Advice Request Which do you prefer for blocking malware and phishing --> DNS, separate web filter extension or malware/phishing list in µBO, etc.?

Please provide comments and solutions that are helpful to the author of this topic.

oldschool

Level 81
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,012
I see a discussion going on here at Wilders about the best list to use in µBO for malware and phishing protection. I wonder what method you prefer for blocking malware and phishing --> DNS, separate web filter or filter list added to an anti-tracking extension? and why?
 
Last edited:

ErzCrz

Level 20
Verified
Top Poster
Well-known
Aug 19, 2019
996
I see a discussion going on here at Wilders about the best list to use in µBO for malware and phishing protection. I wonder what method you prefer for blocking malware and phishing --> separate web filter or filter list added to extension? and why?

I use WD's SmartScreen in Edge and then I use the UBO medium mode variation described here Extension - uBlockOrigin flexible modes which seems to work pretty seamlessly for me. I think the extended lists just slow down my browsing and I'd rather just blacklist the common abused TLDs as described in that post by @Lenny_Fox
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Ideally both but prefer a minimal browser configuration. Getting rid of some un-needed and largely obsolete filter lists helps a lot, thanks to Wilders. Surprisingly, Vivaldi in Sandboxie opens in 2-3 seconds. Edge opens in 1-2 sec on here.

I replaced two of the three default malware domain filters with one import and am also using SmartScreen.
That uBlock Origin thread is awesome. A treasure-trove of good information by people with a lot of expertise. (y)
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,447
separate web filter or filter list added to extension
I prefer DNS filtering, but if I would have to choose, I choose privacy. Web filtering extensions send URL home and even if it is encrypted (mostly not), the owner of the extension can see. Filter list checks URL offline, but I was never able to find any malware filter anyway, most block ADs, so I use only those:
 

Attachments

  • capture_06182020_231757.jpg
    capture_06182020_231757.jpg
    110.2 KB · Views: 347
F

ForgottenSeer 85179

Best protection is before browser level, e.g. at DNS level.
Then the browser and browser extension need a lot less work and performance is better.

Mostly it doesn't depending on used filter lists as many just use the same or copy from other lists.
For example currently I use PiHole with 20-30 filter lists but the same can be archived with nextdns "stock" lists.

Also always use browser internal protection to be on safe side.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
Thanks to all here and at Wilders. After reading a lot, I've replaced the default malware filters with the Urlhaus online and Phishing Army filters, for a net saving of about 20,000 rules in uBO. I stopped using malware Hosts files months ago because most were poorly maintained, and troubleshooting is much easier with uBO filters.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,010
Last edited:

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,447

Attachments

  • capture_06192020_091328.jpg
    capture_06192020_091328.jpg
    170.1 KB · Views: 339

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
654
I've been using Ublock Origin for the last 6 months in medium mode without the malware protection. Added a few filters. They do the job. 1Hosts ( mini), Malvertising filter by Disconnect and StevenBlack/hosts. TrafficLight for web protection.
 

Attachments

  • 2020-06-19_03h28_48.png
    2020-06-19_03h28_48.png
    79.1 KB · Views: 321
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
I see a discussion going on here at Wilders about the best list to use in µBO for malware and phishing protection. I wonder what method you prefer for blocking malware and phishing --> DNS, separate web filter or filter list added to an anti-tracking extension? and why?
1. DNS level (because all the filtering is done on the servers of the DNS)
2. Browser build-in (because Microsoft Smartscreen and Google Safe Browsing are top-notch)
3. Antivirus extension (BitDefender Traffic Light would be my choice because I like single purpose extensions and url detection is a numbers game).

I simply can't believe than a (community) based blocklist can beat the crawling and honeypot infrastructure of an Antivirus company or monitors as much traffic as a DNS service (e.g. Quad9 or NextDNS) or an OS (Microsoft) or a search engine (Google). It is as likely as Luxemburg winning the world cup soccer. URL filtering is a numbers game,.

NOTE
I am a firm 'less is more' fan, but for URL filtering 'bigger is better'.
 
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top