Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
I had been running emsisoft extension for several months and it hadn't blocked anything, not a single link
I just switched to BDTL for 2 weeks, it has been blocking a few links => goodbye emsisoft
WDBP has been working great

something can be good in theory but in reality and in some specific countries, others are better. BD has much larger user database than emsisoft in my country which can explain why it's better
just did a new test to see how the extensions are developing, 20 links from urlhaus

chrome 16/20
Avira 10/20
emsisoft 9/20 but 1 downloaded
malwarebytes 13/20
norton 6/20
BD trafficlight (BDTL) 12/20
WDBP 16/20 but some downloaded

late test:
adguard chrome extension (malware protection: on, default settings): 1/20

Chrome+WDBP 18/20
chrome+WDBP+BDTL 20/20 => my recommended combo worked perfectly


Thanks for testing out, that's awesome man what about Firefox? should i uninstall EBS and install WDBP+BDTL on FF ? :unsure:


Edit: never mind there is no WDBP addons for FF :(
 
Last edited:

conceptualclarity

Level 21
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 23, 2013
1,072

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Can you also try testing KeweonDNS and nextDNS?

Thanks
keweon is weak
I don't know about nextDNS. I will check it out later

Thanks for testing out, that's awesome man what about Firefox? should i uninstall EBS and install WDBP+BDTL on FF ? :unsure:


Edit: never mind there is no WDBP addons for FF :(
if WDBP is not available, I suggest keeping emsisoft
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Now I test phishing blocking ability (not my priority)
phishtank: 10 verified, 11 unverified
openphish 11
chrome 29/32
avira 22/32
emsisoft 23/32
malwarebytes 13/32
Netcraft 27/32
Norton 24/32
BDTL 6/32 (tested several times)
WDBP 17/32 (tested twice)

Chrome+WDBP+BDTL 29/32

conclusion: BD is going downwards against phishing
norton shows some light, still useless against malwares
malwarebytes is weak against phishing
WDBP is not great against phishing but great against other threats
google safe browsing is consistent
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,471
just did a new test to see how the extensions are developing, 20 links from urlhaus

chrome 16/20
Avira 10/20
emsisoft 9/20 but 1 downloaded
malwarebytes 13/20
norton 6/20
BD trafficlight (BDTL) 12/20
WDBP 16/20 but some downloaded

late test:
adguard chrome extension (malware protection: on, default settings): 1/20

Chrome+WDBP 18/20
chrome+WDBP+BDTL 20/20 => my recommended combo worked perfectly
Thanks again for your testing, much appreciated!
Tested the same links on my system with MS Edge Dev 76.0.182.6 as browser and Kaspersky Security Cloud Free 20.0.14.1085(b) as AV:
The results are not scientific because both act on the links:
Edge SmartScreen : 15/20
Downloads blocked by Edge 5/20
KSCF: 13/20
Downloads blocked by Kaspersky 2/20
Together everything was blocked by my config.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,471
Now I test phishing blocking ability (not my priority)
phishtank: 10 verified, 11 unverified
openphish 11
chrome 29/32
avira 22/32
emsisoft 23/32
malwarebytes 13/32
Netcraft 27/32
Norton 24/32
BDTL 6/32 (tested several times)
WDBP 17/32 (tested twice)

Chrome+WDBP+BDTL 29/32

conclusion: BD is going downwards against phishing
norton shows some light, still useless against malwares
malwarebytes is weak against phishing
WDBP is not great against phishing but great against other threats
google safe browsing is consistent
Tested the same links on my system with MS Edge Dev 76.0.182.6 as browser and Kaspersky Security Cloud Free 20.0.14.1085(b) as AV:
The results are not scientific because both act on the links:
Edge: 25/32
KSCF: 27/32
Together they blocked everything.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Tested the same links on my system with MS Edge Dev 76.0.182.6 as browser and Kaspersky Security Cloud Free 20.0.14.1085(b) as AV:
The results are not scientific because both act on the links:
Edge: 25/32
KSCF: 27/32
Together they blocked everything.
the reason why I still use chromium-based browsers which have google safe browsing is that I can install WDBP so I have double protection (officially)
while with edge, there is no official extension from google to add the GBS support so I lose 1 layer
after an exe is downloaded from chrome, bypassing both GBS and WDBP, windows smartscreen will be triggered. So many layers for me to ensure the system is protected
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,471
the reason why I still use chromium-based browsers which have google safe browsing is that I can install WDBP so I have double protection (officially)
while with edge, there is no official extension from google to add the GBS support so I lose 1 layer
after an exe is downloaded from chrome, bypassing both GBS and WDBP, windows smartscreen will be triggered. So many layers for me to ensure the system is protected
Yes that would be the primary reason to keep using Google Chrome (y)
But I'm trying the new Chromium based Edge Dev now.
Together Kaspersky Security Cloud Free it's a great combo.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Yes that would be the primary reason to keep using Google Chrome (y)
But I'm trying the new Chromium based Edge Dev now.
Together Kaspersky Security Cloud Free it's a great combo.
for me, google chrome is so bloated with useless tools which regularly consume resources in the background
I opted in chromium browser by woolyss, a clean version of chrome like AOSP vs. android from OEMs
I never look back. Perhaps, it's better edge? I don't know
I think they can cope with manifest v3 in the future by releasing adblocker-friendly versions
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,447
Now I test phishing blocking ability (not my priority)
phishtank: 10 verified, 11 unverified
openphish 11
Cleanbrowsing - 9/32
Neustar Threat - 6/32

2 hours later

Cleanbrowsing - 21/32
Neustar Threat - 19/32

This shows the advantage of extensions over DNS. It takes some time to update DNS and DNS can not block legit webpages hosting bad links.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,471
Tested the 20 malware links from @Evjl's Rain with Windows Defender and MS Edge Dev:
SmartScreen on Edge blocked 3/20
Downloads were blocked by Edge 16/20
Only the zip file went through.
Tested the 32 phishing links from @Evjl's Rain with Windows Defender and MS Edge Dev:
SmartScreen on Edge blocked 26/32
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Actually, Firefox uses Google safe browsing too but sadly Microsoft haven't released WBP for Firefox yet.
firefox uses GSB but with delayed database update
I have tested both of them. Firefox's GSB was always inferior to chrome. Sometimes, much worse
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
firefox uses GSB but with delayed database update
I have tested both of them. Firefox's GSB was always inferior to chrome. Sometimes, much worse
Yes, that's true. Chrome loads the database directly from their server but Firefox doesn't do that due to privacy issue. It downloads the list every 30 minutes and uses hashes instead of URLs to detect bad sites.
Full details here
 
Last edited:

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,447
Firefox's GSB was always inferior to chrome. Sometimes, much worse
Yandex is way worse, even useless, in one test it was 1/20 and the second one 0/32, after 2 days, it is still the same. Sophos file scanning is the same, just 1 detection. I wanted to disable it, but it keeps bugging me to enable it, so I just keep it on, but it is like there is nothing there. :emoji_expressionless:
 

Attachments

  • capture_06172019_161341.jpg
    capture_06172019_161341.jpg
    159.4 KB · Views: 411

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Yandex is way worse, even useless, in one test it was 1/20 and the second one 0/32, after 2 days, it is still the same. Sophos file scanning is the same, just 1 detection. I wanted to disable it, but it keeps bugging me to enable it, so I just keep it on, but it is like there is nothing there. :emoji_expressionless:
wow, the last time I tested, it was quite close to GSB but it's surprising how bad it is today
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top