Comodo Site Inspector Launched for the forums

[Guest]

[3xist]

Hi Guys

Here is a real time tool that checks to see if a site is malicious or not.

http://siteinspector.comodo.com/app/public/inputURL

Please go ahead and try this and post your feedback here. This is launched just for the Comodo Forums... But obviously it's shown to every guest who comes here but you know it's not officially launched, Melih wanted it launched for a Wider Audience for more testing to improve this, It's an online service as you can see... So it won't be put in CIS.

Please Remember... Some sites "attack" user's browsers.. it is those active attacks that Site Inspector checks. This is NOT a AV checking for hosted content. This is an "Attack Detection" tool.

Feedback is appreciated for Comodo.

Cheers,
Josh

[hehomain]

hi,great job,i believe in you people.well, i'm always ready to help comodo when i can.here is one outcome from my use of siteinspector . an issue that should be addressed is that the tool shows websites as "clean" when they are not accessible(offline).for example,i've tested it with the domain " live-antivirus-scan.com " which is attributed to be malicious by a filter subscription of adblock plus in firefox. well, see the screenshots to view the report of comodo siteinspector.

ps: in one genuine case, siteinspector kept looping on the site with many iterations and remained in"work in progress" .hope this helps

[tcarrbrion]

If you type in the wrong url by mistake it comes back "clean". Not very safe.

[tcarrbrion]

I also tried a known bad site (type svcom in google, top answer) and it came back clean. Google warns it is bad.

[3xist]

I also tried a known bad site (type svcom in google, top answer) and it came back clean. Google warns it is bad.

Was it a Attack Site or just a site that hosts malware? Comodo SiteInspector does not check for hosted content, It checks for Active Sites that attack browsers. 

Cheers,
Josh

[Kyle]

Was it a Attack Site or just a site that hosts malware? Comodo SiteInspector does not check for hosted content, It checks for Active Sites that attack browsers. 

Cheers,
Josh

Josh is correct,  For example.. a "Warez site" is a good site, with bad content. a site like this;

Code:

*malicious URL*

is a Harmful site. that usually used exploits to do damage just by visiting the site.

Don't visit that link I provided, use it for testing with Siteinspector only.

[Kyle]

There's a typo there - Virtual Mashines, instead of Virtual Machines.

By the way, will this ever become a tool, as in a software we can install, at the image of LinkScanner Pro and HauteSecure?

I even wish Comodo takes it further. I hope this will come true. It would be a great achievement.

Regards

I don't see a point of making it a software.. it's an "in the cloud service" Maybe comodo would make it something like a proxy sever? who knows.. just a guess.


Josh since it's early days maybe it's good thing to mention that currently it's still in testing..

 BTW, Melih. Defense+ for sure takes care of preventing these sort of attacks, Are the benifits of this new service worth it?

[Melih]

pls give us your feedback about this service!

it detects "active attack" from a site. (pls do not confuse this with other services that scans the site content to see if the site has malware or not). Active attack means this site is actively trying to attack your computer in an attempt to inject malicious files into it.

thanks

Melih

[Melih]

Maybe, I didn't express my self in a proper way. What I meant was, for Comodo to integrate into CIS, and everytime someone accesses a domain, this "tool" will first set a trap to the domain to see if any attack attempt is witnessed, and then allow or block access based on that.

Otherwise, everyone will have to open the Site Inspector site and manually check. If one remembers and if one knows about it's existence, in the first place.

Regards

it could take upto 30 sec or even more to test a site, as they could put a timebomb. Its diffiicult to integrate this online service so very easily into a realtime environment like CIS, but we have some ideas

Melih

[pastport]

it could take upto 30 sec or even more to test a site, as they could put a timebomb. Its diffiicult to integrate this online service so very easily into a realtime environment like CIS, but we have some ideas

Melih

It takes too long if a site contains a lot of urls.
Can it only analyzes the url submited excluding sud urls?
Or we can set the deep of hierarchy.

[3xist]

I don't see a point of making it a software.. it's an "in the cloud service" Maybe comodo would make it something like a proxy sever? who knows.. just a guess.


Josh since it's early days maybe it's good thing to mention that currently it's still in testing..

 BTW, Melih. Defense+ for sure takes care of preventing these sort of attacks, Are the benifits of this new service worth it?

This is just a toy to play with... And you guys are just lucky to actually play with it, and in the future, whether it would be 3 months, 6 months or a year... you guys will be the benefices of this new toy "Site Inspector" As Melih said, It's an online service... It will be difficult to integrate into CIS. However, As Melih said their are ideas floating around.

If we look at a Scenario with CIMA (Comodo Instant Malware Analysis) which is also an online service, Melih said THAT would be hard to integrate into CIS Back in September 2008, Now here we are at the end of January, And we are looking at a CIMA like hurisitics in maybe in March (If Comodo can push it) into CIS. So anything is possbile, nothing is possible... And yes as long as CIS is on a machine your completely protected from Sites that host malware, etc... SiteInspector looks for things that actually are active sites that ATTACK Browsers, There is huge difference between hosted malware on a site, and a site that attacks a users browsers.

Let's look at an example: Site Advisor Scans for Malicious Content on a Site, So Site Advisor saids "Really who cares if the site actually attacks your browser? we can just analyze the KNOWN malicious content and bring up a big fat yellow, red or green sign! (YAY! GREEN MEANS GO...LOL)" So a user enters a green site. Suddenly without your permission a malware injects all kinds of malware into your PC. But Site Advisor didn't detect this. :-(

On the other hand, Site Inspector scans for ACTIVE Sites that actually attack your browser, and attempt to inject malicious files onto your PC. Site Inspector saids "Okay, fine - Malicious files MAY be on a site, But some malicious sites may not be active or the malware may not either actually attack your PC, So we will scan for sites that ATTACK the users browser and PC" Now you are safe! :-) And with CIS installed to you are still safe!

Bottom Line: SiteAdvisor checks for known malicious content on a site. SiteInspector checks for sites that are active and "ATTACK" a users PC and attempt to inject malicious stuff onto it.

So give Comodo your feedback on this. :-)

(Reminds again, Test sites that attack you).

Cheers,
Josh

[3xist]

pls give us your feedback about this service!

it detects "active attack" from a site. (pls do not confuse this with other services that scans the site content to see if the site has malware or not). Active attack means this site is actively trying to attack your computer in an attempt to inject malicious files into it.

thanks

Melih

[LeoniAquila]

Let's not forget the service may also be useful if you're surfing at some machine that doesn't have decent protection.

[pastport]

Let's not forget the service may also be useful if you're surfing at some machine that doesn't have decent protection.

If the scan takes a lot of time,I think people will choose siteAdvisor.

[disinter1]

I hope this will be like siteadvisor though, I like how it sits in the corner of your browser...site inspector BETTER be like this!

[Tags:]