How can I find more information about reported as a harmful website?

WizU
WizU Posts: 5 New Member

Hi All,

 

I got this message when I try to access the site ottoscharmer.com. If there is no details/reason mentioned like in the message. It's not so useful for me to use the feature. And, Their thinking and activities are sophisticated but why it's reported like this way is what I want to know.

 

So, Please kindly advice me.

 

Harmful web site blocked

ottoscharmer.com/

This web site has been reported as harmful. 
We recommend that you do not visit this web site.

 

EDIT: Removed Hyperlink

Comments

  • Ukko
    Ukko Posts: 3,770 Superuser
    Spoiler

    Hello,

     

    Sorry for my reply. I'm also only F-Secure user (their home solutions).

     

    Just as general words  (addition to reply about F-Secure SAS suggestion):

    If there is no details/reason mentioned like in the message. It's not so useful for me to use the feature.

    I think that main design of feature is 'prevent access to known malicious/harmful-rated website or webpage'.

     

    When there is no visible full description about reasons for rating - it is maybe indeed not so useful to use, but still so helpful to use (system is protected before potential 'threat meeting').

    but why it's reported like this way is what I want to know.

    So, their blockpage with general words like "this website has been reported as harmful".

     

    I think that it is can be 'own F-Secure research", "user's transfer to F-Secure Labs and further confirmation about harmful-state", "information from common and popular third-party databases", "own F-Secure technologies based on certain triggers, rules or so". As result can be false positive based on autodecision (or 'outdated' state - if malicious or dangerous content is removed already).

     

    Also, can be multiple reasons of rating (many triggers or impact of something). And they do only advice "we recommend that you do not visit this web site." -> while user still do able to allow webpage and visit it (If he is sure that website is clean; but if he is not sure.. they do recommend do not visit this web site).

     

    I would like to read 'reasons' for harmful-rating too. It is interesting and useful - but I think that if they will provide such information -> malicious websites will be with much good design of 'stealthy' (if they will be sure why website is rated as harmful).

    With your noted example -> I think that website (or certain webpage) can be hacked or something like this. For example, outdated CMS or anything else with known vulnerabilities and exploits against (and further impact); OR potential hacked third-party advertisements networks (which used on website - if used); OR random false positive based on 'suspicious' pattern (or multiple patterns).

     

    Just interesting:

    What kind of information may be useful with such situation? Website is blocked as harmful-rated website; So, what is needed information there? If reason is 'malicious content' -> does it should be listed information about content (examples or entire malicious payload) or just general words that 'malicious content on website and where'?

     

    Thanks!

  • WizU
    WizU Posts: 5 New Member

    Thank you for the information.

     

    I submitted the link just before. 

     

    By the way, The site It's very famous MIT professor's website in the world. And that It's movement around the world since 2006. You might be having heard "Theory U" or "Emerging from the future". But, I know it does not matter whether he is famous if there is an issue on the web. 

     

    Sincerely,

  • WizU
    WizU Posts: 5 New Member

    Hi,

     

    "This website has been reported as harmful" is that It's too broadening for me to understand from a risk control viewpoint even it's at home. Actually, I'm related to IT security division and more. It's a common approach in IT to clarify the issue to avoid any confusions and that will bring efficiency in our any scenes and scenarios.

     

    The meaning of as Harmful is that there will be a risk and that It will affect (delete, steal, infect, inaccessible and more) our information management(credit cards, passwords, files and more) and resources(PC, OS, browser, router and more) by accessing a target and that It depends on the condition of the resource and the usages.

     

    And that means It's possible to clarify our IMPACT based on the resources and usages without talking about the vulnerability in the site. Even if there are vulnerabilities exists on the site and that is not our problem to face.

     

    Also, I'm expecting F-secure to notify web admin of the site If they surely recognized that the site is harmful by deeper analysis and the verification.

     

    This is Think Simple and will bring happiness, efficiency, success and more to all us.

     

    Sincerely,

  • Ukko
    Ukko Posts: 3,770 Superuser
    Spoiler

    Hello,

     

    "This website has been reported as harmful" is that It's too broadening for me to understand from a risk control viewpoint even it's at home. Actually, I'm related to IT security division and more. It's a common approach in IT to clarify the issue to avoid any confusions and that will bring efficiency in our any scenes and scenarios.

    Yes, but when we talk about indeed harmful or malicious websites (and home use or just common meanings) -> it does not matter (in fact). Because more good to prevent/block access to known (real) malicious/harmful webpage.

     

    But if such page is already visited -> indeed good to know more information (how much level of risk there).

    If we do suspect false positive (but, basically, security companies should to reduce random false positives) -> F-Secure SAS is perfect ability to inform F-Secure Labs and receive response (but with time delay). And with certain situation (if webpage is clearly clean) -> user do able to allow page at any time (if he is administrator of system).

    And that means It's possible to clarify our IMPACT based on the resources and usages without talking about the vulnerability in the site. Even if there are vulnerabilities exists on the site and that is not our problem to face.

    I talking about the vulnerability (or multiple) in the website with meanings like: when  website is already hacked by such vector. And result of such 'breach' -> anything: hosted malware; phishing landing pages; fake content/scam/rogue activities and so on; Those, page can be rated as harmful or malicious (for example, automatically). It may be own F-Secure Technologies or common known third-party databases (re-used by F-Secure); or even manual research.

     

    And, for example, harmful rating can be with scores like (from 80 to 100 points). But does it important for user if there is 88 points of 'malicious-level', or 92 points, or 81 points, or 99 points? If it is harmful (indeed) webpage -> good to not visit it. So, F-Secure blockpage with information that page is 'known' (by some channels) as harmful; and they do not recommend to visit it.

     

    I also do able to think that more information is useful and helpful. But with false-positives only. With real malicious websites or webpages (only if you do want to learn something).

    But it is unclear how many things should be listed? For example, website is rated as harmful: because _this_webpage_ of website with _such_kind_of_known_and_marked_as_malicious_javascript_file;

    Does it enough? I think that no. And what if it was not only one reason for harmful rating.

     

    Also, I'm expecting F-secure to notify web admin of the site If they surely recognized that the site is harmful by deeper analysis and the verification.

    Not sure if F-Secure Labs do that. But it is something as good design when we talk about safe pages which start be rated as harmful (after a breach or something like that). But it is also unclear how they do that (contacts from website? their hosting provider? what if web admin will ignore it anyway?).

     

    I think that it is pretty strange design if totally random false positives appeared. More likely if there was reasons for such rating (and maybe F-Secure rating is not their own 'rating' - but re-used by global common trusted databases) - but website is clear already (fixed by owners).

     

    Thanks!

    // just explanation of spoiler:  I only think that there large difference (or importance) between when we talk about indeed (real) malicious and harmful websites AND examples of such false positives(? or temporary situation based on breach or so). Because when we talk about real malicious/harmful websites: prevent and block access is much more important than exact reason (which is 'because page is harmful').

    And indeed good to expect less count of false positives (or more strict work with 'previously' breached safe pages).

     

    Thanks!

  • WizU
    WizU Posts: 5 New Member

    I think It depends on the paradigm and skill set in each person.

    If you want to believe without any enough information(confirmation(reason/evidence/more)), I don't tell you anything. That's your habits.

     

    But, I can say that you will lose your productivity and more someday if you believe the information without confirmation(reason/evidence/more) even though It's from the government, famous company and more.

    Because I've been seeing them from my staff and social news who could not bring productivity to us. This is the major issue around the world.

     

    In my case, I have the objective to access the site.
    So, I don't believe such insufficient information and that is not valuable.

     

    Do you want to lose your chance to enhance your knowledge without seeing the information on the target site? I don't give up to see.

     

    As a result of the investigation by F-Secure team, The site is reported now "not Harmful".

     

    I'm the right person to use Information Technology efficiently.

    Actually, I'm belonging to IT management group and work at a Foreign financial company, Foreign Datacenter more than xx years. We usually need to clarify/review what is the reason when the vendor/maker/staff is reported. If we believe the Vendor/Maker/staff report simply, All we The each person will have a serious problem someday.

     

    if you work for an office somewhere. You will see such a case. If you have never seen it, You just a lucky for now.

     

    Anyway up to you. 

     

    F.Y.I.

  • WizU
    WizU Posts: 5 New Member

    Dear Simon,

     

    Thank you for the information. Now the site is "Not harmful".

     

    Cheers,

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    If you want to believe without any enough information(confirmation(reason/evidence/more)), I don't tell you anything. That's your habits.

    So, it is not my words or statements. I, also, did (do) not create statements or conclusions which is not based on enough information (confirmation/reason/common sense/else).

     

    With current discussion - I only ask what is enough information for you (based on your opinion); Only because it is interesting to me too (and it is 'popular' concern... but maybe not sufficiently covered).

    and, also, I created my own feelings about current design of F-Secure blockpage and potential 'enough' information.

     

    While my own decision is manual research 'does there is any reason for harmful rating or not' (before any other activities).

    I met, for example, your noted URL and it is rated as harmful-website. I will try to check and to find more information about (just like static analysis); if it will be not enough -> I will try to look for website directly and check if there is any reasons for rating (just like dynamic analysis). Usually, it can be enough (but I do not expect that each user should to do so; but I do expect that user should be protected at first - if there was reasons for harmful-rating).

    But if I'm sure that it is a harmful-website indeed (or it is not important page for me and it may be harmful page) -> I just do not want to visit such page (and it is not always interesting to know why such page is harmful; Also it can be unwanted to me - I can be upset). Just like if someone did not read each spam letter (clearly spam letters). And maybe there are no reasons for it.

    And I think that design of security companies is rate ONLY indeed harmful websites as such. False positives are something like mistake (and there is ability to inform F-Secure about this kind of mistakes);

    As a result of the investigation by F-Secure team, The site is reported now "not Harmful".

    So, but what was a reason for "Harmful"-rating? Did you receive explanation? And does it was enough information?


    Also, my concern of discussion is pinned only to subject of General Meanings / F-Secure / Blockpage / Harmful Website / Potential False Positive rating. There are many analogies, but I would like to talk only about this strict line.

     

    And I tried to create words like:

    -- if you chose security solution - it is possible to expect confidence in the Company.

    So, if certain website is rated as a harmful website -> the normal design is that it is a website that is indeed harmful.

    I think that with such view -> current F-Secure blockpage with enough information for user (what's happened). It is not enough for own user's feelings (if he want to know more; just like learn more - why page is can be harmful and so).

    I also feel that more information about 'rating/reputation' is a good opportunity. But it is unclear what is 'enough more information' (and does it safe to provide for malicious website builders such information or not).

    --  just because there are 'quite many' false positive ratings (is not good situation) - good to be with abilities (if you are administrator of system) to visit blocked page ("Allow website" by button or by exclusion list); report false positive (by F-Secure SAS).

    But I do not think that false positive is a valid situation. I would prefer to receive less false positives (or do not receive any) than receive more information about any harmful blockpage. With meanings that if I choose certain security solution -> I do expect that their decision will be logical, with common sense and in solidarity with my opinion about what is harmful (OR with ability to overwrite their decision by my own choice).

     

    Thanks!

     

    // just like example of 'more information' and F-Secure:

    certain website was rated as harmful (safe website). After discussion with F-Secure SAS -> reasons for such rating was confirmed.

    Situation: website is rated as harmful because certain .js-file (on certain page) is rated/detected as malicious item (kind of 'src of malware' in short; but with direct 'URL' to certain .js-file).

    So, does it enough information? I think that it is 'more information' but still is not enough.

    Because this .js-file is also false positive. There are was not any reasons for such detection (only too generic pattern of detection).

     

    Sorry for long reply. And sorry for your time!

This discussion has been closed.
Feedback on New Design