CIS still not able to detect fake antivirus and rogue websites

CIS is still not able to protect against threats before they occur. For example, a malicious website will not be blocked by Comodo the way Avast and AVG are able to. Recently a fake antivirus was able to load on my computer with CIS totally failing to do anything. It does not have the feature known as “webguard” in avira, “linkscanner” in AVG and “online protection” in G-data. Therefore, right now I have downloaded AVG linkscanner along with CIS. AVG linkscanner can work with any antivirus. AVG linkscanner detects malicious website and blocks it from loading. It can even block rogue programs. However, CIS on its own is not able to. I would like CIS to have its own version of linkscanner or webguard. So for now i use AVG linkscanner along with CIS.

Do you mean something like this picture?

http://i33.tinypic.com/2ut6i2v.png

i don’t see any picture below.

Im attaching it now:

[attachment deleted by admin]

yes thats exactly the kind of fake antivirus that CIS isn’t able to block. Also there are some malicious websites too, which CIS isn’t able to block. There is no http scanning done before a website is loaded.

That is not a program install on your computer, its just a webpage. In truth there really isn’t much on that webpage that poses as a threat (Unless you download a file from it, or it has a exploit but D+ would detect the exploit).

Can you PM me the address to the sites your talking about. Thanks.

How do I PM? I’m new to this forum and don’t know all its features.

Hi amitjohar

None of the security (CIS included) will ever be able / capable to block all those and protect you from such things 100%

That will never happen.

You example with Avast or AVG … name any other… it is just coincidentally those may’ve knew already about those particular theart(s) at that particular moment … that’s all
None of the existing methods whether those are community based ratings (less reliable) or real-time pages code scanning (better but always have FPs ) are working so one can guaranty the correct result

Use hosts file management and/or secure DNS as additional layers. That will help
… but still … that’s never 100%

As for sending PM - when you are loggedIn just click on user’s name
The profile will be displayed
Choose “Send this member a personal message.” at the bottom

My regards

A simple thing such as disabling JavaScript will make most (actually close to all) of those Fake AV pages that look like the one in that picture stop working.

They isn’t really accessing your computer, its kinda like a bad movie where they make you think that you are infected… However when the fake scan is finished and they asks you to download somewierdname.exe things becomes more dangerous… If you download the file and let it run despite any D+ alerts, then yes you will get infected…

Comodo detect known and look-likes malware.
But it’s no anti-virus program that known 100% of malware.

I hope some of Internet user won’t download any program on fake site.
And last Don’t be fool to pay for fake AV.

It would be great if comodo gets a webfilter.
Blocking malware loaded websites like rogue before they even can load.
I installed Forti client internet security (only the web shield), and it blocks many malware loaded websites!
So why whouldn’t comodo intergrate this in the AV?
I think Comodo really needs this.

Sorry for my bad English!! :slight_smile:

If CIS able to detect it. (It’s up to database too)
When you download the fake install pack it will detect when you run that file, CIS will detect and it’s unable to run until you answer how to deal with it. If you delete or quarantine that’s safe.
However some installer pack will continue installing and it will fail to install because it can’t find some file.

Ps. I’m just guess, It’ll be like this beacuse CIS designed fo light system usage.

yeah, I don’t know what to think about that. Don’t want to test it ;D I saw a video a few days ago attempting to prove that Avast missed those rogue things too, when Avira caught them. Could be, no idea if it’s even true. One thing I know is you must be someone very easy to fool to fall into such traps as rogue AV…yeah, you must have clicked on an offer in the first place ;D, Remains the involuntarily download of a trojan on a “non security software” related site, don’t know if that’s possible with rogue AV. More and more people seem to get caught and this is a really bad issue, rogueware >>> scareware >>> ransomware etc…
Considering you’re obviously not at risk as long as you stick to known security web sites, first issue that comes to mind as usual is users’ behavior 88)

edit: @ OmeletParty, the example you showed is a rogue that seems to integrate itself in Windows Explorer GUI, these guys have some potential :smiley:

It’s not actually integrated into the Windows Explorer GUI, because if you click any where on the page, it will ask you to download some randomnamed.exe (this being the malware).

oh OK, the screenshot was misleading

It looks most convincing on Windows XP.

Hi pranaygtr,

I’m not sure why playing animated <>.gif looks more convincing on XP than on any other system?

On the contrary, that may look much more realistic on Vista or Win7 where “they” can mimic dimmed / greyed out background… kinda “UAC is involved”

My regards

No, I wasn’t on about the animated gif. :wink:

I meant the page as a whole.

Bet Comodo want let the fake AV open if you click on it and try to download it. At least that been my experience in the pass.

I know,

but in 99.999 % cases that is about fake gif (or other animation) & then yes again:

… and then the user the only one “responsible” … actually quotes are redundant here :wink:

Cheers!