Maybe OT, what other security apps do I need?

Finjan’s primary strength is ‘real-time’ scanning of urls the search results can be somewhat misleading.Unless the site hosts drive-by malware or is in any way actively malicious it’ll show up as green even if it contains malicious downloads.

The others you mentioned ( I don’t know about Linkscanner) more accurately warn the user away from googled bad sites,since they judge on reputation/feedback and regular checks.However if for example a site was hijacked by malware or,as in the case of facebook malware content was uploaded,the likes of Siteadvisor would still show up green,whereas Finjan would check on the fly.It works more on the lines of the webscanners included in some AVs such as Avira,which if you’re using you’d not need Finjan unless you’re very paranoid.

LinkScanner provides web site real time scanning. I didn’t know Finjan was like LinkScanner. I thought it was like SiteAdvisor, etc. Never realized it provied the same feature as linkscanner, must have been blind. But you’re totally right. I just went to their web site and “Scans the current form of a page as it available on the Web now, in real-time.”

I guess I just read the features too superficially before… :wink:

I’ll give it a new test and see if I like it… thanks.

I think CMF is an important component too.

I read your other post where you had an infection (I am assuming that was a drive by download?) and its important to cover the bases with a Drive-by-download protection like CMF.

Melih

Now, lets talk!!

Web scanning…hmm… what is it? What do these people do when they say realtime scanning? Do they check if the site will do a XSS attack, or drive by download using an exploit or have some malware on their site?

maybe we should create a new thread (any volunteers??) and discuss this further!! Cos I have some ideas and we are investing heavily into a new infrastructure to help identify malicious websites and would like to discuss it further.

Melih

Done.

Hi Melih.

First of all, I know that a new thread about malicious sites had been created, but since your post is here, I find it more appropriate to answer here.

Yes, CMF is an important component too. :wink: But as it happens with all security tools or any other tool, it is not 100% effective, and my guess is that it will never be. But I also believe that it sure can achieve a better level and offer a better level of protection. :wink:

Fortunately, my system did not get infect! :slight_smile: I got “scared” though, because when I got redirected to the malware site and closed my browser, I performed some scanning with Eset NOD32 and it found nothing, but SUPERAntiSpyware found, first, 13 malware entries and then 15 malware entries. No matter how maty times I would run SAS and how would do it, the infections would still come back.

After a few days of “madness” I found out that SAS was detected its own malware samples as malware! (I ran SAS on a PE system and found the same malware. That just could not be it!)
I must say that it was a relieve knowing my system wasn’t infected, but I sure freaked out!

The reason why my system did not get infected was because I use LinkScanner Pro and it blocked the drive-by download (in this case). I just didn’t know it stopped this attack 'cos I had it set to quiet mode. But now, I have it set to alert me whenever it blocks an exploit/drive-by download/malware attemptives in sites.

Unfortunately, as you may see, CMF didn’t intercept this attemptive. Also, as I mentioned before, nothing is 100% effective, but we all sure can help it be a better tool. :slight_smile:

Melih, I’m not sure if you guys at Comodo would be interested, but I could give you the links. At the moment, they are 3.

Best regards

I am not sure about what is a Drive-by-download, but my 2 last infection where:

1.- By opening a website. It injected a VBS virus, despite of the fact I was using Firefox (1,5 at that time, I think), with Norton AV and Norton Personal Firewall. That day, after having to reinstall windows, I moved from Norton AV to Avast! Free (and kept the firewall), and returned to the site. The script was successfully blocked.

2.- By foolishly clicking in “a funny flash animation” link I received from a msn contact. However, something prevented the worm from spreading, and when I restarted at safe mode, to attempt to remove it, is had already been removed… I never knew what did the trick, and anyway I used system restore to be sure there was not anything in my registry. At that time I was not aware about CFP…

So I have never had to “test” if CFP enhanced my protection, but I bet it did.

pls pm the links.
thanks
Melih