Test of web browser extensions XI 2018 (AVLab)

Discussion in 'other anti-virus software' started by ichito, Nov 30, 2018.

  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Whole content
    https://avlab.pl/test-web-browser-extensions-protection-against-malicious-software
     
  2. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Why is uBO so terrible?
     
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Because the filter list weren't good enough?
     
  4. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    uBlock Origin with the right filters and/or dynamic filtering leaves everything else in the dust
     
  5. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    For blocking ads, malware or both?

     
  6. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    uBlock is of course horrible at blocking malware simply because 99% of the focus is on blocking ads.

    So Check Point is the way to go?
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Malware is irrelevant, just make your browser always download to one folder, and don't let anything execute from that folder, you can use SRP, anti-exe etc. And when you want to download something legitimate you manually turn off the protection and then turn it on again after you're done, boom it's that easy

    It's the phishing, tracking, ads etc. that is the important stuff to filter, malware is like some baby with a knife, it can stab you but only if you let it
     
  8. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    i don't have to worry about phishing or exploits if i don't connect my computer to the internet
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    1. The other products in that test make use of virus signatures and/or heuristics, IMO, which is not what uBO does. It can only block what is in the 3rd-party filterlists (or what is blocked by Dynamic Filtering).
    2. If that sites says:
    ... does that mean that EasyList, EasyPrivacy etc. were disabled? If so, most ads were not blocked with the result that malware delivered through those ads was not blocked, either, of course. This would not make any sense.
     
  10. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    649
    Location:
    Milan, Italia
    Precisely! And Beyonder sorely misses what uBO is about. It's a wide-spectrum blocker that can also block ads. Used correctly, it acts as a firewall of sorts for your browser. Advanced user medium mode is dev. Raymond Hill's recommended mode for usability and security.
     
  11. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    Of course they'd kneecap the free/open source product so the extensions from the bigwigs - which are most likely harvesting your browsing data - would look better. Let's also ignore the fact that malvertising is one of the biggest infection vectors for the average user.
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Obviously the person(s) testing is clueless about what uBlockO is and and how and what it can block.

    In some ways I would agree. When it comes to ad and script blocking, yes for sure it's top shelf.
     
    Last edited: Nov 30, 2018
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I'm not user of uBO but as I can see they used for testing more than default filters (Malware Domain List, Malware domains) so I don't know where is the problem? I think you can send your opinion to AVLab even in English...they will understand.
     
  14. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Where does that article say that more than the default lists were used? Again, that article says:
    This wording suggests that only those lists were used. This may be a misinterpretation but there is no clarification in the article.

    And as already said in other posts, this test is a strange one, to say the least. uBO is not an AV solution. It cannot block malware per se but only malware sources by blocking known malware sites (which cannot include the honeypots used in this test, of course - this alone makes the inclusion of uBO in this test absurd) and by blocking ads that spread malware. The latter aspect does not come into play if EasyList etc. were disabled which is not clear. And even if they were enabled it probably wouldn't have made a difference in that test as it seems that the malware was directly downloaded from the honeypots to the test system. How would a browser add-on like uBO protect against such an approach?

    Considering this, the inclusion of uBO in that test is utter nonsense. Looks rather like an April's joke although it was published on Nov. 29. Funny.
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Spot on :thumb:

    uBlockO in its default setup with default filter lists will block ads. However, it has advanced dynamic filtering settings which allow one to set it up to block any combination of 1st party, 3rd party and inline scripts, as well as 3rd party frames. This feature alone makes it a very powerful extension for blocking potentially dangerous sites that are compromised to deliver drive-by downloads, for example, to unsuspecting victims landing on these web pages.
     
    Last edited: Dec 1, 2018
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I also don't get it. uBlock will simply block malicious sites from loading, but it won't block malware that you download and run. On the other hand, so do the other extensions, and they were able to get a good score. I guess I must read the whole article. But to me uBlock isn't about malware blocking anyway, it's about ad and tracking blocking.
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    "More than default" means that 4 lists used in test are more tha only 2 that are deafult included after instalation what we can see on screenshot below
    181201174519_2.jpg
    And when they say on uBO page "It will also block most pop-up ads and help protect against some forms of malware" is it mean that this are empty promises? More than 5,5 milions users on Firefox and Chrome are consious that they have half-protection?...oh no...because maybe few thousands know how to prepare famous addon to proper work. It sounds like a joke and there is no matter how strong some of them try to persuade normal users that uBO should be the winner.
     
  18. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    @ichito

    Where does it say they used "more than default"?

    They state: "**The following lists were used: Malvertising filter list by Disconnect, Malware Domain List, Malware domains, Spam404"

    If the wording had been "**The following lists were added: Malvertising filter list by Disconnect, Malware Domain List, Malware domains, Spam404"

    Then yeah, that would be default + additional filters
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Would you be so kind as to provide a link?
     
  20. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,468
    Location:
    Hollow Earth - Telos
    The Comodo chrome extension online security pro gets hung up for at least 5 seconds on some sites really slowing things down so bad that i can't use it.
     
  21. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Please...if only two lists are enabled just after installation so that is the default state of uBO in module "Domains with malware"...if AVLab added two next list from such module (earlier was disabled) it means that four lists is more than default state...right?...or maybe we know diferent mathematics.

    @wat0114
    Please as you wish
    https://www.ublock.org/
    and even more
    https://github.com/gorhill/uBlock
     
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Thanks @ichito. Unfortunately, the first link references a different project; it's not the uBlockO developed by Raymond Hill, the one we're discussing and used in the test.

    The second quote you provided along with the link is not at all what you quoted in your previous post, which you posted as follows:

    Blocking malware sites and blocking "some forms of malware" are two completely different things.

    Looks like four lists to me...

    ...

    https://github.com/gorhill/uBlock

    EDIT

    I suppose you are talking about two "Malware" lists enabled. Still, blocking ads alone can and does go a long ways to providing protection against attacks via malicious frames being embedded in ads. As mentioned earlier, if the testers had done a little reading, they would have seen that uBlockO can be set up in so many different configurations to block frames and/or scripts. Even the simple "enhanced easy mode where blocking 3rd party frames only, adds considerable protection against malicious frames embedded in web sites.
     
    Last edited: Dec 1, 2018
  23. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    @wat0114 and @Azure Phoenix already answered that question. Besides, it's not a math problem. The crucial point is what @wat0114 wrote:
    This is what I tried to explain in my other post but it seems that you didn't understand. That article clearly says that they used some honeypots specifically setup for the test - which you would never be able to access as a normal internet user and which logically can not be contained in one of the malware lists. In other words, in that test the malware samples were not directly downloaded from real existing malware sites but from those honeypots unknown to uBO - so how in the world would uBO be able to provide any protection? Is that really so hard to understand?
     
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    @wat0114
    You're right and thanks for clarification...your post was very informative and useful.

    @summerheat
    Why do you think that your point of view ("that test the malware samples were not directly downloaded from real existing malware sites but from those honeypots unknown to uBO ") should be better than such below from test
    "The samples used in this test come from attacks on our honeypots network which are very important tool for security experts. The purpose of traps for intruders, script kiddie or other scripts, is to pretend “victim” (in terms of systems, services or protocols) and save, among others, logs from attacks, including malicious software. We use low and high interactive honeypots that emulate services such as: SSH, HTTP, HTTPS, SMB, FTP, TFTP, MYSQL, and SMTP.
    A test that reproduces real user and malware behavior is the best from the point of view of Internet users and developers."

    Should we realy rely on developer statement instead of searching weak points in its efficiency?
     
  25. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Because that site is telling us. Look at that big picture "Description of the procedure". It clearly says: "Malware Database - Downloading malware from honeypots". If that malware was downloaded from honeypots it obviously wasn't downloaded directly from malware sites. Hence, the malware lists in uBO could not come into effect.

    Besides, the box "Short Guide" within this picture says: "1. Copying malware into machines. 2. Executing malware with admin privileleges." This suggests that the malware was not downloaded via a browser. So how would a browser add-on come into play at all under these circumstances?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.