Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:
5

509322

Most average PC users don't install software, but simply use software.

I beg to differ.

A computer illiterate person doesn't have an adblocker or decent security installed, does lots of web searching, looking for something online, ends up on a site like CNET for example, ends up clicking on "Download here" - thinking they are downloading what they were searching for - and ends up with "stuff" installed.

Social engineering and happy clickings gets the computer illiterate to do a whole bunch of stuff that they just shouldn't do. Half the time all they can say is "I remember clicking a lot. There were windows I didn't understand."

I've seen this literally hundreds, if not thousands, of times. The number of home user systems I've disinfected numbers at least in the many hundreds.

The worst are families with children where the parents know basically zero about computers and just let the children run riot. Then the parent asks "Where'd they learn that ?" and "How'd this happen ?"

Anyhow... the security you describe, a computer illiterate person can never handle it. Many of the people I see on the home user front can barely use Windows. Only security soft geeks here can grasp any security that requires tweaking, and even then most don't want any parts of it because they want default allow to tell them what to do. Unfortunately for them, it just don't work that way.
 
Last edited by a moderator:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@Lockdown,

So according to you definition the computer newby's in my family seem to be of a different breed. I have educated them to the level that they understand the concept of run as admin when they want to install stuff. They don't install software themselves and all updates run elevated so in practice they never use Run As Admin (I know because they only call me when they have bought a new printer/copier and in therare occasion Windows does not install the driver automotically).

So I repeat they just use software, they don't know what CNET is, because they don't install stuff. Social engineering does not work when Running as basic user SRP blocks normal executions. Circumventing SRP with scripts does not work thanks to WD exploit protection and SysHardener.

Happy days with SRP basic user and MBAM chrome extension (I don't mind MBAM heuristics is a bit to trigger happy)

P.S.
The concept is simple: when a family member wants something installed, which does not work with above setup. no problem, I remove the SRP and tweaks, but from that moment they are on their own. When something bad happens, I give them the phone number of good PC support shop and wish them luck.
 
Last edited:
5

509322

@Lockdown,

So according to you definition the computer newby's in my family seem to be of a different breed. I have educated them to the level that they understand the concept of run as admin when they want to install stuff. They don't install software themselves and all updates run elevated so in practice they never use Run As Admin (I know because they only call me when they have bought a new printer/copier and in therare occasion Windows does not install the driver automotically).

So I repeat they just use software, they don't know what CNET is, because they don't install stuff. Social engineering does not work when Running as basic user SRP blocks normal executions. Circumventing SRP with scripts does not work thanks to WD exploit protection and SysHardener.

Happy days with SRP basic user and MBAM chrome extension (I don't mind MBAM heuristics is a bit to trigger happy)

P.S.
The concept is simple: when a family member wants something installed, which does not work with above setup. no problem, I remove the SRP and tweaks, but from that moment they are on their own. When something bad happens, I give them the phone number of good PC support shop and wish them luck.

My statements are based upon hundreds of typical users. No one is educating them. They buy a PC and use it without direction. That is a typical user. And they absolutely cannot handle Windows security on their own.

You educated the people you are talking about on IT security. That in itself makes them not typical users. By my definition they are computer literate because they have 1) had instruction and 2) adhere to it.

I can guarantee you that the typical users that I observe, except for a few cases, would not be able to handle your guides. Typical users generally don't want to be bothered with security geek stuff. And that is disappointing as they aren't stupid. They can learn. They just don't want to. Their priorities are on other things - like downloading and installing stuff willy-nilly.

Where do you think most of the people who end up in the malware removal assistance thread come from ? They're typical users that want to use stuff = happy clickings + downloading and installing stuff.

I thought everyone here knows that typical users are generally a menace. How do their systems get infected ? Because they don't have nor practice security. And Microsoft negligently ships Windows in a security configuration that is really only suitable for IT Pros - a system that very few computer illiterate people can handle.

Novices don't come to security forums like MT en masse. It is only the odd one that straggles in.
 
Last edited by a moderator:
  • Like
Reactions: 1 person

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
1hosts has moved to another domain as the original wasn't updated and someone else controls the domain now.
Actually posted this here some time ago


Anyone wondering why their 1hosts filter list isnt updating on ublock the reason is owner has changed

https://1hos.cf/
https://1hos.cf/mini/

To add updated lists on your ublock.
Source: One 'hosts file' to Block them All: 1Hosts | 1Hos.cf

So you might want to add:

https://1hos.cf/
https://1hos.cf/mini/

and squid as @oldschool mentioned

https://www.squidblacklist.org/downloads/dg-malicious.acl
https://www.squidblacklist.org/downloads/dg-ads.acl <------- trackers (optional)
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
new test 12/11/2018
links, 1 duplicated link
Code:
https://pastebin.com/jmeUTSym

ublock origin custom/requested filters
Capture.PNG

chrome 9/30
avira 15/30
Malwarebytes 24/30
WDBP 7/30
ublock 7/30 (energized 6, phishtank 1)
BDTL 22/30
Norton 7/30
comodo 1/30
McAfee WebAdvisor 0/30 => expected
Edge/IE 16/30

Kaspersky 25/30 => webfilter only, disabled realtime protection
Forticlient 24/30 => webfilter only, no AV module
 
Last edited by a moderator:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
new test 12/11/2018
links, 1 duplicated link
Code:
104.168.7.43/childs.exe 
104.168.7.43/power.exe 
128.199.223.4/51MG/oamo/Smallbusiness 
159.65.172.17/1956MYCLGUS/PAYMENT/Personal 
1stniag.com/i8IGzz/SWIFT/PrivateBanking 
23.249.161.100/tonychunks/PO.exe 
altaredlife.com/954675G/com/US 
bahiacreativa.com/Oe03Kk 
c2.howielab.com/Home/Download/20181109040734/word_sample_20181109040734.doc/
canetafixa.com.br/3uo7M 
chang.be/sTb96Tu 
cine80.co.kr/wvw/8132AHNYO/SWIFT/Smallbusiness 
clubcoras.com/649BRQJNXK/SEP/Smallbusiness 
craniofacialhealth.com/fkwoBvLXu9/ 
custommedia-wp.nl/76EWKFESY/PAY/Personal 
duwon.net/wpp-app/zZIi80jKEg
hivicze.uk/Remittance_121118FI06_PDF.jar 
mirakgroup.co.uk/Remittance_Advice_121118_pdf.jar 
mwhite.ru/gMIk68B
nutrilatina.com.br/349A/biz/Business
oceanicproducts.eu/ndu/ndu.exe 
sfdgvr65.ga/hot-auto.zip 
sociallysavvyseo.com/PGEjLjV 
sustainablealliance.co.uk/wp-content/plugins/css-ready-selectors/build.exe
tangfuzi.com/En_us/Transactions-details/2018-11
www.davidjuliet.com/Past-Due-Invoices 
www.dropbox.com/s/tf3by8kzv3kb928/ScanDoc_0915_20181211TRKL.pdf.z?dl=1
www.mandala.mn/update/cab.exe 
www.xianjiaopi.com/41964H/PAY/US 
www.xianjiaopi.com/41964H/PAY/US/

ublock origin custom/requested filters
View attachment 201433

chrome 9/30
avira 15/30
Malwarebytes 24/30
WDBP 7/30
ublock 7/30 (energized 6, phishtank 1)
BDTL 22/30
Norton 7/30
comodo 1/30
McAfee WebAdvisor 0/30 => expected
Edge/IE 16/30

Kaspersky 25/30 => webfilter only, disabled realtime protection
Forticlient 24/30 => webfilter only, no AV module
K9?
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Good test ty.
There is a bug in McAfee extension!it does work at all but McAfee site advisor works like charm.
Download McAfee WebAdvisor 4.0.7.213
But this one is also buggy and Cant block Exe malware(although the McAfee Trustedsource show the link/exe is malicious but App cant block the download)
I think its a bug and we can report it to them.
Test all links here(choose McAfee site advisor)
Check Single URL
 
Last edited:

Brie

Level 10
Verified
Well-known
Jan 1, 2018
488
new test 12/11/2018
links, 1 duplicated link
Code:
104.168.7.43/childs.exe 
104.168.7.43/power.exe 
128.199.223.4/51MG/oamo/Smallbusiness 
159.65.172.17/1956MYCLGUS/PAYMENT/Personal 
1stniag.com/i8IGzz/SWIFT/PrivateBanking 
23.249.161.100/tonychunks/PO.exe 
altaredlife.com/954675G/com/US 
bahiacreativa.com/Oe03Kk 
c2.howielab.com/Home/Download/20181109040734/word_sample_20181109040734.doc/
canetafixa.com.br/3uo7M 
chang.be/sTb96Tu 
cine80.co.kr/wvw/8132AHNYO/SWIFT/Smallbusiness 
clubcoras.com/649BRQJNXK/SEP/Smallbusiness 
craniofacialhealth.com/fkwoBvLXu9/ 
custommedia-wp.nl/76EWKFESY/PAY/Personal 
duwon.net/wpp-app/zZIi80jKEg
hivicze.uk/Remittance_121118FI06_PDF.jar 
mirakgroup.co.uk/Remittance_Advice_121118_pdf.jar 
mwhite.ru/gMIk68B
nutrilatina.com.br/349A/biz/Business
oceanicproducts.eu/ndu/ndu.exe 
sfdgvr65.ga/hot-auto.zip 
sociallysavvyseo.com/PGEjLjV 
sustainablealliance.co.uk/wp-content/plugins/css-ready-selectors/build.exe
tangfuzi.com/En_us/Transactions-details/2018-11
www.davidjuliet.com/Past-Due-Invoices 
www.dropbox.com/s/tf3by8kzv3kb928/ScanDoc_0915_20181211TRKL.pdf.z?dl=1
www.mandala.mn/update/cab.exe 
www.xianjiaopi.com/41964H/PAY/US 
www.xianjiaopi.com/41964H/PAY/US/

ublock origin custom/requested filters
View attachment 201433

chrome 9/30
avira 15/30
Malwarebytes 24/30
WDBP 7/30
ublock 7/30 (energized 6, phishtank 1)
BDTL 22/30
Norton 7/30
comodo 1/30
McAfee WebAdvisor 0/30 => expected
Edge/IE 16/30

Kaspersky 25/30 => webfilter only, disabled realtime protection
Forticlient 24/30 => webfilter only, no AV module
thank you very much for this. :giggle:
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Edge+ kaspersky = win combo it seems

Good Test. Thank you @Evjl's Rain

I tend to think Norton Safe Web (NSW) will come back and be good again one day. Maybe..

But for now, I'm abandoning it and going with Bitdefender TrafficLight (BTL).
But isnt norton av web filter better than the extension :unsure:
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
But isnt norton av web filter better than the extension :unsure:

That's the belief.... and what was stated in the Norton forums.

It's just strange... go to the earlier Evjls Rain tests... and you'll see that NSW is one of the top capabilities. K9 web filter which is owned by Norton is one of the best web filters. When Norton more actively supported it... Norton DNS was one of the best DNS filters.

So what happened to NSW? Who knows.

The question was asked at the Norton forums and received no substantive answer.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
That's the belief.... and what was stated in the Norton forums.

It's just strange... go to the earlier Evjls Rain tests... and you'll see that NSW is one of the top capabilities. K9 web filter which is owned by Norton is one of the best web filters. When Norton more actively supported it... Norton DNS was one of the best DNS filters.

So what happened to NSW? Who knows.

The question was asked at the Norton forums and received no substantive answer.
Same with the comodo, except comodo always been so weak on that side, anyways it doesnt really hurt to have trafficlight running, and malwarebytes extension is pretty decent on own pc...but i wouldnt install it on family members Computer since false positives exist so much. So probably trafficlight > malwarebytes on that case


Edge seems to be performing much better than chrome, they were even some months ago
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Same with the comodo, except comodo always been so weak on that side, anyways it doesnt really hurt to have trafficlight running, and malwarebytes extension is pretty decent on own pc...but i wouldnt install it on family members Computer since false positives exist so much. So probably trafficlight > malwarebytes on that case


Edge seems to be performing much better than chrome, they were even some months ago
edge does have decent webfilter but there are many reasons I won't use it
- usability is zero for me. It lacks some extensions I need
- it lags regardless of what I tweak or put its caches in RAMdrive
- I don't update windows frequently so no update for edge + I permanently use windows 8.1
- since edge use smartscreen webfilter, when I use google chrome to download a file, it will be checked by google safe browsing, if GSB is bypassed, windows smartscreen will block that file (rarely bypassed by normal threats). Windows smartscreen > Edge smartscreen > WDBP (~30-60% strength of edge smartscreen)
so when I use chrome, I have both GSB and smartscreen fully while with edge, it will be scanned by weaker smartscreen and then scanned with stronger SS => same

by the way, it's my mistake to overly promoted comodo because it's crap. It's like a vxvault fillter with 1-2-day delay. I notice comodo tends to block a lot vxvault links more than other extensions, but vxvault doesn't have real fresh links

when I switch to new sources, comodo always performs extremely poorly
I would say adding vxvault list to ublock is similar to adding comodo
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Edge+ kaspersky = win combo it seems


But isnt norton av web filter better than the extension :unsure:
according to my experience with norton AV, it has webfilter but never works :D
when install norton, they recommend to install norton safe web for web filter => the only thing works besides download insight, which works like windows smartscreen
 

JiSingh12

Level 3
Verified
Sep 1, 2018
136
What filters would people recommend for overall protection in security + privacy?

My chrome set up will be Nano & BTL, with Safe Browsing, & my Avast AV web filter, so multiple barriers for a potential attack to beat, happily. Clearly BTL has had an overhaul compared to before, so will happily use it, especially over the very powerful and false positive loving beta program that is MBAM, for nowww.

I am currently using all included Nano filters, & squidblacklist.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
What filters would people recommend for overall protection in security + privacy?

My chrome set up will be Nano & BTL, with Safe Browsing, & my Avast AV web filter, so multiple barriers for a potential attack to beat, happily. Clearly BTL has had an overhaul compared to before, so will happily use it, especially over the very powerful and false positive loving beta program that is MBAM, for nowww.

I am currently using all included Nano filters, & squidblacklist.

With all those extensions you don't need additional filters. Your browser appears to be set up in "Paranoid" mode. :LOL:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top