On the other hand, targeted attackers going after high value targets (such as businesses, websites/servers, government and infrastructural targets etc.) would not target such a plugin/extension because such extensions are not often used in such environments and there are much easier ways into a system (remember, those extensions are sandboxed and the browser runs in a limited user mode with no admin privileges by default) to achieve full access/control over it. ransomware, tech support scams etc.) or scamming money (phishing scams, bogus products etc.) in order to gain the most profits. The bad guys typically target the largest groups/most commonly used applications so that they can infect as many as possible when the objective is extortion (i.e. Is it possible? Certainly, but not very likely. That would be like the bad guys trying to use your AV to infect you.
I do not see any issues or performance impact using these together, all fully enabled.Īs for attack surface, I'm not too worried about a blocking browser extension being leveraged in an attack, both because extensions are sandboxed within the browser (a security measure implemented in modern browsers), and because it wouldn't make much sense for attackers to target the kinds of extensions used by those who actually know the risks of online threats and ads and use such tools to enhance their safety/browsing. I'm currently using Malwarebytes Browser Guard, uBlock Origin, Ghostery, Disconnect, DuckDuckGo Privacy Essentials, HTTPS Everywhere, Nano Defender and uBlock Origin Extra in addition to Web Protection in Malwarebytes Premium and a massive HOSTS file currently containing almost 1 million entries and counting.