Malwarebytes has released a Chrome and Firefox extension called "Malwarebytes Browser Extension (BETA)" that aims to protect your computer while browsing the web. When installed, this extension will block malicious sites, popups, tech support scams, and also acts as an advertising and tracking blocker.

Malwarebytes states that their extension has the following features:

  • Malware protection: Blocks malicious programs or code that can damage your system.
  • Scam protection: Blocks online scams, including technical support scams, browser lockers, and phishing.
  • Advertising/tracker protection: Blocks third-party ads and third-party ad trackers that monitor your online activity. The number of blocked ads/trackers for a website will show beside the Malwarebytes logo in your browser.
  • Clickbait protection: Blocks content and websites that often display behavior of questionable value.
    • DISCLAIMERClickbait filtering is in no way politically motivated, it is purely behaviorally based
  • Potentially unwanted program (PUP) protection: Blocks the downloading of potentially unwanted programs, including toolbars and pop-ups.

Even more interesting, Malwarebytes claims that this is the first extension that heuristically detects and blocks browser tech support scams. This means that it will not only block known tech support scams, but theoretically new ones created in the future.  This is a great feature, as tech support scams can freeze a browser or make it very difficult to close, which leads many inexperienced computer users to have no idea how to close the page.

"Speaking of behavior patterns, our browser extension is the first that heuristically identifies and blocks tech support scams‘ browser-locker pages, which scare users into calling fake tech support scammers," Malwarebytes blog post stated. "So it protects you from unwanted social engineering tactics as well."

While testing this extension, it performed as described. It properly blocked some known URLs that I typically use to harvest malware and adware and it does remove ads and tracking scripts. With that said, I do have some concerns, which are described later in the article.

Using the Malwarebytes Browser Extension (BETA)

To use the Malwarebytes Browser Extension (BETA), simply install it from it's Chrome Web Store or Firefox Extension pages. Once installed, the extension will run in the background and examine the traffic as you browse the web.

While browsing the web, if you go to a site that is known or heuristically detected to be a tech support scam, PUP related, fraud, or other malicious site, the extension will block it and display a message.

PUP Alert
PUP Alert

The extension will also list a count of the number of trackers and advertisement related scripts that were blocked on a page. This count will appear under the Malwarebytes extension icon as shown below.

If the extension is causing problems, it is also possible to disable various features of the extension. For example, if you want the malicious site protection, but the tracker/ad removal is causing a page to not function properly, you can easily disable it. To do this, you would click on the Malwarebytes icon on your browser and a small window will open as shown below.

Malwarebytes Extension
Malwarebytes Extension

From there you can quickly turn off one of the protection methods. If you want a more granular configuration, you can click on the Settings option and configure whether or not specific protection modules would be enabled.

Extension Settings
Extension Settings

If a particular site is having problems because the extension is removing needed scripts or being detected improperly as malicious, you can add it to a white list. To do this click on the Allow List option and add the url to the list of allowed domains as shown below.

Finally, when the Malwarebytes Browser Extension blocks a page, it will send data back to Malwarebytes that contains the blocking category and the URL. To disable this feature, you can go into the About screen and uncheck the "Send anonymous telemetry to Malwarebytes" checkbox.

Telemetry Enabled by Default
Telemetry Enabled by Default

Some concerns regarding the extension

While the Malwarebytes Browser Extension works very well, I do have some concerns.

One item that I found concerning was that when the extension was first released it automatically whitelisted the malwarebytes.com domain. This means that tracking scripts that are blocked on all other sites do not appear to be blocked when visiting the Malwarebytes web site.

"We had Malwarebytes.com whitelisted temporarily to take care of an issue," BleepingComputer was told by the extension's product manager Rakesh Kumar Sejwal. "Site has been removed from the whitelist now."

Another concern is their "Clickbait" protection. As determining whether a site utilizes clickbait is purely subjective, I am not sure how they plan on blocking sites that utilize this. According to a Malwarebytes, the clickbait protection is domain based and content based.

"Our clickbait website data is sourced from a group of academic researchers (sources are kept private due to propriety reasons)" Malwarebytes explained their domain based clickbait protection to Bleeping Computer via their web site.

For their content based clickbait protection, they plan on filtering out "Sponsored content", native advertisements, and "Your might also like" content from providers like Taboola, Outbrain, and Google, which are more like advertisements.

Finally, some people have been reporting that the extension is blocking legitimate scripts that cause pages not to work properly. For example, two reviews on the Chrome Web Store page indicate that the extension is blocking legitimate scripts that cause the pages to not display properly.

Chrome Web Store Reviews
Chrome Web Store Reviews

With this said, Malwarebytes clearly disclosed that this extension is in beta and that false positives will occur. Hopefully these issues will be resolved before it is released as it definitely a useful tool to protect a computer.

Update 8/6/18: Malwarebyets has responded to our queries and we have updated the article above regarding their responses to clickbait and the automatic whitelisting of their domain.

Related Articles:

Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads

TLS 1.0 and TLS 1.1 Being Retired in 2020 by All Major Browsers

Google Adds New Rules To End Malicious Chrome Extensions

Night Eye Extension Adds a Dark Mode to Websites

Windows 10 Test Halts Competing Browser Installs, Suggests Edge Instead