Malwarebytes has released a Chrome and Firefox extension called “Malwarebytes Browser Extension (BETA)” that aims to protect your computer while browsing the web. When installed, this extension will block malicious sites, popups, tech support scams, and also acts as an advertising and tracking blocker.
Malwarebytes states that their extension has the following features:
- Malware protection: Blocks malicious programs or code that can damage your system.
- Scam protection: Blocks online scams, including technical support scams, browser lockers, and phishing.
- Advertising/tracker protection: Blocks third-party ads and third-party ad trackers that monitor your online activity. The number of blocked ads/trackers for a website will show beside the Malwarebytes logo in your browser.
- Clickbait protection: Blocks content and websites that often display behavior of questionable value.
- DISCLAIMER: Clickbait filtering is in no way politically motivated, it is purely behaviorally based
- Potentially unwanted program (PUP) protection: Blocks the downloading of potentially unwanted programs, including toolbars and pop-ups.
Even more interesting, Malwarebytes claims that this is the first extension that heuristically detects and blocks browser tech support scams. This means that it will not only block known tech support scams, but theoretically new ones created in the future. This is a great feature, as tech support scams can freeze a browser or make it very difficult to close, which leads many inexperienced computer users to have no idea how to close the page.
“Speaking of behavior patterns, our browser extension is the first that heuristically identifies and blocks tech support scams‘ browser-locker pages, which scare users into calling fake tech support scammers,” Malwarebytes blog post stated. “So it protects you from unwanted social engineering tactics as well.”
While testing this extension, it performed as described. It properly blocked some known URLs that I typically use to harvest malware and adware and it does remove ads and tracking scripts. With that said, I do have some concerns, which are described later in the article.
Using the Malwarebytes Browser Extension (BETA)
To use the Malwarebytes Browser Extension (BETA), simply install it from it’s Chrome Web Store or Firefox Extension pages. Once installed, the extension will run in the background and examine the traffic as you browse the web.
While browsing the web, if you go to a site that is known or heuristically detected to be a tech support scam, PUP related, fraud, or other malicious site, the extension will block it and display a message.
The extension will also list a count of the number of trackers and advertisement related scripts that were blocked on a page. This count will appear under the Malwarebytes extension icon as shown below.
If the extension is causing problems, it is also possible to disable various features of the extension. For example, if you want the malicious site protection, but the tracker/ad removal is causing a page to not function properly, you can easily disable it. To do this, you would click on the Malwarebytes icon on your browser and a small window will open as shown below.
From there you can quickly turn off one of the protection methods. If you want a more granular configuration, you can click on the Settings option and configure whether or not specific protection modules would be enabled.
If a particular site is having problems because the extension is removing needed scripts or being detected improperly as malicious, you can add it to a white list. To do this click on the Allow List option and add the url to the list of allowed domains as shown below.
Finally, when the Malwarebytes Browser Extension blocks a page, it will send data back to Malwarebytes that contains the blocking category and the URL. To disable this feature, you can go into the About screen and uncheck the “Send anonymous telemetry to Malwarebytes” checkbox.
Some concerns regarding the extension
While the Malwarebytes Browser Extension works very well, I do have some concerns.
One item that I found concerning was that it appears that the extension automatically whitelists the malwarebytes.com domain. This means that tracking scripts that are blocked on all other sites do not appear to be blocked when visiting the Malwarebytes web site.
For example, when I visited Malwarebytes.com with the extension installed, I noticed that it had 0 detections.
On the other hand, if you take the source code from that page and load it from another domain, it suddenly detects 2 items.
Another concern is their “Clickbait” protection. As determining whether a site utilizes clickbait is purely subjective, I am not sure how they plan on blocking sites that utilize this. Once thing I have learned operating BleepingComputer is that what may be clickbait for one person, is perfectly fine for another.
Finally, some people have been reporting that the extension is blocking legitimate scripts that cause pages not to work properly. For example, two reviews on the Chrome Web Store page indicate that the extension is blocking legitimate scripts that cause the pages to not display properly.
With this said, Malwarebytes clearly disclosed that this extension is in beta and that false positives will occur. Hopefully these issues will be resolved before it is released as it definitely a useful tool to protect a computer.
BleepingComputer has reached out to Malwarebytes regarding these concerns, but had not heard back by the time of this publication.