Poor phishing protection vs. Avast online security extension

I saw avast has already implemented phishing protection in recent versions. However, although avast is fully updated, phishing protection database for the main program is still very poor and outdated compared to the browser extension

In my tests, using various live, confirmed phishing links in phishtank.com

  • avast blocked only 1-2 links (default settings and update was performed before the test)
  • avast online security extension blocked almost all of them, missed a few

this is my observation. Tell me your thoughts
thanks

Yes, I can confirm it.

Confirm what ??? Which part isn’t working well ???

Confirm what ??? Which part isn't working well ???
Read the first post properly

Maybe you need to re-read my question. Which part is not working properly ???

Agree, all info found in first post :wink:

Which part of Avast is not working properly ???

phishing protection in Web Shield. Its database is so outdated compared to Avast Online security extension

Thanks for the reply. Reported to Avast on the developers channel.

Hm… this is a fairly complicated issue.
It is somewhat true that (some of!) the antiphishing databases AOS uses use newer data. This is mostly due to 2 main reasons:

  1. We tend to include only “used” phishing in our VPS. That means that if a phishing page was not visited within our userbase, we do not add it to VPS. Doing otherwise would cause our program to take up more space (both on drive and in memory) as well as take up more bandwidth (bigger streaming updates).
  2. We tend to include only “verified” phishing in our VPS. We do not fear including potentially false positive URL in AOS (our browser plugin), because there are less things to break in case of a false positive (keeping in mind that the browser plugin can only interfere with browsing), but analysis takes time and until we are sure that it will not break anything when it will be scanned for in all your hard drive, memory and network, we do not want to add it to VPS.
    If the phishing URL satisfies both points, there is a very stong likelyhood that it will be added to VPS (and, therefore, webshield).

Of course we are constantly making sure that there is as little delay as possible :)!