Advice Request Which Extension is best for security ?

[HarborFront]

In the past I used Netcraft extension, because long ago on WS it was the only one extension besides NoScript which intercepted a cross site scripting attack (XSS). Netcraft is not that well known in the consumer market, but in the corporate security market they have an impressive track record . This page describes what Netcraft company does in relation to cybercrime prevention, detection and retaliation https://www.netcraft.com/cybercrime/

Netcraft seems to have some repeat business model in relation to webservers, which allows them to conduct surveys on over 1.1 billion websites each month. So the data collection to detect frauduleus websites probably has the same impressive outreach (URL filtering is a numbers game, only companies with a data point points like leading AV's, webbrowsers, DNS services and server/router based security hardware/software can collect this info).

Reason I stopped using Netcraft is that they tell on their website that their info is used by al major webbrowsers

Spoiler: Netcraft services licensed to

View attachment 271493

So question to @HarborFront and others using Netcraft: have you seen it popup latelly?


By the way @Jack nice idea (100 points)

Netcraft Privacy Policy

https://www.netcraft.com/privacy/#app-users

If you read under

Netcraft App Users, Netcraft Browser Extension Users and Netcraft Mail Extension Users​

you can opt-out site analytics from being collected in the extension itself

 

[ForgottenSeer 97327]

Netcraft Privacy Policy

https://www.netcraft.com/privacy/#app-users

I am not saying they collect data through their extension. Your browser connects to websites located on servers elsewhere in the world (also called webservers). They have some server side data collection running at their corporate customers premises (or more likely the server parcs where that customer has their webhosting outsourced). When Netcraft extension warns you for a phishing website it has already detected that it is a phishing website through the data collected at those webservers.

Do you have seen Netcraft popping up lately?

 

[HarborFront]

I am not saying they collect data through their extension. they have some server side data collection running

Do you have seen Netcraft popping up lately?

Not sure what you mean by popup. But the extension did block a phishing site when I tested it

I believe if you don't opt-out of their services and extension likely some data will be collected for reasons stated on their website

 

[ForgottenSeer 97327]

[1] Not sure what you mean by popup. But the extension did block a phishing site when I tested it

[2] I believe if you don't opt-out of their services and extension likely some data will be collected for reasons stated on their website

[2] Ok now I understand your reply, thanks for clarifying (about the optout)

[1] Yes that is what I meant. What would be interesting to know is when you test phishing next time is to disable the Netcraft extension and test again to see whether the build-in browser phishing protection also warns for it. Phishing websites usueally are live for only a few hours. Google default safe searching (ergo also Firefox) applies a delay in distributing and updating malware/phishing URL's. When the browser does not warn (and the Netcraft extension does), than you have made a strong case (at least for me) to use the Netcraft extension (again).

Thanks for your answer

 

[HarborFront]

[2] Ok now I understand your reply, thanks for clarifying (about the optout)

[1] Yes that is what I meant. What would be interesting to know is when you test phishing next time is to disable the Netcraft extension and test again to see whether the build-in browser phishing protection also warns for it. Phishing websites usueally are live for only a few hours. Google default safe searching (ergo also Firefox) applies a delay in distributing and updating malware/phishing URL's. When the browser does not warn (and the Netcraft extension does), than you have made a strong case (at least for me) to use the Netcraft extension (again).

Thanks for your answer

My Kiwi/Mull/Ungoogled Chromium android browsers do NOT have built-in phishing protection. I need to use extension and uBO or Adguard with filters to block phishing

In FF I disable SafeBrowing because it connects to Google. Ungoogled Chromium for Windowa do NOT have built-in phishing protection. Need extension and uBO with filters to block phishing

 

[Ink]

My personal ranking based on protection effectiveness and browsing speed impact:

1st. Bitdefender Trafficlight
2nd. Avira Browser Safety
3rd place for both below:

• Malwarebytes Browser Guard (highest impact on browsing speed).
• Emsisoft Browser Security (lowest impact on browsing speed).

How do the privacy polices compare to one another?

Security > Privacy

 

[HarborFront]

How do the privacy polices compare to one another?

Security > Privacy

I have a fast look at them since I'm in the train. I might be wrong. My ranking is

1) Emsisoft
2) Avira
3) BitDefender/Malwarebytes

From

Avira Privacy Policy | Account and products

We process a range of data when you use our products. See here for further information about these processes.

www.avira.com

Avira Customer data​

You have the option to use our products as an anonymous or registered customer. If you use our products and services anonymously, i.e. without having registered by providing your email address, we will not be able to perform the necessary and legally required identity check within the scope of your legal request. In accordance with Article 11(2) GDPR we therefore reject the exercise of any claims of the data subject according to Articles 12 to 22 GDPR unless the data subject provides information allowing their identification to exercise their rights laid down in the aforementioned articles.

 

[silversurfer]

How do the privacy polices compare to one another?

Security > Privacy

Emsisoft is probably the most recommendable when we talking about users privacy.
I found this thread here on MT with technical information statement from Emsisoft:

Emsisoft Browser Security is a cloud-based browser extension for Firefox as well as Chrome. It is powered by the same database that also powers the Emsisoft Surf Protection. However, since it is part of the browser and has access to the actual URLs and the page content without breaking SSL, it can use a lot more advanced detections, which will greatly increase the detection of phishing websites in particular.

Unlike a lot of other cloud-based extensions, who will send any URL you visit in clear-text to a backend somewhere, we decided to make it a lot more privacy-conscious. So instead of URLs in plaintext, we only ever see hashes of parts of the URLs you visit, which we can't turn back into their readable form. Any processing that requires the entire URL, is done completely client-side, so the sites you visit never leave your browser.

New Update - Emsisoft Browser Security

Hello everyone, I just wanted to give you a little Christmas present in form of a new component that you can test a bit earlier than anyone else if you want to. The next Emsisoft Anti-Malware release will include a new component we call "Emsisoft Browser Security". Emsisoft Browser Security...

malwaretips.com

Emsisoft Browser Security

Emsisoft Browser Security is a light-weight browser extension, currently available for Chrome, Firefox and Edge, that not only blocks access to websites that distribute malware, but also prevents phishing attacks […]

www.emsisoft.com

 

[ForgottenSeer 97327]

My Kiwi/Mull/Ungoogled Chromium android browsers do NOT have built-in phishing protection. I need to use extension and uBO or Adguard with filters to block phishing

In FF I disable SafeBrowing because it connects to Google. Ungoogled Chromium for Windowa do NOT have built-in phishing protection. Need extension and uBO with filters to block phishing

You seem to value your privacy. I will have a look at KIWI browser on Android

 

[Jan Willy]

You seem to value your privacy. I will have a look at KIWI browser on Android

KIWI will leak your local IP adress (WebRTC) like most Android browsers. Brave and Vivaldi don't. Also Firefox Nightly is usable with a small modification.

 

[blackice]

Malwarebytes Browser Protection is also pretty private according to Fabian Worsar. But if you use Edge AND have Malwarebytes installed (even just the free version) every time you open and close Edge an instance of their communication process gets spawned and doesn’t close. It’s a know. Issue, but one day I noticed about 40 instances of the process running.

 

[oldschool]

But if you use Edge AND have Malwarebytes

Don't know why anyone would add MB when Edge has Smartscreen, which is seamlessly integrated.

 

[blackice]

Don't know why anyone would add MB when Edge has Smartscreen, which is seamlessly integrated.

I was using both since it wasn’t having an impact on my beefy gaming system. But, I went straight smartscreen after that. Some people worry about smartscreen privacy…not going down that rabbit hole.

I removed Trend Micros URL filtering in the router because it did not intercept HTTPS URL requests and replaced it with TrafficLight extension of bitdefender.

It doesn’t intercept HTTPS but they block by IP address and/or HTTP header info to block malicious sites using HTTPS. The downside is they have a lot of false positives they like to label as scams.

 

[Sandbox Breaker - DFIR]

Checkpoint Harmony Browse. Expensive but solid!
Zero day phishing prevention with never before seen phishing pages
Shared Intel Blocklist of URLs. Why limit to one source.
Content Disarm and Reconstruction
All downloads get detonated in multiple cloud sandboxes.

Truely nasty!

Harmony Browse - Check Point Software

Harmony Browse provides fast, private and secure web access by protecting against known and zero-day attacks on browsers.

www.checkpoint.com

 

[Jan Willy]

Checkpoint Harmony Browse. Expensive but solid!

Why this tracker on their site: www.gartner.com (blocked by EasyPrivacy).

 

[Sandbox Breaker - DFIR]

Peer Reviews. Lol. The extension and service are GDPR compliant.
This topic is for best security extensions. That's my 2 cents(dollars).

 

[HarborFront]

You seem to value your privacy. I will have a look at KIWI browser on Android

Kiwi browser is NOT a privacy browser because it makes connections to Google.

The thing I like is its ability to add extensions and manage bookmarks. Currently, looks like new version not released because developer is busy on something else. Read here

Update - Kiwi Browser for Android - Free and Open Source

103.0.5060.104 released https://www.apkmirror.com/apk/geometry-ou/kiwi-browser-fast-quiet/kiwi-browser-fast-quiet-103-0-5060-104-release/kiwi-browser-fast-quiet-103-0-5060-104-2-android-apk-download/

malwaretips.com

 

[Ink]

I tried BD trafficlight, emisoft and malwarebytes browser guard. I liked BD, emisoft but malwarebytes was slowing my browsing too much. After few trials and errors, I ended up with BD, and I was quite satisfied with that forgetting about the privacy issues that come with it.

But recently I found many places on some corners of the web and even here, that it now lost its charm. I tested only against phishing against phishtank links. And this time BD missed a lot. Followed by Emisoft and Malwarebytes which was best in this regard.

Now, I want to know your opinion. Which is the best extension against malware and phishing protection? I am ready to know about other extensions which are as good or better than these three.

Do you keep Google Safe Browsing enabled? It’s available for Chrome , Firefox and other Chromium-based browsers: chrome://settings/security#safe+browsing. Considering it is integrated, all the users need to do is agree to Google’s Privacy Policy to use and stay protected online.

Microsoft offer their own Browser Protection for Chrome users, or if you use Microsoft Edge it has its own SmartScreen technology.

Content blockers such as Adguard, uBlock Origin etc. allow users to use set blocklists for malware and phishing. These lists may not always be best for the latest threats.

 

[Zappathustra]

NextDNS + uBlock Origin. That's it for me.

 

[eXDj]

if install bitdefender
Bitdefender Anti-tracker
1.4.0.25