Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
Does WDBP still have the issue of allowing malware to download even when the page is blocked?
Do you mean that the user can download the malware via a web browser or the malware outside the web browser can download something by using web browser?
 
F

ForgottenSeer 85179

NextDNS does better than all the DNS based solutions because the sources that are used to test the effectiveness of phishing and malware blocking here in this thread are covered by Nextdns and many more. A total of 34 sources right now. Source: nextdns/metadata
Thanks will add these to my own PiHole.

NextDNS is also a PiHole instance ;)
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Thanks will add these to my own PiHole.

NextDNS is also a PiHole instance ;)
Not an instance rather inspired from PiHole. It's easier to use than PiHole for me since it doesn't require any device. All the work is happening on their server. I have set it on my router and my family members are protected from most of the ads, trackers, porn sites, malicious, phishing sites.
 
F

ForgottenSeer 85179

Not an instance rather inspired from PiHole. It's easier to use than PiHole for me since it doesn't require any device. All the work is happening on their server. I have set it on my router and my family members are protected from most of the ads, trackers, porn sites, malicious, phishing sites.
Sure but you don't get the full control over - like the even write down.
And biggest disadvantage: you still use a external DNS provider while I can combine my lists with Unbound.

But I guess that's too far OT :)
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Do you mean that the user can download the malware via a web browser or the malware outside the web browser can download something by using web browser?
because of how WDBP works, it still lets some blocked links slip through and download. In other words, the files are still downloaded before the block screen shows
Emsisoft extension has a similar working method but a bit smarter. It either blocks the link in the first place or lets them download and deletes the download entry later => but this may crash the browser
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Today test. Sorry, most links w/ere dead. These are only live links I could find on vxvault and urlhaus
DNS was changed by DNS jumper + DNS cache was flushed + Browser was restarted on every time

cloudflare (1.1.1.2/1.0.0.2) 1+1 = 2/9
quad9 1+2 = 3/9
adguard 2+1 = 3/9
neustar 2+3 = 5/9
cleanbrowsing 2+0 = 2/9
openDNS 1+0 = 1/9

avira 3+4 = 7/9
Bitdefender 3+6 = 9/9
emsisoft 0+0 = 0/9 !!!
malwarebytes 3+6 = 9/9
norton 3+2 = 5/9
WDBP 3+6 = 9/9
google 3+3 + 1 warn = 7/9

optional:
Netcraft 0+0 (not for malware blocking)
Kaspersky Security Cloud Free 3+6 = 9/9

Microsoft Edge lets you download 3+3 files, warns about them, 3 fully blocked, so 3/9 or 9/9?
Aantekening 2020-04-03 200132.png
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Yes, but IMO that makes a case for a good third-party antivirus like Bitdefender, F-Secure or Kaspersky... :unsure:

I completely agree. WD (which I still think is a good option for many users) left one of these remnants after blocking something when I did phishing tests a while back.
 
Last edited:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Today test. Sorry, most links were dead. These are only live links I could find on vxvault and urlhaus
DNS was changed by DNS jumper + DNS cache was flushed + Browser was restarted on every time

cloudflare (1.1.1.2/1.0.0.2) 1+1 = 2/9
quad9 1+2 = 3/9
adguard 2+1 = 3/9
neustar 2+3 = 5/9
cleanbrowsing 2+0 = 2/9
openDNS 1+0 = 1/9

avira 3+4 = 7/9
Bitdefender 3+6 = 9/9
emsisoft 0+0 = 0/9 !!!
malwarebytes 3+6 = 9/9
norton 3+2 = 5/9
WDBP 3+6 = 9/9
google 3+3 + 1 warn = 7/9

optional:
Netcraft 0+0 (not for malware blocking)
This just makes me want to go back to using the fastest DNS, since DNS based blocking doesn’t seem to work very consistently. And Malwarebytes is still getting consistently great results.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
This just makes me want to go back to using the fastest DNS, since DNS based blocking doesn’t seem to work very consistently. And Malwarebytes is still getting consistently great results.
I would say that if you're using WD then a dns with good protection can have some value to it but if using a good security solutions like Kaspersky, Bitdefender, Eset who are known to have very good web protection then using the fastest dns would be the wiser decision.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
I would say that if you're using WD then a dns with good protection can have some value to it but if using a good security solutions like Kaspersky, Bitdefender, Eset who are known to have very good web protection then using the fastest dns would be the wiser decision.
I have a router with ESET filtering at the DNS level already, it's a desktop so it's not going to be outside of that. I'm not sure if I'd gain much.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Kaspersky Security Cloud Free 3+6 = 9/9

Microsoft Edge lets you download 3+3 files, warns about them, 3 fully blocked, so 3/9 or 9/9?
View attachment 236179
I don't understand what is on your screenshot but according to my past experience, it should be counted as blocks
If I recall correctly, Edge warns or blocks, same as chrome
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
I don't understand what is on your screenshot but according to my past experience, it should be counted as blocks
If I recall correctly, Edge warns or blocks, same as chrome
Those are warnings for potentially unsafe files, with the option to keep (behouden in Dutch) or delete (verwijderen in Dutch) them.
So, then it's 9/9 for Edge.
 

Zartarra

Level 7
Verified
Well-known
May 9, 2019
312
Hello
The past couple days I tested some full security suites for protection against phishing and malware sites. I used the latest version of Mozilla Firefox.

The test results are:
Malware linksRecent malware linksPhishing linksRecent phishing links
Sophos Home premium93.80%68.52%72.77%20.00%
Malwarebytes 488.27%92.30%78.57%27.27%
Trend Micro Internet Security71.00%80.30%79.04%33.33%
Zone Alarm Extreme security70.47%62.63%2.30%0.00%
Norton Internet Security87.96%67.78%82.67%67.5%

Tested only working links:
  • malware links: #46
  • recent malware links: #16
  • Phishing links: #507
  • Recent phishing links: #20
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top