you see… i have a problem in the way these kind of products being sold…
Question 1) How do these companies know there is a malware in a specific website?
Answer 1) By checking the files on that site using an AV (most likely to be their own AV product)
Question 2) If I use their AV anyway, and go to one of these sites then won’t it catch the malware on that site anyway?
Answer 2) Of course it will.
Question 3) So all I am paying for/getting when I get this search overlay function telling me that site has malware or not is merely what my AV would have told me anyway, cos my AV would have picked it up, right?
Answer 3) yes.
Question 4) So what additional security does it bring?
Melih
PS: Maybe we should split this topic and start a new thread about pros/cons of this technology.
I take your point but what I’m advocating is a blocklist of known bad sites,for example IPs relating to coolwebsearch or zango etc.Personally I run MVPs hosts file which automatically blocks a lot of the worst offenders.There are already perfectly good,free utils by McAfee and Finjan that integrate into Google search results to ‘grade’ sites for malicious content and I’m not suggesting that Comodo develop a new product ,it just seemed to me that an automated blocklist might be of some use within CFP.
If you don’t feel that maintaining such a list is the best use of Comodo resources perhaps enabling importing of a 3rd party blocklist into CFP might be a possibility? After all there’s already the facility there to block individual addresses manually.
Of course if the forthcoming Comodo Sandbox lives up to expectations then it won’t be necessary. :■■■■
That’s not the only way. Generally mvps and similar lists are maintained by a community effort, where analysts helping users clean machines, analyse the malware they find, extract the urls etc. They don’t always use AVs to determine if a site is dangerous, they use their own analytical tools, semi-automated methods like threat-expert etc to analyst the malware etc…
