Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Although the browser anti-phishing/malware extensions can be useful sometimes, they are not as efficient as one could think:
"In fact, over a 60-day period, Akamai observed more than 2,064,053,300 unique domains commonly associated with malicious activity. Of those, 89% had a lifespan of less than 24 hours, ...".

I suspect that many of the tested phishing/malware links can be already dead.:unsure::(
 
F

ForgottenSeer 823865

89% had a lifespan of less than 24 hours, ...".
I suspect that many of the tested phishing/malware links can be already dead.:unsure::(
Exactly, it is why focusing too much on extensions is silly, people must learn to pinpoint suspicious sites and avoid wandering in unknown territories.
Pick some "trusted" (if i dare say the word) sites who inform about everything and stick to them.
for example some sites are specialized to answer all kind of questions; so no need going to low-reputation sites.
 

Tiamati

Level 12
Verified
Top Poster
Well-known
Nov 8, 2016
574
Any point in using an extension with the av of the same company? (e.g Bitdefender Trafficlight with BIS, MalwareBytes extension with the premiun AV, Avira extension with Avira AV, WDBP with windows defender)
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Although the browser anti-phishing/malware extensions can be useful sometimes, they are not as efficient as one could think:
"In fact, over a 60-day period, Akamai observed more than 2,064,053,300 unique domains commonly associated with malicious activity. Of those, 89% had a lifespan of less than 24 hours, ...".

I suspect that many of the tested phishing/malware links can be already dead.:unsure::(
This is why I don't really care much about phishing in general. Besides my browsing habit is pretty safe too. If I'm using a security suite like ESET or Kaspersky, I don't install any extension as this two are very capable. I even disable the extension Kaspersky forcefully installs (Won't let me uninstall :emoji_expressionless:). If I'm using Windows Defender, I keep Emsisoft Browser Security just in case. It's decent protection wise, light and fast. I would probably only keep WDBP if it was available for Firefox.

Probably someone mentioned/noticed this in the thread before that most of testing for malicious links done in this thread are from this source. You can easily subscribe to this list in your Adblocker like uBlock Origin:
https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.txt
To subscribe easily, visit here: Filterlist search urlhaus and click Subscribe.
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I don't think so.
Don't know for BDTL but Malwarebytes recommend using both:
I have Malwarebytes Premium. Do I still need Browser Guard?
Browser Guard does have extra protection features, as well as benefits for privacy, including ad and tracker blocking. And of course, Malwarebytes Premium versions have anti-exploit technology, real-time malware protection, anti-ransomware, and stalkerware protections that Browser Guard does not.

Where the web blocking module of Malwarebytes Premium and Browser Guard share a database of blocked IPs and domain, there is an overlap.

Looking at Malwarebytes Premium, it blocks the IPs and domains for all running applications, where Browser Guard does this only for the browser the extension is installed on.

On the other hand, Browser Guard blocks more than just domains and IP addresses. Not only does it recognize malicious websites based on their behavior that are not in the database (yet), it also blocks advertisements and trackers. These are not always malicious, but they usually do not improve user experience and blocking them can speed up your browsing up to four times.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Had to catch up some classes I missed last trimester, killing time during lunch break, anxiously waiting thumbs up/down of teacher on my project. Decided to play a little with mentioned extensions, similar results ("lood om oud ijzer" as we say in Dutch) noticed that Firefox seems to have improved (are they using a different Google Safe Browser API?), occasional intervention of Microsoft Network protection and only one stopped by Quad9.

This Elon Musk phishing websites (with HTTPS) promises a new Tesla, ,which is tempting when you have to use public transport like I do. Should i give it a shot because BTL says it is safe :LOL: ? Nahh member @Umbra advice is sound: use common sense when it is to good to be true, it probably is not true and most likely is a phishing bate.


1572521540500.png



Funny BitDefender on Virus Total is the only one who says it is fishy
1572522068600.png


Second check, now BTL also flags it
1572522236900.png
 
Last edited:

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
667
@Evjl's Rain once mentioned that google chromes safe browsing is being updated in real time, and firefox every 30 minutes ( if i remember correct, but i have been on that belief)
[...] When Safe Browsing is enabled in Chrome, Chrome contacts Google's servers periodically to download the most recent Safe Browsing list of unsafe sites including sites associated with phishing, social engineering, malware, unwanted software, malicious ads, intrusive ads, and abusive websites or Chrome extensions. [...]
.
https://www.google.com/chrome/privacy/whitepaper.html#malware
 
Last edited:

Zartarra

Level 7
Verified
Well-known
May 9, 2019
312
The past couple days I did a browser extension test. I used 1045 phishinglinks, 38 recent (1 day old) phishing links, 47 malwarelinks and 41 new malwarelinks. I did the test with the latest Firefox browser, except for Windows Defender Browser protection. I used the latest Google Chrome version.

The results are:



Sophos​

Malwarebytes​

Emsisoft​

Avast online​

Avira​

Netcraft​

Bitdefender traffic light​

Norton safe web​

Windows Defender Browser protection​

Malware links​

92,31%​

94,50%​

7,07%​

31,77%​

83,53%​

15,56%​

82,56%​

11,36%​

36,67%​

Fresh malware links​

83,10%​

33,21%​

5,00%​

1,79%​

28,93%​

2,50%​

90,71%​

2,50%​

42,18%​

Phishing​

82,97%​

92,75%​

66,36%​

89,89%​

92,63%​

75,55%​

98,29%​

88,48%​

88,07%​

Fresh phishing links​

31,58%​

42,11%​

18,42%​

26,32%​

36,84%​

23,68%​

85,00%​

78,95%​

35,29%​

Total​

72,49%​

65,64%​

24,21%​

37,44%​

60,48%​

29,32%​

89,14%​

45,32%​

50,55%​



 
Last edited by a moderator:

Tiamati

Level 12
Verified
Top Poster
Well-known
Nov 8, 2016
574
The past couple days I did a browser extension test. I used 1045 phishinglinks, 38 recent (1 day old) phishing links, 47 malwarelinks and 41 new malwarelinks. I did the test with the latest Firefox browser, except for Windows Defender Browser protection. I used the latest Google Chrome version.

The results are:



Sophos​

Malwarebytes​

Emsisoft​

Avast online​

Avira​

Netcraft​

Bitdefender traffic light​

Norton safe web​

Windows Defender Browser protection​

Malware links​

92,31%​

94,50%​

7,07%​

31,77%​

83,53%​

15,56%​

82,56%​

11,36%​

36,67%​

Fresh malware links​

83,10%​

33,21%​

5,00%​

1,79%​

28,93%​

2,50%​

90,71%​

2,50%​

42,18%​

Phishing​

82,97%​

92,75%​

66,36%​

89,89%​

92,63%​

75,55%​

98,29%​

88,48%​

88,07%​

Fresh phishing links​

31,58%​

42,11%​

18,42%​

26,32%​

36,84%​

23,68%​

85,00%​

78,95%​

35,29%​

Total​

72,49%​

65,64%​

24,21%​

37,44%​

60,48%​

29,32%​

89,14%​

45,32%​

50,55%​

Great results for BTL
 

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
667
That's not Cloudflare DNS, it doesn't block anything and couldn't put a block message as the website is HTTPS. That's Cloudflare on the website itself after receiving a phishing report.
Hmm, I've recently seen a few Cloudflare page blocks. I thought my 1.1.1.1 rendered page block, too. What does "Cloudflare on the website" mean? Cloudflare CDN?
 
Last edited:
  • Like
Reactions: Jack and Moonhorse

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
Hmm, I've recently seen a few Cloudflare page blocks. I thought my 1.1.1.1 rendered page block, too. What does "Cloudflare on the website" mean?
The website uses the Cloudflare CDN and after Cloudflare received reports that the website is phishing, they put up that warning - because they don't host the website that's all they can do, along with passing the report to the web host.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top