Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

[Evjl's Rain]

Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings

Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings

Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings

Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings

Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings

Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings

Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings

Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings

Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings

Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings

Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings

Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings


Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links

Spoiler: Links

Dropbox - link test 17-3-2018.txt

Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

Spoiler: ublock origin filters

http://hosts-file.net/emd.txt
http://hosts-file.net/exp.txt
http://hosts-file.net/pup.txt
http://hosts-file.net/psh.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:

Winner: Google Safe Browsing

 

[silversurfer]

Malwarebytes Browser Guard did a perfect job to block malware-links 5/5, only weaker for Phishing but that depends on the links what I had collected
Phishing protection is less important, for that common sense help more to avoid ending up as victim...

Edit: Same result 5/5 (malware-links) blocked by SafeToOpen Online Security

 

[Pat MacKnife]

Bitdefender TrafficLight: 5/5 (Phishing) -- 5/5 (Malware)
McAfee WebAdvisor: 5/5 (Phishing) -- 5/5 (Malware)

These 2 are the best !

 

[oldschool]

Not sure how, for example, Brave uses Google Safe Browsing

I think it uses Standard Protection, local blocklist only,

 

[ForgottenSeer 107474]

@silversurfer

Thanks for all your work (imagine repeating tests and switching on/off different extension takes a lot of time).

I don't know whether you are planning to repeat it in the future, but when you would do this test again for us, could you please include EMSIsoft Browser Protection?

 

[simmerskool]

Joining with the others, big thanks for this test. I mentioned browser extension "Conceal" the other day (somewhere here) after I saw it on my DeepInstinct reseller website. Reseller said it is not available to individuals. Running the VM with Checkpoint Harmony endpoint security which has its own browser extension. Maybe @Trident has a way to make Harmony extension available for testing as I very vaguely understood it is / can be a stand-alone? Or perhaps no need to test niche paid stuff. I'm just curious if Harmony extension is a good as the free ones tested, I assume so.

 

[blackice]

Looking back at this thread linked from another post. I have been using Malwarebytes extension for some time on machines without F-Secure. I tried Trafficlight again and most pages do load snappier. So, faster and better filtering

 

[Vitali Ortzi]

Looking back at this thread linked from another post. I have been using Malwarebytes extension for some time on machines without F-Secure. I tried Trafficlight again and most pages do load snappier. So, faster and better filtering

Malwarebytes extension is heavy and that's its main drawback

 

[Vitali Ortzi]

if anyone is planning any test i would love if you can include checkpoint extension and even better if you set "urlf_unclassified": "block" in the json config of the extension as it should block all phising in that setting unless checkpoint misclassified a site or the site was updated , compromised(i guess thats how it could be bypassed )
link to a thread about the extension that includes a download link Serious Discussion - [Extension]Checkpoint harmony web protection

 

[Vitali Ortzi]

More or less all of them use the same technology.

They use crawlers and automated analysis that will look for brand impersonation, suspicious Whois data and other signs. Many of them perform JIT (also called on-the-fly) analysis but there are several factors that will divide products in winner and loser groups:

• How effective the heuristics are (depends on researchers and data scientists there)
• How well the security vendor knows banks around the world
• How effective and resistant to “fooling” the automated analysis is
• How many users the product has — the more users, the more websites will be submitted for analysis
• How big is the “honeynet” that captures phishing and SPAM
• Other proprietary technologies such as page fingerprinting, etc.

Symantec/Norton use page fingeprinting, IPS (Deep Packet Inspection), reputation, heuristics, denylist and others.
I would assume Kaspersky uses all that too (excluding IPS). Eset boosts the phishing detection by adding heuristics to the antivirus engine.

Yes, it is not possible to identify 100% of all Phishing pages, just like it’s not possible to identify 100% of all malware or SPAM due to the lack of predictability.

Users should be looking at the URL carefully and should ensure that they enter their information on the correct page. A bank or an institution will never send them an email asking for personal information — any bank knows more about its clients than they know about themselves.
It’s always better to contact an institution directly over the phone or through their mobile app.

Solutions like F-Secure with its banking protection that adds a green border are useful as well - users can make sure they use genuine website by looking for the green border.

100% pishing training is the best defense as there is no way to block all pishing sites

 

[TairikuOkami]

there is no way to block all pishing sites

Phishing/malware webpages are reported pretty fast (~2 hours). Blocking NRDs is an effective way of blocking, since 99% are gone within days or even hours. Hardly any survive 30+ days.

 

[simmerskool]

fwiw I've cut back some: ublock orgin default easy, privacy badger, DDG, (haven't decided between adding Trafficlight or Emsisoft currently neither) & usually in firejailed firefox in linux. I do have Malwarebytes installed in a few places.

 

[oldschool]

ublock orgin default easy, privacy badger, DDG,

Why all three of these? Pick one of them.

 

[Marko :)]

Why all three of these? Pick one of them.

I think this happened to him...

 

[simmerskool]

Why all three of these? Pick one of them.

really only one? DDG for search engine, although I guess you don't need DDG extension for that, & I thought the focus of privacy badger & ublock origin (default easy) were somewhat different, but did not research it that much. So are you saying run ublock orgin default that's all you need?

 

[oldschool]

DDG for search engine, although I guess you don't need DDG extension for that

Correct.

I thought the focus of privacy badger & ublock origin (default easy) were somewhat different,

Privacy Badger blocks trackers, but also some ads that include trackers. µBO blocks tracking, ads and more.

So are you saying run ublock orgin default that's all you need?

Yes. You may use it at default with the already enabled filter lists, or you may add more, included filter lists, and you may add custom filter lists. Your choice.

 

[simmerskool]

Correct.

Privacy Badger blocks trackers, but also some ads that include trackers. µBO blocks tracking, ads and more.

Yes. You may use it at default with the already enabled filter lists, or you may add more, included filter lists, and you may add custom filter lists. Your choice.

Eg on this page, privacy badger is blocking 1 that ublock is not blocking which seems easier than adding more filters & custom lists to ublock...

 

[Brie]

youtube made me turn off 'ublock origin' and other ad blocker's.

 

[Jan Willy]

Eg on this page, privacy badger is blocking 1 that ublock is not blocking which seems easier than adding more filters & custom lists to ublock...

Quote from Privacy Badger:
"Privacy Badger is an algorithmic tracker blocker – we define what “tracking” looks like, and then Privacy Badger blocks or restricts domains that it observes tracking in the wild. What is and isn’t considered a tracker is entirely based on how a specific domain acts, not on human judgment."
So PB can identify trackers that don't occur on filterlists.

 

[ErzCrz]

uBO is really good and I love adding filters and tweaking it but with Manifest V3 coming very soon and Chrome in particular now starting to remove addons that aren't MV3 compliant, it'll be uBO Lite which is pretty good just the filters are update with the addon update so I get some ads in Complete Mode, particularly with video streaming but it's the same with Ghostery so I stream with Firefox and then do my day to day stuff in Edge

I saw that Stacksocial has some great deals on Adgaurd Lifetime subscriptions today so really been considering it since it's desktop and works on all browsers but I need to research it more and do a Trial to see how well it works and they're now MV3 compliant. EDIT: WIll have to trial it because my ISP router doesn't allow DNS changes.

 

[Jan Willy]

they're now MV3 compliant

AG for Windows (desktop) has nothing to do with Google's MV3.