Hot Take [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comparison between browser extensions

Test 29/12
Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings


Test 24/11
Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings


Test 12/11
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings


Test 7/11
Q&A - [Updated 7/11/2018] Browser extension comparison: Malwares and Phishings


Test 6/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 3/9
Q&A - [Updated 3/9/2018] Browser extension comparison: Malwares and Phishings


Test 2/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Test, quick 1/9
Q&A - [Updated 25/7/2018] Browser extension comparison: Malwares and Phishings


Fun test 25/7/2018
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 24/7/2018 (most comprehensive, as possible)
Q&A - [Updated 24/7/2018] Browser extension comparison: Malwares and Phishings


Updated 19/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 18/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 10/7/2018
Q&A - [Updated 10/7/2018] Browser extension comparison: Malwares and Phishings


Updated 7/6/2018
Q&A - [Updated 7/6/2018] Browser extension comparison: Malwares and Phishings


Updated 3/6/2018
Q&A - [Updated 3/6/18] Browser extension comparison: Malwares and Phishings


Updated 25/4/2018
Poll - [Updated 25/4/18] Browser extension comparison: Malwares and Phishings


Update: 23/3/2018
Poll - [Updated 23/3/18] Browser extension comparison: Malwares and Phishings



Browser: Google Chrome 65 x64
Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
Total: 50 links
Extensions: recently downloaded from Chrome Web Store
- Google Safe Browsing (built-in chrome's protection)
- AdGuard AdBlocker: default settings, uses Google Safe Browsing (delayed) and their own database
- Avira browser safety: default settings
- Norton Safe Web: default settings
- Bitdefender Trafficlight: default settings, it rarely blocks any malware links, just old ones
- Avast Online Security: default settings, only has phishing protection, expected to score 0 against malwares
- Netcraft Extension: default settings, only has phishing protection, expected to score 0 against malwares
- uBlock Origin with some additional filters

NOTE: the result can vary from day-to-day. Tomorrow with different links, the result can be very different. All are live links but they can be dead a few minutes after the test. No duplication

Results:
result.png


Winner: Google Safe Browsing
 
Last edited:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Just playing devils advocate :p, but has anyone proved it was better, or are we just basing it on AV vendors telling us it is better?;)

I guess the question is, what ate they actually trying to stop? If it's downlowing files, then what's the purpose of the file scanner? Shouldn't it be scanning all downloaded files? I guess we could say detecting credit card skimmers, but many of those still go undetected by most AVs. So i guess the question is, what is the real purpose of scanning https traffic? After all its been known to cause quite a few issues, as https wasn't designed to work in this manner.

Not saying it's not worth it, just trying to inject some thought into the conversation. After all all I've seen from AV companies is them s aying, to stop the bad guys, but in all honesty, that's a pretty generic statement.:cool::emoji_beer:
Your point of view isn't more true than my point, even if we believe we said the truth, so it's useless to discuss further nothing will change our opinions!

Microsoft Defender don't destroy TLS ;)

these security experts AV manufacturer only want selling their product so they include as much as possible features and "shine" with looks-important stuff like https scanning. In fact this only makes trouble and decrease security.
HTTPS scanning is only a option for companies.
You must be very arrogant to believe that your technical knowledge is higher compared to verified security experts, but anyway you can believe what is true in your own world of security...
 
Last edited:
F

ForgottenSeer 85179

You must be very arrogant to believe that your technical knowledge is higher compared to verified security experts, but anyway you can believe what is true in your own world of security...
That aren't my words. I just say that TLS scanning is bad and break your security and that it only make sense for companies, not for end user.
Please read my post again.

Anyway i don't trust all AV companies just because they has security experts. Trust is based on many things
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
Your point of view isn't more true than my point, even if we believe we said the truth, so it's useless to discuss further nothing will change our opinions!


You must be very arrogant to believe that your technical knowledge is higher compared to verified security experts, but anyway you can believe what is true in your own world of security...
With the risk to go further offtopic, in my view deserves the situation a little bit nuance. So that we at the end can say that everybody was right. Https says nothing about the content of a site. How can we be sure that such a site not is hacked? Safe or not, you see always the (green) padlock in the browser. You have to consider if the risk of an abused https-site (for instance your banking site) is big enough to trust your AV-program to scan (= read) the related internet traffic. If you don't want that, then simple deactivate https-scanning in the options of your AV-program.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I have some free time today and performed a test
15 links from urlhaus. No time for phishing

Extensions:
Chrome's safebrowsing: block 12/15 + warn: 3/15 = 15/15
Bitdefender: 14/15
Malwarebytes: 10/15
Avira: 8/15
Norton: 7/15
Emsisoft: 5/15
Microsoft WDBP: 5/15 (tested a few times, same result)

DNS:
neustar (Threat Protection): 14/15
nextDNS: 14/15
quad9: 9/15
adguard family: malware 2/15 | adult 4/15 = 6/15
cleanbrowsing secure: 5/15
cloudflare malwares+adults: 2/15
openDNS family: 2/15
Thanks for testing again (y)
My results:
Microsoft Edge SmartScreen: block 11/15 + warn 2/15 = 13/15
uBlock Origin with (new) Online Malicious URL Blocklist: block 13/15
Bitdefender TrafficLight: block 15/15
 

razorfancy

Level 4
Verified
Well-known
Nov 27, 2016
168
Thanks for testing again (y)
My results:
Microsoft Edge SmartScreen: block 11/15 + warn 2/15 = 13/15
uBlock Origin with (new) Online Malicious URL Blocklist: block 13/15
Bitdefender TrafficLight: block 15/15
Its normal that Microsoft Edge SmartScreen block more when you test because it was more than 9 hours after I tested.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Its normal that Microsoft Edge SmartScreen block more when you test because it was more than 9 hours after I tested.
Sorry missed your original post, but you are correct, timing is important when testing these kinds of links.
uBlock Origin with (new) Online Malicious URL Blocklist is based on urlhaus and should have blocked them all.
 

razorfancy

Level 4
Verified
Well-known
Nov 27, 2016
168
Sorry missed your original post, but you are correct, timing is important when testing these kinds of links.
uBlock Origin with (new) Online Malicious URL Blocklist is based on urlhaus and should have blocked them all.
Are you talking about the list I put a arrow or is a custom list that you add to uBlock Origin?

tofD8cB.png
 

SharonGuardio

New Member
Nov 17, 2020
3
disclosure: I work at Guardio
Guardio also has free features but indeed for full protection, you'll need to upgrade and can try that out with a free trial (if you cancel during the trial it really doesn't cost and there is a 30-day refund guarantee). I promise you we're the good guys.
The only permission the extensions needs are for checking websites/extensions to see if they are harmful, and for blocking out yucky popups. We fight other extensions that alter browser settings, hijack settings, and have malicious intentions.
 

SharonGuardio

New Member
Nov 17, 2020
3
I didn't say Guardio is perfect, we have a long way to go but are doing pretty good so far in helping people stay safe online.
I love finding threads like this I think it's important to know how a brand is perceived. Anyhow open to chatting with anyone who wants and you can ask me anything :)
 
  • Like
Reactions: ebocious

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top