split Re: Which Product to develop next?

[Guest]

[Melih]

I'd like to see something similar to peerguardian built into CFP to block known malware/dodgy content sites, this would fit in neatly with your "prevention is better than cure" idealogy.

you see... i have a problem in the way these kind of products being sold....

Question 1) How do these companies know there is a malware in a specific website?
Answer   1) By checking the files on that site using an AV (most likely to be their own AV product)

Question 2) If I use their AV anyway, and go to one of these sites then won't it catch the malware on that site    anyway?
Answer  2) Of course it will.

Question 3) So all I am paying for/getting when I get this search overlay function telling me that site has malware or not is merely what my AV would have told me anyway, cos my AV would have picked it up, right?
Answer 3) yes.

Question 4) So what additional security does it bring?

Melih

PS: Maybe we should split this topic and start a new thread about pros/cons of this technology.

[andyman35]

I take your point but what I'm advocating is a blocklist of known bad sites,for example  IPs relating to coolwebsearch or zango etc.Personally I run MVPs hosts file which automatically blocks a lot of the worst offenders.There are already perfectly good,free utils by McAfee and Finjan that integrate into Google search results to 'grade' sites for malicious content and I'm not suggesting that Comodo develop a new product ,it just seemed to me that an automated blocklist might be of some use within CFP.

If you don't feel that maintaining such a list is the best use of Comodo resources perhaps enabling importing of a 3rd party blocklist into CFP might be a possibility? After all there's already the facility there to block individual addresses manually.

Of course if the forthcoming Comodo Sandbox lives up to expectations then it won't be necessary.

[Melih]

I take your point but what I'm advocating is a blocklist of known bad sites,for example  IPs relating to coolwebsearch or zango etc.Personally I run MVPs hosts file which automatically blocks a lot of the worst offenders.There are already perfectly good,free utils by McAfee and Finjan that integrate into Google search results to 'grade' sites for malicious content and I'm not suggesting that Comodo develop a new product ,it just seemed to me that an automated blocklist might be of some use within CFP.

If you don't feel that maintaining such a list is the best use of Comodo resources perhaps enabling importing of a 3rd party blocklist into CFP might be a possibility? After all there's already the facility there to block individual addresses manually.

Of course if the forthcoming Comodo Sandbox lives up to expectations then it won't be necessary.

i think its a worthwhile exercise.. my point was other companies charging for it was like double charging for their AV, which is not fair.. thats all..

we have some cool ideas as to how we can have the most comprehensive version...


watch this space
Melih

[Luketan]

you see... i have a problem in the way these kind of products being sold....

Question 1) How do these companies know there is a malware in a specific website?
Answer   1) By checking the files on that site using an AV (most likely to be their own AV product)

That's not the only way.  Generally mvps and similar lists are maintained by a community effort, where analysts helping users clean machines, analyse the malware they find, extract the urls etc. They don't always use AVs to determine if a site is dangerous, they use their own analytical tools, semi-automated methods like threat-expert etc to analyst the malware etc...

[Tags:]