Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Edge with Nano Adblocker @ Advanced Medium Mode Block 3rd party scripts & frames - NO adblocker detected @browserleaks.

FF with uBO @ Medium Mode Block 3rd party scripts & frames - YES Adblocker detected @ browserleaks.
Edge wins again! (y)
 
  • Like
Reactions: Moonhorse

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Well first test: javascript turned off = pass, without nope
Second: Comodo dragon does have this as built in feature

Can you advice how to pass first test? Privacy possum, tunnelbear, trace , canvasdefender... noone of them work
Are you using some kind of client?

I don't have java turned off i simple use WebApi manager.
 
  • Like
Reactions: harlan4096

Yellowing

Level 5
Verified
Jun 7, 2018
221
its anti adblock killer for ublock origin, nano adblocker and tunnelbear

Nano Defender
Oh thanks. :D Done that and its gone(y)


First: Nope, and don't know why. My Canvas fingerprint changes every 5min together with my user agent, btw. I guess the site doesn't know that.
Second: Yes, my referrer is always the "same domain". Like here it is
Code:
https://www.whatismyreferer.com/
and not where I actually come from.
I don't have java turned off i simple use WebApi manager.
EDIT: And what setting does that? Canvas Element? If you block canvas totally its like you have just a different fingerprint attached to you. EDIT: That's why I let mine be changed every 5min.
 
Last edited:
  • Like
Reactions: Moonhorse

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Oh thanks. :D Done that and its gone(y)



First: Nope, and don't know why. My Canvas fingerprint changes every 5min together with my user agent, btw. I guess the site doesn't know that.
Second: Yes, my referrer is always the "same domain". Like here it is
Code:
https://www.whatismyreferer.com/
and not where I actually come from.

EDIT: And what setting does that? Canvas Element? If you block canvas totally its like you have just a different fingerprint attached to you.

All i can tell you champ is that i didn't configure my extensions to block 1 item, i look at security holistically not in parts so my success may have came by the way i see things no 1 person alike, I use ublock,TunnelBear Blocker & WebApi Manager,my success with what i use will be different to what any other person use because i configured mine to what I need, your needs & extensions will highly and likely be different.
 
Last edited:

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
All i can tell you champ is that I didn't configure my extensions to block 1 item, I look at security holistically not in parts so my success may have came by the way i see things no 1 person alike, I use ublock,TunnelBear Blocker & WebApi Manager,my success with what i use will be different to what any other person use because i configured mine to what it need, your needs & extensions will highly and likely be different.

Darn i forgot and scriptsafe
 
Last edited:
  • Like
Reactions: harlan4096

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Oh thanks. :D Done that and its gone(y)



First: Nope, and don't know why. My Canvas fingerprint changes every 5min together with my user agent, btw. I guess the site doesn't know that.
Second: Yes, my referrer is always the "same domain". Like here it is
Code:
https://www.whatismyreferer.com/
and not where I actually come from.

EDIT: And what setting does that? Canvas Element? If you block canvas totally its like you have just a different fingerprint attached to you. EDIT: That's why I let mine be changed every 5min.
You test your referer at post #209 above and NOT at whatsmyreferer.com
 
  • Like
Reactions: upnorth

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Sorry, I don't understand what you mean. :unsure:
Did you misunderstood my post? I tested on What is my Referer? and the result is always the same domain. That is deliberate. If I would be on google the referrer would be "google", even if I clicked a link on a different site to get there.
The referer test here at malwaretips.com is to test where you are coming from. If you test it then you should see hxxps://www.malwaretips.com if you did not hide the referer. If you hide/obfuscate/replaced with another referer then it'll show/not show accordingly

Just go to the post #209 above and click on the test my referer link and see the result
 

Yellowing

Level 5
Verified
Jun 7, 2018
221
The referer test here at malwaretips.com is to test where you are coming from. If you test it then you should see hxxps://www.malwaretips.com if you did not hide the referer. If you hide/obfuscate/replaced with another referer then it'll show/not show accordingly

Just go to the post #209 above and click on the test my referer link and see the result
Ok now I know. You misunderstood me. :oops: (I'm pretty sure its my bad english)
The referrer is ALWAYS the page that is currently open or asking for it. This is a feature of ScriptSafe.
 
  • Like
Reactions: oldschool

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
hello thank you for comment. I really appreciate that
for these extensions, I probably won't include them in the future because they have been proven to be ineffective against malwares. In the past, I didn't test them simultaneously, I tested each link 1 by 1, so no need for more recovery time
some of them are not designed to block malwares: avast, WOT
some of them only block a link when the link is fully loaded -> too late to intercept download malwares: avast, bitdefender
Panda maliciously changes your search engine to mystart -> no one wants to use it
DrWeb: only works when you right-click on the link-> scan with drweb => so it doesn't block links when you browse
mcafee: only warns but doesn't block


I don't think they would, they don't want to give their products for free
BD has an extension but it is crap
avast released their extension to block phishings because avast antivirus has a weak phishing filter
norton has close to useless web filter so they have to use extension for that purpose and to supplement download insight

Hello Evjl's Rain,

You are welcome.

Thank you for answering that and for sharing those extra details because I did not know some of that information, I think that Avast Online Security was updated recently but I doubt that they changed much if anything, and I am surprised and disappointed by how some of them have performed in your tests so far because I expect better from Avast and Bitdefender et cetera; and I am somewhat surprised that Panda is allowed to keep their browser extension at the various stores when their extension using that kind of malicious-like behavior (which is unacceptable in my opinion, especially for a security company).

Yeah, but I think that those security companies could use extensions to help them improve their products and possibly win over new customers.

I am surprised by Comodo Online Security's improvement in your latest test, I wonder what happened?

Hopefully Comodo will continue to improve it and add new features instead of abandoning it.

I am also surprised by how bad Norton Safe Web performed in your latest test, that is probably the worst that it has performed so far; I hope that they will update the extension to improve it and add the ability to report websites et cetera from the extension itself and add adblocking and improve the search results rating system because there are too many unrated websites by them.

Avira Browser Safety is good but its memory and CPU usage is out of control, I have seen it go over 600 MB before, they seriously need to fix that; and I hope that they will add the ability to report websites and issues from the extension itself.

The Malwarebytes extension has a lot of potential and I hope that they will add the ability to report websites and other issues from the extension itself, that they will add element hiding et cetera for the adblocking or just incorporate Ublock Origin's code for adblocking, that they will add ratings for search engine / image / video / et cetera results, that they will fix some of the bugs, et cetera.

I hope that Microsoft will update their extension to fix the recovery issue and how sometimes its resource usage is higher than it should be, add the ability to report websites and other issues from the extension itself, maybe add adblocking, add ratings for search results, and improve its detection to equal or surpass Microsoft Edge's detection.

I also hope that Adguard will improve their detection, and the default settings and lists for their extension and the resource usage for it.

I think that Ublock Origin's default lists and default available lists should probably be updated to remove the less effective lists and add more effective lists and enable a better selection of default lists, I wish that there was an option to report missed ads and websites to the creators of whichever lists you are using through the extension itself, and I hope that more developers will join in its development so that it can keep going if something happens to the developer; I also wish that some of the community lists creators would join their lists together and work together when it makes sense to do so.

Anyway, thank you for replying, and keep up the good and valuable work.

-John Jr
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
I thought you asked because you wanted to give advise. :D
Well I'm screwed. But thanks for telling me about WebAPI Manager! That thing is great!(y)I didn't know you could even do that
I aswell wanted detailed guide about how webAPI block that site, since even with agressive mode it wont.

For basic user like me i think tunnelbear + privacy possum adds bit of privacy while doing normal networking, but then theres these sites where you have to tweak to success
 
  • Like
Reactions: oldschool

Yellowing

Level 5
Verified
Jun 7, 2018
221
I aswell wanted detailed guide about how webAPI block that site, since even with agressive mode it wont.

For basic user like me i think tunnelbear + privacy possum adds bit of privacy while doing normal networking, but then theres these sites where you have to tweak to success
It is "HTML: Canvas Element".
But blocking Canvas does not make you pass the test. The site must go green. This is because blocking it give you also some kind of fingerprint. The fingerprint that you are blocking it. This is not something you'd want.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
It is "HTML: Canvas Element".
But blocking Canvas does not make you pass the test. The site must go green. This is because blocking it give you also some kind of fingerprint. The fingerprint that you are blocking it. This is not something you'd want.
but would you say it worth to have canvas element blocked all the time? it might broke some websites, but easier than messing with javascript
 
  • Like
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top