Is it possible for a community-based protection be poisoned?

Hey all,

Hope you're having a great day so far.

Is it possible for a community-based protection be poisoned?

Like WOT, ClearCloud DNS, Mamutu and etc.?

 

WOT yes. Anyone can rate a site however they want regardless of if its a legit concern or not.

ClearCloud could but it would be a whole different type of poison.

Mamutu Im not familiar with, but Im fairly certain its a behavior blocker or HIPS. As far as I know its on the end user with that one.

 

I don't believe ClearCloud or Mamutu are community-based, but are controlled by their respective companies (Sunbelt and Emsisoft)

 

+1
I don't think Mamutu can be affected bye the users, Emsisoft controls it and the final the decision is from the user itself, though if you enable the "Auto decide" feature it could be, but it only allows if a program have been allowed by more than 90% which i have rarely seen.

 

We've seen this being discussed before on other threads. And you were mostly involved in those as seen here and here for example.

I can't help but to disagree. I wouldn't bother stating my arguments here as no amount can convince you otherwise if one is already deep-rooted in seeing WOT as such. No offense intended.

To the OP, please see this:
How WOT ratings work

Please take note that WOT isn't focused only on malware...there are other categories that it takes into account too. (self-reading helps) If one takes upon WOT as solely an anti-malware 'tool' of sort without understanding the purpose it was created for, and then making comparisons to other 'tools' that are more focused upon malware such as DNS services or SiteAdvisor, one is only merely seeing the glass as half-empty than acknowledging it as half-full.

 

Thanks for the info, safeguy!

 

I agree. And, this from someone who dislikes database tools.

I've monitoring WOT very closely, and I must say that its ratings are decent.

People should not forget that WOT also gets blacklists from respectable sources, like -malwaredomains.com (which in turn gets such domains from other respectable sources).

It would be nice for WOT to evolve a little, though. I mean, instead of just a simple add-on, to function as an application, like an url scanner, for example AVG LinkScanner, which protects regardless of the browser. Of course, different protection scopes... but, I guess you get the point... I hope...

 

IF, and thats a big IF, some new malware really try to bypass Emsisoft Mamutu wouldn't be impossible:
1 - make sure the malware is not being detected by Emsisoft
2 - with several compromised machines make the malware be allowed (assuring the 90% margin)
from that you lose.

 

The chance is quite low that a malware can effectively bypass Mamutu over long time. Technically it's of course possible, but real world scenarios are different.

You need to prepare a really big set of machines that submit wrong allow decision rules until a rule is suggested as auto-confirm for other users. But if the malware is really spread all over the world, you usually can't compete with the mass of real users submitting correct block rules.

 

I cant answer for Mamutu but like Christian told then it would be possible in a locked environment but the real world is and always will be different.
The only way it could spread through Immunet was if the malware infected the server who contains the update (cant see how?). If this actually did happened then normally old fashion AV could be infected too and their update would be just as harmful as the cloud.