Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.

That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!

Yeah, good points ebocious.

I don't rely too heavily on DNS, most of the time I forget about it actually.

I'm periodically surprised when it does block something.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Yeah, good points ebocious.

I don't rely too heavily on DNS, most of the time I forget about it actually.

I'm periodically surprised when it does block something.
I’ve never had anything block a site except my router blocking the WiseCleaner site once. Apparently I am so vanilla all I need is an ad blocker.
 
Last edited:

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
There is not even a . 5% probability for a normal user to get into phishing link real time. I say simply it's impossible.
However do agree that malicious re directions cannot be avoided completely.. Like through a Porn website, 3 rd party hosted movie sites, Torrents many more...
A good security suite is ample enough for a normal user
DNS filters, hm yeah I too never use them!.. Just a well reputed Security suite + C'Sense
 

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
I wouldn't rely too heavily on DNS to protect my machines from malware. Most malware infections come from legitimate sites anyway, and DNS will not block them just because they've been compromised. If you whitelist NYT and it gets hacked again, it can infect you all day and night, and your DNS won't stop you from visiting because it's whitelisted. Anti-malware browser extensions, however, are designed to catch malware no matter where it comes from.

That said, your DNS service doesn't have to be your only defense against malicious sites. Anti-malware extensions and site-rating tools can help complement your DNS server's blacklist, and then the detection capabilities of the anti-malware extensions themselves will serve as your next line of defense in the event the blacklist fails you. I should say, however, it is encouraging to know that CleanBrowsing caught 83% of phishing sites. That along with WoT and MBBG should just about cover it!

Hello @ebocious ,

To me protection at the DNS level is just one small layer in an overall layered security strategy, I would not rely too heavily on it either, but it would not hurt to add it to your overall layered security setup.

-John Jr
 

ebocious

Level 5
Verified
Well-known
Oct 25, 2018
232
Hello @ebocious ,

To me protection at the DNS level is just one small layer in an overall layered security strategy, I would not rely too heavily on it either, but it would not hurt to add it to your overall layered security setup.

-John Jr
Oh, not at all! I use CleanBrowsing on everything, even my phone. But it's mostly there for guidance; I rely on other tools for protection from malware.
 

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
Oh, not at all! I use CleanBrowsing on everything, even my phone. But it's mostly there for guidance; I rely on other tools for protection from malware.

Hello @ebocious ,

I was not assuming whether you used it or not, I was just saying that in general, but thank you for sharing that; the main parts of my anti-malware defense strategy are/is primarily covered by other tools as well, and so I see that we agree on using layers of protection to protect against various threats.

-John Jr
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Are there any good, effective and recommended filters and host lists from FilterLists in order to block malware/ransomware? thank you for posting them.
hi, there are not many. Almost all of them are not as effective as an extension + they will slow down ublock/adguard if you add them
I recommend using ublock or adguard as their primary function

here are a few acceptably good ones:
- https://hosts-file.net/emd.txt
- https://www.squidblacklist.org/downloads/dg-malicious.acl
- https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter.txt
- haven't tested yet: https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

there is vxvault list but I don't think it's good enough

I might miss something but I think those are the best
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Are there any good, effective and recommended filters and host lists from FilterLists in order to block malware/ransomware? thank you for posting them.

While not hosts lists nor filter lists, there may be free capabilities that get at the same issue more effectively.

The perpetual MBAR Beta is not bad.
 

Rebsat

Level 6
Verified
Well-known
Apr 13, 2014
254

Thank you very much for the links bro (y)



While not hosts lists nor filter lists, there may be free capabilities that get at the same issue more effectively.

The perpetual MBAR Beta is not bad.

Would you please give me the link? Thanks



It tries to do too many different things.
How effective is it against malware/ransomewares? Do you recommend it to be added into my security setup? Thanks
 
Last edited:

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
How effective is it against malware/ransomewares? Do you recommend it to be added into my security setup? Thanks
it's very hard to tell because there are not many new ransomware links to test
malwarebytes extension is one of the best no doubt
however, its resource usage, bugs and fase positive rate are problems for many people
Windows Defender browser protection + bitdefender trafficlight are very light compared to MB but are also very very good

the best product may fail against 1 malware but the worst product might block it
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain, is BTF better than Emsisoft? Just asking so I can give better educated advice.

~LDogg
hello, between these 2, it depends
- Emsisoft seems to be a faster than BDTL (BD waits until the result from their server comes -> the page will start to load. Emsi loads the page and looks up the result simultaneously)
- BDTL is more consistent than Emsisoft. I do think it blocks more
- Emsisoft can be better against PUPs/adwares while BD in general is known be very bad

I prefer BD, honestly
 
Last edited:

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
hello, between these 2, it depends
- Emsisoft seems to be a faster than BDTL (BD waits until the result from their server comes -> the page will start to load. Emsi loads the page and looks up the result simultaneously)
- BDTL is more consistent than Emsisoft. I do think it blocks more
- Emsisoft can be better against PUPs/adwares while BD in general is known be very bad

I prefer BD, honestly
Thank for your input and response, seems like both have their strong points then, the fact that BDTL still lets the page load is rather worrysome. Hoping something can be done about that in a fix.

Thanks again!

~LDogg
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thank for your input and response, seems like both have their strong points then, the fact that BDTL still lets the page load is rather worrysome. Hoping something can be done about that in a fix.

Thanks again!

~LDogg
hi, sorry I don't understand what you mean
BDTL: if the page is malicious, it will never be loaded
Emsisoft: lets the page load or file downloaded, if malicious -> blocks

I saw sometimes, emsisoft lets the malware touch the disk, then it checked and reverted the download -> messed up google chrome
BDTL will prevent the initiation of download
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
hi, sorry I don't understand what you mean
BDTL: if the page is malicious, it will never be loaded
Emsisoft: lets the page load or file downloaded, if malicious -> blocks

I saw sometimes, emsisoft lets the malware touch the disk, then it checked and reverted the download -> messed up google chrome
BDTL will prevent the initiation of download
Think I may think about replacing Emsisoft with trafficlight eventually.

~LDogg
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top