Comodo needs a better policy against PUPs

Today a large amount of people are making money from PUPs that are not only Adwares, but Spywares that steal sensitive information from the users, and sometimes even behaving like Trojan Downloaders, downloading nasty things to one’s computer. The bad people are realizing that the AV Companys have a VERY POOR policy against PUPs and are migrating to this method of attack. :-TD

There is a example of a known PUP distributor that is sending their guys in some AV Company forums to report the detection of their program as a FP and also submit it for whitelisting. This PUP was even in Comodo Trusted Vendors List in the past. :o

Most of the times, these PUPs are not blacklisted, they are whitelisted instead. IF they are blacklisted, some people submit them as FP and detection is removed. Comodo needs to do something against these PUPs.

agree, although pups most of the time sandboxes and gone when restart, but I don’t enable sandbox

PUPs most of the times are sandboxed as well as the other types of threats.
The PUPs, PUAs, adwares diffusion is increasing in a dramatic way, so it’s pointless to try to detect them all.

By “a better policy” I am not talking about just detection, but in the whitelisting process also. A known PUP has been recently proven to steal the database and engine of Malwarebytes Anti-malware and guess what? That PUP was in Comodo’s whitelist. The company that made this PUP is sending their henchmen here in Comodo Forums to report the detection of their PUP as False Positive and also submit it for whitelisting.

A lot of times, PUPs are whitelisted before they are proven to be dangerous or scams. And this is happening not just with Comodo, but with most AV Companys.

YAC WAS in Comodo trusted list. How could Comodo know that this software was stealing the db from MBAM?
Btw YAC is a particular case, Comodo can handle with the autosandbox the majority of “normal” PUPs that cames bundled with other softwares.

That’s true, the whitelisting can be a vulnerability.
But in the case of YAC, the software was not a malicious one. I mean, this whitelist-fail doesnt lead to a real danger for user pcs.

Hey Guys,

Could you please make an entry on the wishlist about this ? So that we can get it on our roadmap and study on it.

YAC has been proven to DESTROY operating systems when installed. Some people also reported receiving random phone calls with a spanish voice after installing YAC. That probably means that their software steal sensitive data (i.e phone numbers, credit card information). YAC behaves like a Fake AV with some traits of Spyware.

You cannot trust a product that have the SAME INTERFACE as Qihoo360 (i.e they steal the interface of Qihoo) + Steal MBAM Database + They claim to be a Brazilian company but their domain have .mx on it while being hosted in United States. Something smells fishy in this. What the way they do business, it’s already proven that they are bad intentioned.

Also, what we have here, is a case of SOCIAL ENGINERING from the vendors of this PUP, because they keep sending their people to AV Company Forums to report False Positive detection of their program. This can be dangerous. Imagine if all malware/PUP creators did this. This WASTE the time of the Analysts because they have to analyse unnecessary submissions.

I will try to do it later. One very good thing that Comodo already did is this list - Good job :-TU

You are right. Now Adguard Adblocker also blocks their site due to phishing.