Melih, we need a web filter for malicious scripts

But and the recently atacks in the legitimate hotmail page when the login was captured for cracker in simple execution of malicious java script ?

And Facebook when the profile is stolen in application online ?

These are examples of malicious objects executed.

Do you have links to articles?

in english no

Can you post them? Let’s see if we can read it with an online translator service.

I can’t post them.

I’ll have to search.

I agree with Henrique - rj, currently CIS cannot stop malicious javascripts that steal passwords from websites like facebook, hotmail, etc. That only a Web Filter that scan for javascripts can stop.

hooww thank you

And this is only an example the malicious scripts.

There are many other …

at Henrique - RJ: No problem. It is really a shame that we are forced to use the NoScript extension for Firefox or similar for protection against this kind of malicious javascripts, just because COMODO do not want to add a web filter that scan for javascripts in CIS.

In my opinion, COMODO should integrate their own Web Inspector/Site Inspector engine in the AV component of CIS to act like a webfilter that scan the webpages for malicious javascripts.


at Henrique - RJ: COMODO already has the “true web filter” code developed in the form of Web Inspector service, it is really strong at detecting malicious javascripts and objects in websites from what i tested. And if you report a website that is not detected by Web Inspector, the analysts add the detection very quickly. Imagine if we have this in CIS as a real-time web-filter…

They should just integrate Web Inspector code/engine into CIS Anti-Virus component as a real-time web-filter… For a company like COMODO is a very easy task to do this.

Very good !

Would Melih read this?

And this extends to filter emails (html, php, etc.)

Thanks !

at Henrique- RJ: Maybe someone should create a Wish in the Wishlist boards asking COMODO to integrate the code/engine of Web Inspector in CIS Anti-virus component as a real-time web-filter.

If only COMODO did this, CIS would be a beast at detecting malicious javascripts that steal passwords from website accounts, browser exploits, malicious facebook apps, fake browser extensions/plugins, etc.

Last time I tested web inspector it was quite slow, using it as a real time web filter would slow down loading time of websites from seconds to minutes, no? Or perhaps it’s supposed to scan passively as we’re on the site but what good would that to as the malicious JavaScript would already have been run?

Perhaps I’m misunderstanding the proposed implementation?

Edit: I’m in favor of a sorts of behavior blocker for websites though, just have to be quick.

at Sanya IV Litvyak: In fact, the scanning speed of Web Inspector is slow. Maybe COMODO could optimize the code to make it faster and lighter and then implement it into CIS as a real-time web-filter.

And a behaviour blocker/proactive way of dealing with malicious javascripts, fake browser plugins, malicious facebook apps, etc. would be even better, because currently CIS cannot stop those kind of threats, and those threats are a real problem to the average users that do not know if the browser extension they are going to install is malicious or not, for example.

A lot of people have their facebook profile stolen because they installed malicious facebook apps or have their passwords stolen by javascripts from other websites. There are multiple ways of stealing passwords from website accounts without actually infecting the Operating System of the victim.

indeed you are right, webinspector is a very powerful tool that does all that.
we will integrate WI into our applications (CIS, Browser etc) for better security.

Thank you :-TU

How will the CIS implementation work? Will it be implemented in a way like the web filter or in a way like PrivDog? (I personally prefer the web filter way over the PrivDog way) Also by web filter way I mean actually in the CIS application and by PrivDog way I mean CIS installer just installing a browser add-on/extension.

AVG LinkScanner or Malwarebyte’s Anti-Exploit are examples of web filters.

They verify exploits in Office anda PDF documents, Java and flash apps, malicious scripts ( js, html, php etc ), Firefox and Chrome extensions/plugins, Facebook apps etc

Thank you Melih, this is why i admire you and COMODO, because you always listen to your users. :slight_smile:

This integration will be great! :slight_smile:
thanks Melih :-TU