Mr.Pr

Phishing protection problem with VPNproxy ?

Recommended Posts

Hello

 

I have a problem with phish protection in Emsisoft(IS)

 

When i go in a for example here i have a phish site( Emsisoft say this site is a phishing ) : https://www.gtsoftware.com/

 

so i go in this site with VPN , Emsisoft dont block the site 

 

but then i go this site without VPN , Emsisoft block this site as a phishing site ! 

 

so what do you think , is it normal ? :-?

 

 

Kind Regards

-Parham

Share this post


Link to post
Share on other sites

I've no idea whether EIS should block access via a VPN.   What I've written below is just a guess.

 

When you try to access such a site directly from your own machine EIS must see that you're trying to make a connection to

that iffy website.     But when you use a VPN, it's the VPN server elsewhere in the world that would make that connection,

and EIS isn't running on the VPN server.

 

It seems to me that for EIS to detect that you are asking a VPN server to contact an iffy site, EIS would need to examine all

the traffic between your computer and the VPN server, to read the contents of that traffic, not just test where it was being

sent.   I don't know if EIS does any checking of packet contents for any sort of traffic.

 

Moreover, I would have thought that communication with a VPN server would be done over https rather than http?  And if

so wouldn't that mean that EIS would only see the encrypted contents of the traffic, not the plain text?  How could it reach

any conclusion then?

Share this post


Link to post
Share on other sites

Thank You dear Jeremy for your answer  ;)

 

i hope get give an answer from Emsi Support and sure about your idea or another ideas

Share this post


Link to post
Share on other sites

I know our Surf Protection doesn't work with a proxy. However with a VPN it would depend on how the VPN works, and how it is configured. Our Surf Protection blocks DNS lookups, and the reason it doesn't work with a proxy is that the DNS lookup is done through the proxy rather than run on the local computer. With a VPN, if all Internet traffic is going through the VPN, then I would believe a DNS lookup also does go through the VPN service rather than going to your local router or ISP's DNS servers, which could be preventing the Surf Protection from filtering it properly. I'll ask our developers to confirm that this is expected behavior.

Share this post


Link to post
Share on other sites

I know our Surf Protection doesn't work with a proxy. However with a VPN it would depend on how the VPN works, and how it is configured. Our Surf Protection blocks DNS lookups, and the reason it doesn't work with a proxy is that the DNS lookup is done through the proxy rather than run on the local computer. With a VPN, if all Internet traffic is going through the VPN, then I would believe a DNS lookup also does go through the VPN service rather than going to your local router or ISP's DNS servers, which could be preventing the Surf Protection from filtering it properly. I'll ask our developers to confirm that this is expected behavior.

Thank You for the answer GT500 , 

 

about this part of your anmswer: I know our Surf Protection doesnt work with a proxy

 

why? sometimes users connect to internet with proxy , or https o something like that ... or for example vpn , 

so they not need protection?

 

for example righ now i am connect to internet with a vpn , so i am not protected?( in internet searching ) ?maybe i go to a phishing site or something like that ...  is it true or i am in misunderstanding ?

Share this post


Link to post
Share on other sites

... sometimes users connect to internet with proxy , or https o something like that ... or for example vpn , 

so they not need protection?

It isn't a matter of whether or not protection is needed. It's a technical limitation. VPN and proxy technology redirects network traffic, and thus things don't work the way they normally would.

Can you use a HOSTS file to block websites when using your VPN service?

Share this post


Link to post
Share on other sites

It isn't a matter of whether or not protection is needed. It's a technical limitation. VPN and proxy technology redirects network traffic, and thus things don't work the way they normally would.

Can you use a HOSTS file to block websites when using your VPN service?

Thank you for the answer

 

in fact i am using Hoxx vpn extension( google chrome )  ,  and when i'm not connect to vpn and go to this link : http://malware.wicar.org/data/eicar.com

nothing download , but when i connect to vpn and go that site , i see malware downloaded ! 

Share this post


Link to post
Share on other sites

in fact i am using Hoxx vpn extension( google chrome )

If you are using a browser extension for VPN, then it is doubtful that it would be possible to intercept the DNS lookup, as it's more than likely being forwarded through the VPN rather than using the Windows API's.

Share this post


Link to post
Share on other sites

GT500 , thanks for the answer

 

i think if Emsisoft provide a Special Extension for web gaurd( like what 99% companies have, for example Norton - Bitdefender - Kaspersky - Webroot - Avast - AVG ... ) this problem ( this is a problem , i'm sure , but Emsisoft said there is nothing for fix ! ) everything is going to be Ok ! 

 

*But if you insist to say everything is Ok ! so go ahead :) Continue to what you doing and tell to your Customers you do wrong , and it is not Emsisoft mistake

 

Kind Regards

Parham

Share this post


Link to post
Share on other sites

Continue to what you doing and tell to your Customers you do wrong , and it is not Emsisoft mistake

Nobody said it's the user's fault. I am not sure where you pulled that from. Arthur just said it is a known problem and limitation of the way our surf protection is implemented. That is all.

If it can be fixed within the way surf protection is currently implemented, we will fix it. However, since the majority of users is not affected, as it is only a problem when using TOR and some other solutions that perform remote DNS resolving, it is unlikely that we start adding browser plugins or addons just to catch this one case where the current implementation doesn't work. Browser addons are a nightmare. If you ever used an AV long-term that relied upon them, you know how much ever trouble they can make on every new major browser version. It's not something we want to get involved in.

  • Upvote 1

Share this post


Link to post
Share on other sites

Nobody said it's the user's fault. I am not sure where you pulled that from. Arthur just said it is a known problem and limitation of the way our surf protection is implemented. That is all.

If it can be fixed within the way surf protection is currently implemented, we will fix it. However, since the majority of users is not affected, as it is only a problem when using TOR and some other solutions that perform remote DNS resolving, it is unlikely that we start adding browser plugins or addons just to catch this one case where the current implementation doesn't work. Browser addons are a nightmare. If you ever used an AV long-term that relied upon them, you know how much ever trouble they can make on every new major browser version. It's not something we want to get involved in.

 Hi dear Fabian !

 

Thank You for the answer . i appreciate that

but dear David Bigger in Emsi Support said me for this problem : user trying to bypass ( or something like that ) his security if he want use something like VPN extensions... he said there is nothing for us to fix it , if you are trying to confirm what Emsi Support said , I insist that you're in mistake 

 

i dont know and also i dont want underestand these Technical answers ( something what Supports answered me with that ... just some technical answeres and something about privacy ! ) 

 

i just trying to say this matter ( whatever Emsi Support trying use that for excuse ) just Applies for Emsisoft ? i use almost all of Antivirus Softwares ( norton - mcafee - gdata - drweb - panda - bullgaurd - webroot - ... ) so why ... please answer this question : Why they can still protect users even they use Vpn extensions ( something like Hoxx Vpn extension ) ? if this is a privacy problem i dont know or Technical limitaion ... i dont know ! what is important this is >> Customers Safetly !  and your customers your users ... Emsisoft Lovers ! are not safe ! when they use something like these VPN Extensions ! are you trying put some conditions for Customers safetly ?( for example : dont use Vpn Extensions or you are not protected ? )   i recently send an email to this Address : [email protected]  i dont know you manage that email or someone else ... but i was trying to make you aware of this matter ( technical limitation or whatever Emsi Support named it ! )...

 

 

Kind Regards,

Parham.

Share this post


Link to post
Share on other sites

i dont know and also i dont want underestand these Technical answers

In that case there is no point in keeping this post open. I will therefore lock it.

i just trying to say this matter ( whatever Emsi Support trying use that for excuse ) just Applies for Emsisoft?

Difference in implementation most likely. Some AV vendors don't care about the user's privacy and will happily man in the middle and snoop around in your private and protected data traffic, reporting all sites you visit to their cloud servers, and knowingly open up a whole bunch of privacy related issues. We won't do that though. If you like to use your VPN and want your traffic being monitored (which in itself is a contradiction by the way), feel free to use any of the other solutions you mentioned.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.