Is it possible for a community-based protection be poisoned?

Discussion in 'other anti-malware software' started by kerykeion, Dec 23, 2010.

Thread Status:
Not open for further replies.
  1. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Hey all,

    Hope you're having a great day so far.

    Is it possible for a community-based protection be poisoned?

    Like WOT, ClearCloud DNS, Mamutu and etc.?
     
  2. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    WOT yes. Anyone can rate a site however they want regardless of if its a legit concern or not.

    ClearCloud could but it would be a whole different type of poison.

    Mamutu Im not familiar with, but Im fairly certain its a behavior blocker or HIPS. As far as I know its on the end user with that one.
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    I don't believe ClearCloud or Mamutu are community-based, but are controlled by their respective companies (Sunbelt and Emsisoft)
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    +1
    I don't think Mamutu can be affected bye the users, Emsisoft controls it and the final the decision is from the user itself, though if you enable the "Auto decide" feature it could be, but it only allows if a program have been allowed by more than 90% which i have rarely seen. :D
     
  5. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    We've seen this being discussed before on other threads. And you were mostly involved in those as seen here and here for example.

    I can't help but to disagree. I wouldn't bother stating my arguments here as no amount can convince you otherwise if one is already deep-rooted in seeing WOT as such. No offense intended.

    To the OP, please see this:
    How WOT ratings work

    Please take note that WOT isn't focused only on malware...there are other categories that it takes into account too. (self-reading helps) If one takes upon WOT as solely an anti-malware 'tool' of sort without understanding the purpose it was created for, and then making comparisons to other 'tools' that are more focused upon malware such as DNS services or SiteAdvisor, one is only merely seeing the glass as half-empty than acknowledging it as half-full.
     
  6. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Thanks for the info, safeguy!
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I agree. And, this from someone who dislikes database tools. :D

    I've monitoring WOT very closely, and I must say that its ratings are decent.

    People should not forget that WOT also gets blacklists from respectable sources, like -malwaredomains.com (which in turn gets such domains from other respectable sources).

    It would be nice for WOT to evolve a little, though. I mean, instead of just a simple add-on, to function as an application, like an url scanner, for example AVG LinkScanner, which protects regardless of the browser. Of course, different protection scopes... but, I guess you get the point... I hope... :D
     
  8. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    IF, and thats a big IF, some new malware really try to bypass Emsisoft Mamutu wouldn't be impossible:
    1 - make sure the malware is not being detected by Emsisoft
    2 - with several compromised machines make the malware be allowed (assuring the 90% margin)
    from that you lose.
     
  9. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    The chance is quite low that a malware can effectively bypass Mamutu over long time. Technically it's of course possible, but real world scenarios are different.

    You need to prepare a really big set of machines that submit wrong allow decision rules until a rule is suggested as auto-confirm for other users. But if the malware is really spread all over the world, you usually can't compete with the mass of real users submitting correct block rules.
     
  10. Pedersen

    Pedersen Registered Member

    Joined:
    May 4, 2010
    Posts:
    234
    I cant answer for Mamutu but like Christian told then it would be possible in a locked environment but the real world is and always will be different.
    The only way it could spread through Immunet was if the malware infected the server who contains the update (cant see how?). If this actually did happened then normally old fashion AV could be infected too and their update would be just as harmful as the cloud.
     
Loading...
Thread Status:
Not open for further replies.