Melih, we need a web filter for malicious scripts

Henrique_RJ · May 10, 2014, 7:20pm

Melih post:19:

Unfortunately the way the legacy AV products worked required them to have checks for every layer. We are NOT a traditional AV product. The legacy AV is dead in a sense that it can’t do the job anymore Antivirus pioneer Symantec declares AV “dead” and “doomed to failure” | Ars Technica .

So you have a lot of people who are “educated” to “expect and demand” a web filter, without understanding how things work or how Comodo works. First of all, we can’t blame them for not knowing technical details. We should patiently explain to them, they will see the logic and understand that things like email/web filter to catch “malicious” files is simply unnecessary with Comodo. Once they understand, they will be grateful for us educating them and providing them this superior protection for free.

But and the recently atacks in the legitimate hotmail page when the login was captured for cracker in simple execution of malicious java script ?

And Facebook when the profile is stolen in application online ?

These are examples of malicious objects executed.

Citizen_K · May 10, 2014, 9:57pm

Do you have links to articles?

Henrique_RJ · May 10, 2014, 10:39pm

in english no

Citizen_K · May 10, 2014, 11:19pm

Can you post them? Let’s see if we can read it with an online translator service.

Henrique_RJ · May 10, 2014, 11:33pm

I can’t post them.

I’ll have to search.

devilbat66 · May 19, 2014, 8:00pm

I agree with Henrique - rj, currently CIS cannot stop malicious javascripts that steal passwords from websites like facebook, hotmail, etc. That only a Web Filter that scan for javascripts can stop.

Henrique_RJ · May 19, 2014, 8:12pm

hooww thank you

And this is only an example the malicious scripts.

There are many other …

devilbat66 · May 19, 2014, 8:40pm

at Henrique - RJ: No problem. It is really a shame that we are forced to use the NoScript extension for Firefox or similar for protection against this kind of malicious javascripts, just because COMODO do not want to add a web filter that scan for javascripts in CIS.

In my opinion, COMODO should integrate their own Web Inspector/Site Inspector engine in the AV component of CIS to act like a webfilter that scan the webpages for malicious javascripts.

Henrique_RJ · May 19, 2014, 8:48pm

perfect

devilbat66 · May 19, 2014, 9:38pm

at Henrique - RJ: COMODO already has the “true web filter” code developed in the form of Web Inspector service, it is really strong at detecting malicious javascripts and objects in websites from what i tested. And if you report a website that is not detected by Web Inspector, the analysts add the detection very quickly. Imagine if we have this in CIS as a real-time web-filter…

They should just integrate Web Inspector code/engine into CIS Anti-Virus component as a real-time web-filter… For a company like COMODO is a very easy task to do this.

Henrique_RJ · May 19, 2014, 9:51pm

Very good !

Would Melih read this?

And this extends to filter emails (html, php, etc.)

Thanks !

devilbat66 · May 19, 2014, 10:14pm

at Henrique- RJ: Maybe someone should create a Wish in the Wishlist boards asking COMODO to integrate the code/engine of Web Inspector in CIS Anti-virus component as a real-time web-filter.

If only COMODO did this, CIS would be a beast at detecting malicious javascripts that steal passwords from website accounts, browser exploits, malicious facebook apps, fake browser extensions/plugins, etc.

SanyaIV · May 20, 2014, 6:33am

Last time I tested web inspector it was quite slow, using it as a real time web filter would slow down loading time of websites from seconds to minutes, no? Or perhaps it’s supposed to scan passively as we’re on the site but what good would that to as the malicious JavaScript would already have been run?

Perhaps I’m misunderstanding the proposed implementation?

Edit: I’m in favor of a sorts of behavior blocker for websites though, just have to be quick.

devilbat66 · May 20, 2014, 7:53am

at Sanya IV Litvyak: In fact, the scanning speed of Web Inspector is slow. Maybe COMODO could optimize the code to make it faster and lighter and then implement it into CIS as a real-time web-filter.

And a behaviour blocker/proactive way of dealing with malicious javascripts, fake browser plugins, malicious facebook apps, etc. would be even better, because currently CIS cannot stop those kind of threats, and those threats are a real problem to the average users that do not know if the browser extension they are going to install is malicious or not, for example.

A lot of people have their facebook profile stolen because they installed malicious facebook apps or have their passwords stolen by javascripts from other websites. There are multiple ways of stealing passwords from website accounts without actually infecting the Operating System of the victim.

Melih · May 20, 2014, 1:49pm

indeed you are right, webinspector is a very powerful tool that does all that.
we will integrate WI into our applications (CIS, Browser etc) for better security.

thug4real · May 20, 2014, 6:57pm

Thank you :-TU

SanyaIV · May 20, 2014, 7:05pm

How will the CIS implementation work? Will it be implemented in a way like the web filter or in a way like PrivDog? (I personally prefer the web filter way over the PrivDog way) Also by web filter way I mean actually in the CIS application and by PrivDog way I mean CIS installer just installing a browser add-on/extension.

Henrique_RJ · May 20, 2014, 9:14pm

AVG LinkScanner or Malwarebyte’s Anti-Exploit are examples of web filters.

They verify exploits in Office anda PDF documents, Java and flash apps, malicious scripts ( js, html, php etc ), Firefox and Chrome extensions/plugins, Facebook apps etc

devilbat66 · May 20, 2014, 9:17pm

Thank you Melih, this is why i admire you and COMODO, because you always listen to your users.

jhkmaster_b · May 20, 2014, 10:52pm

This integration will be great!
thanks Melih :-TU