Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain · Mar 17, 2018

Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings

Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings

Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings

Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings

Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings

Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings

Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings

Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings

Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings

Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings

Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings

Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings

Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings

Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links

Dropbox - link test 17-3-2018.txt

Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

http://hosts-file.net/emd.txt
http://hosts-file.net/exp.txt
http://hosts-file.net/pup.txt
http://hosts-file.net/psh.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:

Winner: Google Safe Browsing

ErzCrz · Oct 27, 2024

Jan Willy said:
AG for Windows (desktop) has nothing to do with Google's MV3.

Agreed. Was just looking at the option of filtering ads through DNS rather than requiring a browser extension but reading into it and not having a home server, probably not the approach I'd take in the end

EDIT: I actually did a test pointing DNS to Aguard's public DNS servers and it work on a ad testing site

So looks to be possibe at least in that front to block ads. Just me thinking out loud.

Vitali Ortzi · Oct 27, 2024

simmerskool said:
Joining with the others, big thanks for this test. I mentioned browser extension "Conceal" the other day (somewhere here) after I saw it on my DeepInstinct reseller website. Reseller said it is not available to individuals. Running the VM with Checkpoint Harmony endpoint security which has its own browser extension. Maybe @Trident has a way to make Harmony extension available for testing as I very vaguely understood it is / can be a stand-alone? Or perhaps no need to test niche paid stuff. I'm just curious if Harmony extension is a good as the free ones tested, I assume so.

It's the same as zone alarm but has more options anyway you can't get threat emulation for free but all other features work perfectly and it's the best pishing extension I have tried although I did have fake stores getting through uncategorized and zero pishing but done far better then trafficlight , defender , safe browsing etc

Symantec wasn't far in detecting the fake store sites
( To me fake stores are as important and I consider them phishing too as they pish your credit ,other information) and with the right settings I'm sure it would get better results then any solution especially on actual pishing sites for popular brands (anything that remotely looked like the brands page got blocked only stuff gone through zero pishing the pages looked awful and nothing alike the real page accept having the brands name so the ai probably didn't match enough detectors (designed for low false positives , low false negatives)

Serious Discussion - [Extension]Checkpoint harmony web protection

Chrome https://chromewebstore.google.com/detail/harmony-web-protection-ad/deakbjemijlmlcehdgejmdpekkceodmk/reviews Firefox (checkpoint domain for xpi file as I can't find the id in the store ) https://sc1.checkpoint.com/sba/ga/check_point_sandblast_agent_for_browsers.xpi Checkpoint harmony...

malwaretips.com

TairikuOkami · Oct 27, 2024

ErzCrz said:
Was just looking at the option of filtering ads through DNS rather than requiring a browser extension

It works pretty well, but it lacks cosmetic filtering, so you would get a lot of empty spaces.

ErzCrz · Oct 27, 2024

TairikuOkami said:
It works pretty well, but it lacks cosmetic filtering, so you would get a lot of empty spaces.

Thanks. The lack of cosmetic filtering is annoying. uBO Lite at Complete level at least offers some of that so I might as well just use the UBOL extension as I'm using it.

simmerskool · Oct 27, 2024

Jan Willy said:
So PB can identify trackers that don't occur on filterlists.

& that's why I use privacy badger on every browser

Marko :) · Oct 27, 2024

simmerskool said:
Eg on this page, privacy badger is blocking 1 that ublock is not blocking which seems easier than adding more filters & custom lists to ublock...

Maybe uBlock Origin isn't blocking it because Privacy Badger already blocked it first?

It's like having two ad blockers installed and saying the first one blocked 7/10 and the other one blocked 3/10 when in fact all use the same filter lists.

Jan Willy said:
Quote from Privacy Badger:
"Privacy Badger is an algorithmic tracker blocker – we define what “tracking” looks like, and then Privacy Badger blocks or restricts domains that it observes tracking in the wild. What is and isn’t considered a tracker is entirely based on how a specific domain acts, not on human judgment."
So PB can identify trackers that don't occur on filterlists.

simmerskool said:
& that's why I use privacy badger on every browser

Okay, but it's not like new tracking domains are created every single day. All tracking companies have the same set of domain they use and they rarely change it (because it would break tracking scripts on websites). I've been looking what other benefits Privacy Badger brings and I don't see anything that your browser doesn't already do. It blocks third party scripts, cookies, enables do-not-track, GPC, and gives you ability to make web widgets click-to-play. Nothing else.

Honestly, I wouldn't use Privacy Badger and would rather use uBlock Origin on better settings with Firefox's Enhanced Tracking Protection and Total Cookie Protection. It only unnecessary uses your browser's resources.

Virtuoso · Oct 27, 2024

ErzCrz said:
Agreed. Was just looking at the option of filtering ads through DNS rather than requiring a browser extension but reading into it and not having a home server, probably not the approach I'd take in the end

EDIT: I actually did a test pointing DNS to Aguard's public DNS servers and it work on a ad testing site So looks to be possibe at least in that front to block ads. Just me thinking out loud.

You should try Adguard extension for Chrome, it is MV3 compliant:

AdGuard AdBlocker - Chrome Web Store

Unmatched adblock extension against advertising and pop-ups. Blocks ads on Facebook, YouTube and all other websites.

chromewebstore.google.com

New Update - AdGuard Browser Extension - Stable Updates Thread

Adguard for Chrome 5.0.128 Oct 3, 2024 where is the source? usually we sharing also the release notes if already published on GitHub. Correct information posting should be required ;)

malwaretips.com

Vitali Ortzi · Oct 28, 2024

Just did a test with harmony web extension with unclassified set to "block" enabled via json config

250 pishing sites wich almost all were blocked by category (most of them were accurately categorized as pishing) a few left didn't resolve (some of these blocked by the hosting company ,404) and the ones that did were blocked by zero pishing (ai based pishing detector)

So the results are excellent

( openpish free feed used for the test )

oldschool · Oct 28, 2024

Vitali Ortzi said:
openpish free feed used for the test )

My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.

Vitali Ortzi · Oct 28, 2024

oldschool said:
My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.

Just tested around probably like 20 links (counting the ones that didn't have 404) and since I had other extensions enabled (wasn't ready for a test ) some of them detected the sites as well

Basically
Google safe browsing enhanced blocked 0
Microsoft defender extension blocked 1
Symantec blocked 3
Checkpoint blocked all (two had to be detected with zero pishing wich is the ai based detection)

Taken from submissions both valid and ones that haven't been validated and checked each to make sure they are pishing sites

Vitali Ortzi · Oct 28, 2024

oldschool said:
My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.

aa419 - Fake Sites Database
Sites here barley get blocked by any extensions I have tested
So this is a good benchmark
Believe it or not but the best extensions blocking these fake sites is McAfee , checkpoint from what I have tested

Vitali Ortzi · Oct 29, 2024

oldschool said:
My tests have always shown the most difficult links are in PhishTank. I say this having always used both sites to test for comparison purposes.

If you or anyone planning to do tests please use checkpoint with the json modifications of (unclassified , malicious script set to block ) and try to add Symantec , macafee as they do well in my tests

So far I would say
Checkpoint is the best extension for pishing protection from all kinds of small tests I have done recently
Followed by Symantec , macafee ,safetoopen

Btw you have to type inside the forms in the site when using checkpoint to activate zero pishing

simmerskool · Oct 29, 2024

Vitali Ortzi said:
Checkpoint is the best extension for pishing protection from all kinds of small tests I have done recently
Followed by Symantec , macafee ,safetoopen

maybe this was mentioned above, but using firefox I just searched extensions for Symantec and I'm not finding it. ditto McAfee. I have found & used safetoopen in the past. I do have a VM with checkpoint harmony & its extension, but IIRC you only get its extension if you have Harmony (or perhaps some version of ZoneAlarm).

Vitali Ortzi · Oct 29, 2024

simmerskool said:
maybe this was mentioned above, but using firefox I just searched extensions for Symantec and I'm not finding it. ditto McAfee. I have found & used safetoopen in the past. I do have a VM with checkpoint harmony & its extension, but IIRC you only get its extension if you have Harmony (or perhaps some version of ZoneAlarm).

Symantec extension isn't available in Firefox but I have talked to a Broadcom employee and it's in the roadmap btw use the link in the thread get the checkpoint extension Serious Discussion - [Extension]Checkpoint harmony web protection
It wouldn't be available by searching the webstore and require a direct link and I have explained there what exactly you need to change in the Json file to unlock extra functionality that isn't available in the extension settings (requires change via json , management server)
Btw add this list to your testing as even checkpoint as hard time blocking these links aa419 - Fake Sites Database
Meanwhile I have not seen a link in openpish it wasn't able to block

Btw the harmony extension is the same as the zonealarm one except it's more updated and has more settings you can modify in the extension itself

Btw the checkpoint, zonealarm extension is pretty light compared to some popular ones using data from debug bear and personal experience (zonealarm injects java script and does zero pishing scanning and is almost the same as checkpoint and should have similar performance impact)

Screenshot_2024-10-29-18-21-13-659_com.kiwibrowser.browser-edit.jpg

Screenshot_2024-10-26-19-29-35-816_com.microsoft.emmx-edit.jpg

Screenshot_2024-10-26-19-29-05-979_com.microsoft.emmx-edit.jpg

Search

Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47

mekelek

ErzCrz

Level 22

Vitali Ortzi

Level 24

Serious Discussion - [Extension]Checkpoint harmony web protection

TairikuOkami

Level 37

Attachments

ErzCrz

Level 22

simmerskool

Level 36

Marko :)

Level 23

Virtuoso

Level 3

AdGuard AdBlocker - Chrome Web Store

New Update - AdGuard Browser Extension - Stable Updates Thread

Vitali Ortzi

Level 24

oldschool

Level 84

Vitali Ortzi

Level 24

Vitali Ortzi

Level 24

Vitali Ortzi

Level 24

simmerskool

Level 36

Vitali Ortzi

Level 24

Similar threads