Why is FSCS Browsing Protection blocking access to PuTTY's download location?

Why is F-Secure Client Security's Browsing Protection blocking access to PuTTY's download location http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe? What kind of harmful behaviour have been found on this site?

Comments

  • PopeyePopeye Posts: 36

    Hi there.

     

    It appears that the Browser Protection only blocks the download link when it includes the file name. This URL is blocked:

     

            http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

     

    while this URL

     

            http://the.earth.li/~sgtatham/putty/latest/x86/

     

    is not blocked. When you visit the URL without the file name, you can click the putty.exe download link without Browser Protection alarming.

     

    I haven't testet to see if B.P. blocks all URLs with exe files in the address, but I am pretty sure it doesn't as this would raise a lot of alarms for me as I regularly download a lot of different small command line utilities.

  • PopeyePopeye Posts: 36

    Correction to my previous post:

     

    It appears that I was fooled by Browser Protection whitelisting the URL after I first confirmed that I wanted to visit the download URL. Visiting the URL

     

            http://the.earth.li/~sgtatham/putty/latest/x86/

     

    is OK, but if I click on "putty.exe" to download, the Browser Protections still screams as long as I haven't acceptet the B.P. warning and chosen to continue at least once.

     

    There was a new PuTTY release out on december 10th, 1011, and my guess is that there is a Browser Protection false positive in this new version. I have never had any problems downloading PuTTY before, and I have been doing so for the last decade or so.

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    The exe-path resolves to

    dos not look very trustworthy to me but it is correct.
    Anyway why is the link marked green but accessing it gets a block-page?
    Lets wait for the answers from the team..
  • PopeyePopeye Posts: 36

    The link is a link to Graham Tatham's personal homepage where Putty has always resided. It may look suspicious. but it has always been that exact address and it has not been blocked before now.

     

    One thing I noticed is that it is only the URL containing putty.exe that is blocked. If I try puttytel.exe or pageant.exe I get through without warnings or hiccups.

     

    Funny you mentioned the green OK signal - I noticed it as well, but forgot to mention it. Smiley Happy

     

    Let's wait and see what the F-Secure team has to say.

  • you can download putty.zip instead before

This discussion has been closed.