Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
AG for Windows (desktop) has nothing to do with Google's MV3.
Agreed. Was just looking at the option of filtering ads through DNS rather than requiring a browser extension but reading into it and not having a home server, probably not the approach I'd take in the end ;)

EDIT: I actually did a test pointing DNS to Aguard's public DNS servers and it work on a ad testing site :D So looks to be possibe at least in that front to block ads. Just me thinking out loud.
 
Last edited:
  • Like
Reactions: simmerskool

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
Joining with the others, big thanks for this test. I mentioned browser extension "Conceal" the other day (somewhere here) after I saw it on my DeepInstinct reseller website. Reseller said it is not available to individuals. Running the VM with Checkpoint Harmony endpoint security which has its own browser extension. Maybe @Trident has a way to make Harmony extension available for testing as I very vaguely understood it is / can be a stand-alone? :unsure: Or perhaps no need to test niche paid stuff. I'm just curious if Harmony extension is a good as the free ones tested, I assume so.
It's the same as zone alarm but has more options anyway you can't get threat emulation for free but all other features work perfectly and it's the best pishing extension I have tried although I did have fake stores getting through uncategorized and zero pishing but done far better then trafficlight , defender , safe browsing etc

Symantec wasn't far in detecting the fake store sites
( To me fake stores are as important and I consider them phishing too as they pish your credit ,other information) and with the right settings I'm sure it would get better results then any solution especially on actual pishing sites for popular brands (anything that remotely looked like the brands page got blocked only stuff gone through zero pishing the pages looked awful and nothing alike the real page accept having the brands name so the ai probably didn't match enough detectors (designed for low false positives , low false negatives)

 
  • Like
Reactions: simmerskool

Marko :)

Level 24
Verified
Top Poster
Well-known
Aug 12, 2015
1,314
Eg on this page, privacy badger is blocking 1 that ublock is not blocking which seems easier than adding more filters & custom lists to ublock... :sleep:
Maybe uBlock Origin isn't blocking it because Privacy Badger already blocked it first?

It's like having two ad blockers installed and saying the first one blocked 7/10 and the other one blocked 3/10 when in fact all use the same filter lists.
Quote from Privacy Badger:
"Privacy Badger is an algorithmic tracker blocker – we define what “tracking” looks like, and then Privacy Badger blocks or restricts domains that it observes tracking in the wild. What is and isn’t considered a tracker is entirely based on how a specific domain acts, not on human judgment."
So PB can identify trackers that don't occur on filterlists.
& that's why I use privacy badger on every browser :cool:
Okay, but it's not like new tracking domains are created every single day. All tracking companies have the same set of domain they use and they rarely change it (because it would break tracking scripts on websites). I've been looking what other benefits Privacy Badger brings and I don't see anything that your browser doesn't already do. It blocks third party scripts, cookies, enables do-not-track, GPC, and gives you ability to make web widgets click-to-play. Nothing else.

Honestly, I wouldn't use Privacy Badger and would rather use uBlock Origin on better settings with Firefox's Enhanced Tracking Protection and Total Cookie Protection. It only unnecessary uses your browser's resources.
 

Virtuoso

Level 3
Well-known
Feb 21, 2022
109
Agreed. Was just looking at the option of filtering ads through DNS rather than requiring a browser extension but reading into it and not having a home server, probably not the approach I'd take in the end ;)

EDIT: I actually did a test pointing DNS to Aguard's public DNS servers and it work on a ad testing site :D So looks to be possibe at least in that front to block ads. Just me thinking out loud.

You should try Adguard extension for Chrome, it is MV3 compliant:


 
  • Thanks
Reactions: ErzCrz

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
Just did a test with harmony web extension with unclassified set to "block" enabled via json config

250 pishing sites wich almost all were blocked by category (most of them were accurately categorized as pishing) a few left didn't resolve (some of these blocked by the hosting company ,404) and the ones that did were blocked by zero pishing (ai based pishing detector)


So the results are excellent

( openpish free feed used for the test )
 
  • Like
Reactions: simmerskool

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.
Just tested around probably like 20 links (counting the ones that didn't have 404) and since I had other extensions enabled (wasn't ready for a test ) some of them detected the sites as well

Basically
Google safe browsing enhanced blocked 0
Microsoft defender extension blocked 1
Symantec blocked 3
Checkpoint blocked all (two had to be detected with zero pishing wich is the ai based detection)


Taken from submissions both valid and ones that haven't been validated and checked each to make sure they are pishing sites
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.
aa419 - Fake Sites Database
Sites here barley get blocked by any extensions I have tested
So this is a good benchmark
Believe it or not but the best extensions blocking these fake sites is McAfee , checkpoint from what I have tested
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.
If you or anyone planning to do tests please use checkpoint with the json modifications of (unclassified , malicious script set to block ) and try to add Symantec , macafee as they do well in my tests



So far I would say
Checkpoint is the best extension for pishing protection from all kinds of small tests I have done recently
Followed by Symantec , macafee ,safetoopen

Btw you have to type inside the forms in the site when using checkpoint to activate zero pishing
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,783
Checkpoint is the best extension for pishing protection from all kinds of small tests I have done recently
Followed by Symantec , macafee ,safetoopen
maybe this was mentioned above, but using firefox I just searched extensions for Symantec and I'm not finding it. ditto McAfee. I have found & used safetoopen in the past. I do have a VM with checkpoint harmony & its extension, but IIRC you only get its extension if you have Harmony (or perhaps some version of ZoneAlarm).
 
  • Like
Reactions: Gandalf_The_Grey

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
maybe this was mentioned above, but using firefox I just searched extensions for Symantec and I'm not finding it. ditto McAfee. I have found & used safetoopen in the past. I do have a VM with checkpoint harmony & its extension, but IIRC you only get its extension if you have Harmony (or perhaps some version of ZoneAlarm).
Symantec extension isn't available in Firefox but I have talked to a Broadcom employee and it's in the roadmap btw use the link in the thread get the checkpoint extension Serious Discussion - [Extension]Checkpoint harmony web protection
It wouldn't be available by searching the webstore and require a direct link and I have explained there what exactly you need to change in the Json file to unlock extra functionality that isn't available in the extension settings (requires change via json , management server)
Btw add this list to your testing as even checkpoint as hard time blocking these links aa419 - Fake Sites Database
Meanwhile I have not seen a link in openpish it wasn't able to block


Btw the harmony extension is the same as the zonealarm one except it's more updated and has more settings you can modify in the extension itself


Btw the checkpoint, zonealarm extension is pretty light compared to some popular ones using data from debug bear and personal experience (zonealarm injects java script and does zero pishing scanning and is almost the same as checkpoint and should have similar performance impact)
Screenshot_2024-10-29-18-21-13-659_com.kiwibrowser.browser-edit.jpgScreenshot_2024-10-26-19-29-35-816_com.microsoft.emmx-edit.jpgScreenshot_2024-10-26-19-29-05-979_com.microsoft.emmx-edit.jpg
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top