Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Malwarebytes Browser Guard did a perfect job to block malware-links 5/5, only weaker for Phishing but that depends on the links what I had collected ;)
Phishing protection is less important, for that common sense help more to avoid ending up as victim...

Edit: Same result 5/5 (malware-links) blocked by SafeToOpen Online Security👍
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Joining with the others, big thanks for this test. I mentioned browser extension "Conceal" the other day (somewhere here) after I saw it on my DeepInstinct reseller website. Reseller said it is not available to individuals. Running the VM with Checkpoint Harmony endpoint security which has its own browser extension. Maybe @Trident has a way to make Harmony extension available for testing as I very vaguely understood it is / can be a stand-alone? :unsure: Or perhaps no need to test niche paid stuff. I'm just curious if Harmony extension is a good as the free ones tested, I assume so.
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
if anyone is planning any test i would love if you can include checkpoint extension and even better if you set "urlf_unclassified": "block" in the json config of the extension as it should block all phising in that setting unless checkpoint misclassified a site or the site was updated , compromised(i guess thats how it could be bypassed )
link to a thread about the extension that includes a download link Serious Discussion - [Extension]Checkpoint harmony web protection
 
Last edited:

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
More or less all of them use the same technology.

They use crawlers and automated analysis that will look for brand impersonation, suspicious Whois data and other signs. Many of them perform JIT (also called on-the-fly) analysis but there are several factors that will divide products in winner and loser groups:

  • How effective the heuristics are (depends on researchers and data scientists there)
  • How well the security vendor knows banks around the world
  • How effective and resistant to “fooling” the automated analysis is
  • How many users the product has — the more users, the more websites will be submitted for analysis
  • How big is the “honeynet” that captures phishing and SPAM
  • Other proprietary technologies such as page fingerprinting, etc.
Symantec/Norton use page fingeprinting, IPS (Deep Packet Inspection), reputation, heuristics, denylist and others.
I would assume Kaspersky uses all that too (excluding IPS). Eset boosts the phishing detection by adding heuristics to the antivirus engine.

Yes, it is not possible to identify 100% of all Phishing pages, just like it’s not possible to identify 100% of all malware or SPAM due to the lack of predictability.

Users should be looking at the URL carefully and should ensure that they enter their information on the correct page. A bank or an institution will never send them an email asking for personal information — any bank knows more about its clients than they know about themselves.
It’s always better to contact an institution directly over the phone or through their mobile app.

Solutions like F-Secure with its banking protection that adds a green border are useful as well - users can make sure they use genuine website by looking for the green border.
100% pishing training is the best defense as there is no way to block all pishing sites
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
fwiw I've cut back some: ublock orgin default easy, privacy badger, DDG, (haven't decided between adding Trafficlight or Emsisoft currently neither) & usually in firejailed firefox in linux. I do have Malwarebytes installed in a few places.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Why all three of these? Pick one of them.
really only one? DDG for search engine, although I guess you don't need DDG extension for that, & I thought the focus of privacy badger & ublock origin (default easy) were somewhat different, but did not research it that much. So are you saying run ublock orgin default that's all you need?
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
DDG for search engine, although I guess you don't need DDG extension for that
Correct.
I thought the focus of privacy badger & ublock origin (default easy) were somewhat different,
Privacy Badger blocks trackers, but also some ads that include trackers. µBO blocks tracking, ads and more.
So are you saying run ublock orgin default that's all you need?
Yes. You may use it at default with the already enabled filter lists, or you may add more, included filter lists, and you may add custom filter lists. Your choice.
 
  • Like
Reactions: Marko :)

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Correct.

Privacy Badger blocks trackers, but also some ads that include trackers. µBO blocks tracking, ads and more.

Yes. You may use it at default with the already enabled filter lists, or you may add more, included filter lists, and you may add custom filter lists. Your choice.
Eg on this page, privacy badger is blocking 1 that ublock is not blocking which seems easier than adding more filters & custom lists to ublock... :sleep:
 

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
Eg on this page, privacy badger is blocking 1 that ublock is not blocking which seems easier than adding more filters & custom lists to ublock... :sleep:
Quote from Privacy Badger:
"Privacy Badger is an algorithmic tracker blocker – we define what “tracking” looks like, and then Privacy Badger blocks or restricts domains that it observes tracking in the wild. What is and isn’t considered a tracker is entirely based on how a specific domain acts, not on human judgment."
So PB can identify trackers that don't occur on filterlists.
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
uBO is really good and I love adding filters and tweaking it but with Manifest V3 coming very soon and Chrome in particular now starting to remove addons that aren't MV3 compliant, it'll be uBO Lite which is pretty good just the filters are update with the addon update so I get some ads in Complete Mode, particularly with video streaming but it's the same with Ghostery so I stream with Firefox and then do my day to day stuff in Edge :)

I saw that Stacksocial has some great deals on Adgaurd Lifetime subscriptions today so really been considering it since it's desktop and works on all browsers but I need to research it more and do a Trial to see how well it works and they're now MV3 compliant. :) EDIT: WIll have to trial it because my ISP router doesn't allow DNS changes.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top