Author Topic: Are link scanners to-day's malware's Snake Oil?  (Read 4143 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Are link scanners to-day's malware's Snake Oil?
« on: February 08, 2009, 06:24:45 PM »
Hi malware fighters,

At a certain moment polonus thought that in-browser-link-scanning would enhance the user's security online. Some forms of link scanning can be, but others are just adding to a false sense of security.
One should discriminate between the real time link scanning, the almost real-time link scanning, and the so-called reputation scanners (just for a general orientation, not protecting much).
We see a lot of websites reported where avast does not want to go, because there is malicious content found, obfuscated java-script, Iframe hacks, etc. and then when you check up for instance with DrWeb's av-link-checker it gives an all green, because the re-directs have not been taken into consideration.

WOT scanner has results that could be half an hour old, and in half an hour a lot of respectable sites can be hacked, so not completely reliable there, finjan is real-life, but also not full-proof as none of these link scanners is, the Singapore built Online Link Scan does not find all, Exploit Prevention Lab's LinkScanner is better, and Norton Safe Web Online Scanner has a lot of omissions in their database. Netcraft anti-phishing toolbar is also a reputation tool with a poor interface, but gives you full information on the host and you can compare the actual url you are at (Local IP add-on).
More security, translate full security,  you get when you block the possibility of the code the malicious site has, by using the NoScript extension or not going to allow request of sub-domains or other domains your browser is visiting (RequestPolicy).
Really folks, the WWW has been turned into a dangerous place. We have to wait for solutions that really help to cut off the possibilities of the malcreants, so a dedicated server that  knows what a browser expects of it, and a dedicated browsers signalling what it suspects the server to allow (CSP implementation), but there we have to wait until those that run the servers (third party dependent), and those that run the browsers are both security aware, and that may still be a long time off. Do we still have time?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89259
  • No support PMs thanks
Re: Are link scanners to-day's malware's Snake Oil?
« Reply #1 on: February 08, 2009, 06:48:20 PM »
I wouldn't go as far as saying they are snake oil, they simply aren't a) keeping pace with changes in malware behaviour, b) they aren't dedicated AVs, c) they don't really have a finance base to support the free services.

WOT is a different beast entirely, it isn't a link scanner but relies on its community to report sites that they visit, which they feel are bad in varying degrees. These come from say their own AVs, google searches (ironic) on said site and these are anecdotal not real link scanning but comparison against its database of domain names.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48620
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Are link scanners to-day's malware's Snake Oil?
« Reply #2 on: February 08, 2009, 07:05:14 PM »
Quote
Finjan is real-life, but also not full-proof as none of these link scanners is,
No scanner will ever be foolproof. There will always be a lag between the time a site is infected and the time a scanner is able to
warn you about it.

That fact unfortunately holds true for any security software.  :'(
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Are link scanners to-day's malware's Snake Oil?
« Reply #3 on: February 08, 2009, 07:09:59 PM »
Hi DavidR,

I am not saying that they are Snake Oil, I am just asking myself mesmerizing if they could or would  become so. What is so dangerous about all this, is that browser users can be lulled into a false sense of security, and click, click, click, malware infected.
Where can I find a decent online scanner that alerts me to hidden Iframes, etc. I reported one recently here
and it seems to have gone already: http://jutaky.no-ip.org/index.php?
Why I have to search for these good scanners as for a needle in a haystack, and can find malware online tools for obfuscating, encrypting JS almost everywhere?
The WOT initiative is good, but what good does that do when the malware redirects from inside a respectable site just for a day or so, and then moves over to somewhere else. 1.6 million user affected in one sweep, you cannot sweep those numbers easily under the carpet? Are we on the verge of loosing this battle, my friend?
And why are so many users still out there with full admin rights, if normal user rights is bringing down malware impact onto an OS with 92% of infections, yes you read that right: 92%: http://www.beyondtrust.com/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

CharleyO

  • Guest
Re: Are link scanners to-day's malware's Snake Oil?
« Reply #4 on: February 08, 2009, 08:57:09 PM »
***

IMHO, any link scanner that relies on community input is bound to fail to give accurate results as it is possible for even the malware writers & malware users to give input. So, how can you trust such a program?


***

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Are link scanners to-day's malware's Snake Oil?
« Reply #5 on: February 10, 2009, 12:58:03 AM »
Hi CharleyO,

And there is another side to real time link-scanning, a privacy related:
http://blog.rootshell.be/2008/11/22/back-on-finjan/
I would not worry much, because they are not in tracking for the tracking, but for protecting against malicious sites, but .....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!