Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Netcraft does block more phishing links in comparison to Emsisoft, plus Netcraft has the addition feature of blocking XSS Scripting. Emsisoft does a great job at thwarting malware & viruses whilst also be privacy abiding too.


Which one do you recommend for newbies then?
Netcraft and/or Emsisoft alongside an Adblocker and you're good to go.

~LDogg
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
the chance of us getting a phishing is very slim so netcraft is mostly useless but it's can be very useful for our family and friends

emsisoft and WDBP are very light and don't slow down our speed so I use both
considering effectiveness and performance, they are the best

good effectiveness but less performance: BDTL > malwarebytes > avira
best performance but poor effectiveness: norton safe web/safe search

for newbies: 1 AV with webfilter + google chrome's safe browsing + WDBP+emsisoft
WDBP and emsisoft can cover PUP detection effetively
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
On older family members PC's I prefer WDBP for the simple reason that its warning screen looks nearly the same as Google's Safe Browsing (overwhelming red).

@Evjl's Rain How did you measure performance?
I used google chrome's task manager and used the browser normally for extensive amount of time + second test: opened 20 tabs simultaneously
I checked the CPU usage and CPU time

for 2 hours of usage, norton safe web > WDBP > emsisoft used the least CPU time (less than 15 seconds). CPU % was always <5-10% when a website was loaded. They only check a website once when the website is opened and then never touch it again
they allow the website to load without intercepting it. When they have the result form the cloud, they will block the website if it's malicious

malwarebytes and avira used 15-30 minutes of CPU time and also more CPU %, upto 20-25%. They constantly filter every bit of traffic after the website is loaded, like scrolling through facebook feed will cause their CPU usage to increase
they stop the website temporarily and wait for the result from the cloud. Once they have the result, the website will be allowed to load
they will slow down our browsing speed in peak hours or when our network is clogged
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain
Can run phishing tests? Include K9, Malwarebytes, Emsisoft, WD, Netcraft etc.
for phishing, I think netcraft always win. It never misses anything I throw in the tests
but I don't know abut WDBP and emsisoft
malwarebytes is the best against malwares but it's not the best against phishing
I don't like K9 because I need to install it or I have to turn on my virtual machine + most people don't use it although it's one of the best

I will try to test them out

Also, can compile and present the test results for all the tests done so far to see who are the top 3 performers?
the top 3 performers are malwarebytes, emsisoft and google chrome. However, WDBP seems to be better than chrome recently but nobody knows about the future

I don't use malwarebytes due to performance impact
emsisoft and WDBP seem to be super light and effective
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Cloudopt AdBlocker

Anyone wanna test this? Went after extensions to chrome store and just found this, last update yesterday

Protects you from tracing and malicious domain names, filters banner ads, pop-up ads and video ads, all in real-time.
Protect your security in real time, prevent tracing, malicious domain names, filter banner ads, pop-up ads, and video ads.

The most powerful security plugin in the Eastern Hemisphere, Cloudopt can effectively block all types of ads on all pages, phishing sites, phishing sites and phones.

Cloudopt Adblock can do this:

1. Block common ads.
2. Accelerate page loading, save bandwidth, block ads and pop-up windows.
3. Block all spyware, adware, and dial-up installers.
4. Protect your privacy by blocking common third-party tracking systems.
5. Protect your against malicious and phishing attacks.
6. Protect you from harassment and fraud.
7. Block the script from the dangerous website to download something.

Why use Cloudopt?

1. Cloudopt has ultra-small size and high performance. Installation only need to blink, run as long as similar software general memory.
2. Based on the Material Design design style, with Chrome perfect fusion together.
3. Cloudopt is connected to the cloud security center in real time to protect your browsing security and automatically update ad blocking rules.
4. Our gold medal customer service 7x24 hours on standby,


Theyre promising alot, and the website is legit
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Cloudopt AdBlocker

Anyone wanna test this? Went after extensions to chrome store and just found this, last update yesterday

Protects you from tracing and malicious domain names, filters banner ads, pop-up ads and video ads, all in real-time.
Protect your security in real time, prevent tracing, malicious domain names, filter banner ads, pop-up ads, and video ads.


The most powerful security plugin in the Eastern Hemisphere, Cloudopt can effectively block all types of ads on all pages, phishing sites, phishing sites and phones.

Cloudopt Adblock can do this:

1. Block common ads.
2. Accelerate page loading, save bandwidth, block ads and pop-up windows.
3. Block all spyware, adware, and dial-up installers.
4. Protect your privacy by blocking common third-party tracking systems.
5. Protect your against malicious and phishing attacks.
6. Protect you from harassment and fraud.
7. Block the script from the dangerous website to download something.


Why use Cloudopt?

1. Cloudopt has ultra-small size and high performance. Installation only need to blink, run as long as similar software general memory.
2. Based on the Material Design design style, with Chrome perfect fusion together.
3. Cloudopt is connected to the cloud security center in real time to protect your browsing security and automatically update ad blocking rules.
4. Our gold medal customer service 7x24 hours on standby,


Theyre promising alot, and the website is legit

I wouldn't touch it with a ten-foot pole; seems to be a chinese extension made to collect your data.

I particularly try to avoid extensions that promise too much or try to hard to appear "legit" (the fake partners are hilarious).

upload_2017-11-16_17-6-6.png
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I wouldn't touch it with a ten-foot pole; seems to be a chinese extension made to collect your data.

I particularly try to avoid extensions that promise too much or try to hard to appear "legit" (the fake partners are hilarious).

Thank you for saving me the time checking this one out @Nightwalker

:emoji_beer:
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Fake ad blockers (extensions in general) are still a big issue for Chrome ecosystem.

Over 20,000,000 of Chrome Users are Victims of Fake Ad Blockers

While Google has tried to fix it, the problem is far from being solved (I noticed a fake Windscribe extension some days ago), thats why it is important to install only vital extensions.
 

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
With Chrome you can apply the flag "block unsafe downloads over insecure connections" (#disallow-unsafe-http-downloads). This effectively blocks executable downloads from all HTTP connections. You can still browse these websites without any function loss, just without the risk of drive-by infections. :cool:

Additionally you could block the SCRIPT EXECUTION from top 20 shady domains published by Symantec, top 10 spam domains of Spamhaus and Sophos Dirty Dozen Spampionship in Chrome's content setting in the format [*.]TLD (Top Level Domain the bytes behind the dot in a domain name).

I read only Dutch, English and German and blocking scripts in thise TLD's will still allow website with this top level domain extension to load, just with one important attack vector less: no scripts :) I have 33 TLD's blocked and I can not remember when I had ever had to enable scripts while surfing. When you click on the <> you can easily allow a specific website.
1546806974232.png


EDIT
I always enabled the browser's native Safe Browsing feature. As far as I know it takes some time (20 to 30 miutes) for Google to push the latest updates to Chrome's Safe Browsing (QUESTION is this still correct?). I have replaced Google's safe browsing with Emsisoft (based on Evjl's Rain tests and advice in this thread). Because EBS (Emsisoft Browser Security) is cloud, it is always up to date (and it does not make sense on a linux PC to provide Microsoft with all your browsing data, so WDBP is not an option on my Linux Lite laptop from 2010).
 
Last edited:

JiSingh12

Level 3
Verified
Sep 1, 2018
136
for 2 hours of usage, norton safe web > WDBP > emsisoft used the least CPU time

What about BTL? Is the CPU and memory footprint performance good or bad? Emsisoft and WDBP extensions seems to be doing the best overall for PUP and malware tests, and performance at the moment, but i want to hope that BTL is still up there as it was before that PUP test of yours, lol
 
Last edited:
  • Like
Reactions: oldschool

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
What about BTL? Is the CPU and memory footprint performance good or bad? Emsisoft and WDBP extensions seems to be doing the best overall for PUP and malware tests, and performance at the moment, but i want to hope that BTL is still up there as it was before that PUP test of yours, lol
BD consumes more cpu
moreoever, it pauses the website and waits for the result from cloud => can slow down your speed during peak hours
in overall, it's a great extension for malwares and phishing but not good against PUPs
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Evjl's Rain what is your opinion about Dr Web extension?I have seen some recent test which was very good.Have you ever tested it?
my recommendation is stay away from it. It's useless
it doesn't have any block function
you must right-click and scan the link with dr.web
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top