the only way to go for me.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Great educating video, but my conceen is that AI will very soon “fix” most abnormalities that can make the average user not fall victim. There are already fake shops with normal prices & product categories for example. So, attention to technical things, flags & code vs code aka anti phishing (man vs code is a lost war already) is the only way to go for me.
There will always be abnormalities that AI can not fix. For example, AI will hardly help them build a real shop - upon Googling the address, I’ve seen supermarkets, libraries, cafes and houses.
It won’t help them with the phone number either - they always leave invalid phone numbers.

So the war is not really lost, but users need to observe.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
There will always be abnormalities that AI can not fix. For example, AI will hardly help them build a real shop - upon Googling the address, I’ve seen supermarkets, libraries, cafes and houses.
It won’t help them with the phone number either - they always leave invalid phone numbers.

So the war is not really lost, but users need to observe.
We agree here 🤣
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
@Trident do you do any comparing still? Kinda wondering how will avast dns do against avast itself or against controld/dns0


ill try to do some comparing myself but dont have many sources for phishing/malware
For a solution to accurately identify phishing, it will be better to have access to the page content so it can check for brand impersonation. Because Avast doesn’t mention anywhere to offer newly registered domains blocking, you can expect to see lowered anti-phishing performance compared to the full package. Avast recently introduced DGA (domain generation algorithm) blocks to the web shield but it is not mentioned to be offered in the DNS. All in all, NextDNS and their sister service, Quad 9 and Control D will remain better options in terms of DNS protection.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Can someone test this url with controld or nextdns, does it get blocked as new domain since dns0 wont block it.


This url has been going for 4 days already and police yesterday annouanced this scam is going on

I have reported url to trend micro, netcraft, google and nothing has happened

Also wich way is easiest to block .info domains?
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Can someone test this url with controld or nextdns, does it get blocked as new domain since dns0 wont block it.


This url has been going for 4 days already and police yesterday annouanced this scam is going on

I have reported url to trend micro, netcraft, google and nothing has happened

Also wich way is easiest to block .info domains?
Screenshot 2023-10-15 165113.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top