Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
here you are

I started testing these on my machine (no VM) and realized that some were malware, not phishing. AVG blocked several and quarantined one. I tried and my edge://flags stopped a few or they were dead links. Oopps! :emoji_cold_sweat::LOL: Thanks a lot @Evjl's Rain. :D
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I'm wondering if some the links that I thought were dead or blocked by edge://flags may have never completed connection because of µBO in medium mode? :unsure: Any thoughts?
I think so, because in my testing there were no dead links.

Still thinking about the 8 downloads Edge Dev warned about.
A partially fail or blocked enough, because I could ignore that warning and continue that download.
When there were blocks by TrafficLight or SmartScreen there was no file to download, so a full block.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044

permar4

Level 1
Verified
Jul 23, 2017
46
in my case with those links

Bitdefender 17 chrome 3

Malwarebyte 20

Emsisoft 8 chrome 4 the rest the VPN *

*
a particular file was downloaded, blocked by chrome and then blocked by emsisoft late, the rest emsisoft blocked before downloading

I also do not know if by a conflict with my AV, when I download a particular file my browser crash.

Really surprised with malwarebytes, I do not like it because it is something heavier than the rest... but in these links (which with a larger batch can be totally different) malwarebytes not only block always first that the VPN (this has an anti-malware filter) but also that did not cause any crashing and gave perfect punctuation.

the tests were with windscribe vpn and using only one extension at a time and turning off the rest.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
What EdgeDev warning? I thought you were talking about SS in original post. What is this? Google safe browsing?



I just got the blank page with no connection (error) info.
There were 3 kind of blocks.
TrafficLight block page
SmartScreen block page
Edge warning about that the downloaded file is not safe, with standard option to delete.

Some links were blank pages and after that the file was downloaded.
So for you those downloads were blocked.
EDIT: most links were http and probably blocked by not allowing non https downloads.
 
Last edited:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
I'm wondering if some the links that I thought were dead or blocked by edge://flags may have never completed connection because of µBO in medium mode? :unsure: Any thoughts?
Suspicious EXE from http seems to be unavailable to download, in case you have enabled the flag:
Block unsafe downloads over insecure connections
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
I didn't specify in above post but yes, this is the enabled flag I was referring to. (y)
Block unsafe downloads over insecure connection = download should not even start

Only time it has blocked exe. for me is case where file werent signed at all

Google chrome also had the ;//flag to request advanced scan from safe browsing, wich i dont know if improves the security at all
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
here you are

I know these links are a couple days old but I tested with Windows Defender active in both ChromEdge and Brave, both browsers with BD Trafficlight. This was not a precise test but I got a fair impression of overall performance.

Edge:

17/20 blocked by both BD and/or Smartscreen
3 dead links?edge://flag "Block unsafe downloads over insecure ... " with blank pages

Brave:

16/20

13 - BD
3 - Smartscreen
2 - Windows Defender
1 - Error page
1 - dead/missed?

My average user impression is that Windows Defender Network Security is not reliable in Brave, and probably other Chromium browsers.. My advice is to use a browser extension(s) of your choice in Brave if you use Windows Defender. Probably a good idea to use one in Edge as well.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
My average user impression is that Windows Defender Network Security is not reliable in Brave, and probably other Chromium browsers.. My advice is to use a browser extension(s) of your choice in Brave if you use Windows Defender. Probably a good idea to use one in Edge as well.

Ah.... good test, good recommendations.

Just another element of good information to assist us all in making decisions.

Thanks oldschool.


216775
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
I know these links are a couple days old but I tested with Windows Defender active in both ChromEdge and Brave, both browsers with BD Trafficlight. This was not a precise test but I got a fair impression of overall performance.

Edge:

17/20 blocked by both BD and/or Smartscreen
3 dead links?edge://flag "Block unsafe downloads over insecure ... " with blank pages

Brave:

16/20

13 - BD
3 - Smartscreen
2 - Windows Defender
1 - Error page
1 - dead/missed?

My average user impression is that Windows Defender Network Security is not reliable in Brave, and probably other Chromium browsers.. My advice is to use a browser extension(s) of your choice in Brave if you use Windows Defender. Probably a good idea to use one in Edge as well.
By the way urlhaus has the online malware site block lists, wich is easy to pick urls for testing from
 

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,574
bitdefender traffic light is very good highly recommended :p
just did a new test to see how the extensions are developing, 20 links from urlhaus

chrome 16/20
Avira 10/20
emsisoft 9/20 but 1 downloaded
malwarebytes 13/20
norton 6/20
BD trafficlight (BDTL) 12/20
WDBP 16/20 but some downloaded

late test:
adguard chrome extension (malware protection: on, default settings): 1/20

Chrome+WDBP 18/20
chrome+WDBP+BDTL 20/20 => my recommended combo worked perfectly
I had been running emsisoft extension for several months and it hadn't blocked anything, not a single link
I just switched to BDTL for 2 weeks, it has been blocking a few links => goodbye emsisoft
WDBP has been working great

something can be good in theory but in reality and in some specific countries, others are better. BD has much larger user database than emsisoft in my country which can explain why it's better

Hello @songoku316 and @Evjl's Rain
It seems that Traffic Light works great but is it as good as Bitdefender Search Advisor which is integrated with Bitdefender Total Security ?
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Hello @songoku316 and @Evjl's Rain
It seems that Traffic Light works great but is it as good as Bitdefender Search Advisor which is integrated with Bitdefender Total Security ?
trafficlight has search advisor
I think it's as good as BD total security
however, trafficlight may not have advanced web heuristic engine as BDTS so the blocking is less effective
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top