Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Test 2/9/2018
20 links collected from virustotal, nothing is from vxvault list. Higher is better
Browsers/extensions
chrome 16
avira 14
malwarebytes 18
ublock+squidblacklist 10
blocksi (default/children preset) 0
blocksi (block unrated): 20
WDBP 13
)

maybe you addressed this before, if so, sorry... question eg what's the "overlap" eg looking at chrome 16 avira 14 & mb 18, safe to say that avira did not catch as many as chrome or mb, but of the 14 caught by avira were any of those unique to avira that were not caught by either chrome or mb. in your testing / analysis, is that being considered, or does it matter since nothing is ever 100%. Posts here suggest that there are cons to running too many of these extensions. thanks (& this is a great thread (y)
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Really good discussion. Question about FortiGate. I have set "Potentially Liable" to block and "Adult Mature Content" to block or warn for each category...depending on what type of site. Also, I have set "Unrated" to Block. Is this all I should do? The functionality seems fine so far.

Nevermind, I got to the bottom of this. I hadn't configured the "Block malicious websites" filtering settings in "Malware Protection"->settings. If only the Web Filtering module is installed with FortiClient, settings for these types of sites are found in "Web Security".

How often do your web filter update? Installed forticlient web filter only, back last night and i always been 2 days before update, when they start rolling ? On their site they update pretty often but cant see same web filter updates to hit me

@Moonhorse , I can't tell. From reading the FortiClient thread I think the blocks are cloud based, rather than from a local dbatabase. Maybe it doesn't update that module. Everything says up to date but the sandbox, and it's disabled for me since it requires interaction with the Fortinet network apparatus and hardware they sell.
 
Last edited:

Black Wings

Level 3
Verified
Well-known
Aug 20, 2018
126
Guys I am using Comodo Dragon and lately almost every day it seems that it disconnected from the internet for almost an hour or half.Then it's coming back.In the past I had the same problem with Chrome.At the same time Edge is working fine.I checked with Zemana, Adware,Rogue Killer and NPE and nothing.I removed 3 hijacks with Comodo hijack cleaner but still nothing. Anyone?(sorry for the off-topic)
The same thing happened to me some time ago with Opera and Chrome. In the end I took out one by one the extensions and it was still malfunctioning.
I restored Chrome to the default values and my problem was fixed. Maybe Adwcleaner helps you. Good luck
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Posts here suggest that there are cons to running too many of these extensions.
I have never seen any cons against running too many extensions, aside from using some resources, it is not like running multiple AVs.
When some URL is detected by all, it does not hang or anything, I will get an alert from a browser, then from Avira, then from Netcraft, etc.
 

Brie

Level 10
Verified
Well-known
Jan 1, 2018
488
forticlient web filter has slowed down the browser. i use opera. i only have the web filter. it blocked this site when the proxy was on. when i turn the proxy off, it turns off the web filter.

i also have netcraft and bitdefender TS.

does any one else have this problem?

thanks in advance.
 
Last edited:

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
forticlient web filter has slowed down the browser. i use opera. i only have the web filter. it blocked this site when the proxy was on. when i turn the proxy off, it turns off the web filter.

i also have netcraft and bitdefender TS.

does any one else have this problem?

thanks in advance.
I'm using FortiClient Web Filter with Firefox Portable and I haven't noticed any noticeable slowdown
 

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
thank you for replying.
does any one think that it has something to do with the proxy?
Well, for what I understand, FortiClient Web Filter queries FortiNet cloud database to check whether the website you are trying to access is safe or not, so this takes some time, but the impact depends on your connection speed too.
I have a 30/3 VDSL and, as I said, I don't see any noticeable slowdown, even if there actually is
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Test 3/9/2018
With many PUP/adware links
Code:
194.5.99.87:4560/codes/press.exe
200.63.45.105/themes/ert.exe
23421.xc.08an.com/
4.hnwt1.crsky.com/201007/jpqcsk-v2.1.zip
62671d28-a-62cb3a1a-s-sites.googlegroups.com/site/download1111/xprox.exe?attachauth=ANoY7cqaNgaAuNstvGGRraNgTi2UCOwOthfrOHsE8-Y57TO2be_iJaVj-BvA5c7C1GG_81scG2tjsekSZVPDcbW-cOsLeBtul4Ei9VF6_HLQL3vlkoqNHO0pbgOCoBRYBgrtIQKj4BeSMEiLCGwgT8QHTJqWdo6528Ze4CrK6LSCnZE18uQCvTa7toCGNhuP4UgoidZDF7CwUXL6T5YzcIfgccYHpyUyzQ%3D%3D&attredirects=0
8e4edb41-a-62cb3a1a-s-sites.googlegroups.com/site/arifuzy/js/AutoLikeRifuzzy.js?attachauth=ANoY7cpc4ugEXpXWdtuf1SeR5-ok1oYEl1CvfdwSt8-S743FoqhH0vXeb5Wfo0b18l-nFtHgR_E6k_xiBfpx-NCBtP452uRxnOjjXovMHRpvjnzm6CMW_k51imx1VZ7O7MVY5u7Em-vHQyZNsAuJ4N31g0WqMdsG0-UGStTWGaxU4y0DOzY8PPJVVTP4yjAAP53c9aBGWHPSOGNaXY-2xBe6UL8MgcBJhQ==&attredirects=0
ak.imgfarm.com/images/nocache/vicinio/installers/v2/226379054.TTAB02.1/nsis/867306-TTAB02.1/180518120432482/msniMyTransitPlanner/MyTransitPlanner.f95061f52b284f9eb8e378cd4e0bd4e4.exe
beta.adriatictours.com/file.exe
closhlab.com/ds0u
coconutfarmers.com/b7SX3Pjg6R/
dianxin8.52zsoft.com/QQquanneng.exe
down.263209.com/cx/180619/37/cpu12IAE%E6%A5%BCEO6.31UIu0026osla@14_6474.exe
down04969589.xiazaidown.com/cx/160624/15/AdobePhotoshopCS5@19_50184.exe
downinthecountry.com/QH3avym
dtpco.com/vQcOsD
fischbach-miller.sk/nE7
hwy11-17-hwy582tocoughlin.com/wp-includes/images/file/brz.exe
intie.blob.core.windows.net/49555/35efb22da7f3b148a8c6/State-of-Decay-2-keygen.exe
latemia.com.br/4/
raw.githubusercontent.com/guns83293/dadosv9/master/09/fghwqakkwda.jpg.zip?809693108
saop.hbjimin.com/49xz/%E7%8B%AC%E5%AE%A0%E5%A5%B9%E5%85%A5%E9%AA%A8%E5%AE%[EMAIL]81.._153@273102.exe[/EMAIL]
soft.dl.gezila.com/?/6474/gezila/cpu1?2?IAE%C2%A5EO6.31UI\\\\u0026oslash;IAO\\\\u0026Oslash;.exe
softwarelibre.unipamplona.edu.co/limesurvey/upload/vJa/
tach-longusa.com/434.exe
tpop.kpzip.com/n/tui/tpop/tpop4/v3.0.8.10_1/tpop4-2.exe
vii-seas.com/xz33xpp
wdxz.riabest.com/yiwan/%E5%AF%B9%E9%AD%94%E5%BF%8D%E9%98%BF%E8%8E%8E%E5%A7%AC%E5%A4%96%E4%BC%9D[%E6%B1%89%E5%8C%96][EMAIL]_152@214591.exe[/EMAIL]
[URL='http://www.newdata.biz/resources/AssistenzaNewData_v3.5.exe']www.newdata.biz/resources/AssistenzaNewData_v3.5.exe[/URL]
[URL='http://www.ultigamer.com/wp-admin/includes/JD5rDsBy']www.ultigamer.com/wp-admin/includes/JD5rDsBy[/URL]
gfile.ddooo.com:8081/2010/ds3.exe

chrome 26
malwarebytes 23
avira 20
comodo 2
WDBP 10
blocksi block unrated 27
ublock squidblacklist 10
hphosts (full+partial) 14
IE/Edge 22 or 23 (1 warned but didn't block)

ThorRC 16
Forticlient 25
kaspersky 21

a bad show from Kaspersky (as expected, against PUPs)
I won't test Norton Safe web and DNS security.
Neustar DNS always wins

Screenshot comparing Thor RC and hphosts. Thor is left, hphosts is right. Same files are highlighted
Thor actually prevented 1 link from downloading (without any notification) because the link contacted via port 8081. It can only be downloaded with thor disabled
@Nightwalker
 

Attachments

  • Windows 7-2018-09-03-16-21-04.png
    Windows 7-2018-09-03-16-21-04.png
    157 KB · Views: 538
Last edited by a moderator:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Blocksi Block is something I don't I have seen or heard of. Will do some digging. How did you find the testing for that specific product? @Evjl's Rain

~LDogg
because I saw a test of blocksi in the past by MalwareBlockerYT on youtube so now I want to do some tests for it
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top