5 replies to this topic

[whatmeworry?]

Today I manually turned on the Protection Module (another thread details my problems in getting it working automatically). I was looking for more information about the Outpost Agnitum Free Firewall that I've installed on my WinXP Pro computer, and after doing a Google search I went to a web site entitled The Web Hikers Guide to Outpost Firewall at www.outpostfirewall.com/guide/ . To my surprise, MBAM's IP Protection popped up, saying "Infection detected" and providing the IP number 208.73.210.27. As far as I could tell, this site (the Web Hikers Guide) wasn't blocked, but when I went to different pages on the site, MBAM repeated its warning. I think 8 instances are recorded in the MBAM log, all for the same IP address.

I'm not sure what "Infection detected" refers to. Infection where? On multiple pages of this seemingly innocent website? In the browser that accessed the site? I ran a Quick Scan with MBAM using database 2675, and no malware was found on my computer. How am I supposed to know whether there's really a problem with this site, and if there IS a problem, why am I able to access it and roam about on it? I should add that I did a WhoIs search for the IP address and found it's registered to a company in California that probably just distributes such addresses:

OrgName: Oversee.net
OrgID: OVERS-1
Address: 515 S. Flower St
Address: Suite 4400
City: Los Angeles
StateProv: CA
PostalCode: 90071
Country: US

NetRange: 208.73.208.0 - 208.73.215.255
CIDR: 208.73.208.0/21
NetName: OVERSEE-NET-2
NetHandle: NET-208-73-208-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.OVERSEE.NET
NameServer: NS2.OVERSEE.NET
Comment:
RegDate: 2006-12-28
Updated: 2006-12-28

I'd really like to understand these "infection detected" alerts better. In particular, I'd like to know what specifically they refer to, when to take them seriously and when to ignore them, and what I should do when they appear. Thanks in advance for your help.

[prairie dog]

Have a look at this FAQ

It does not mean that you are infected. I believe I read that the MBAM team is working on changing the notification.

[whatmeworry?]

prairie dog, on Aug 22 2009, 10:05 AM, said:

Have a look at this FAQ

It does not mean that you are infected. I believe I read that the MBAM team is working on changing the notification.

Thanks, prairie dog, for your prompt response. I had already looked at that FAQ, but I probably didn't pay enough attention to the part that said "If a notification is presented on a safe site, and the site loads, it is likely the site was loading content that is hosted on an IP known for malicious activity. In this case, the site itself will be displayed perfectly fine, with the malicious content being blocked." However, though what the FAQ says makes sense, I find it a bit strange that every page I went to on that site was trying to load malicious content.

I hope MBAM refines its IP Protection feature to provide a lot more specific information. Right now it seems to raise a number of unanswered questions. I have no idea, for example, where if at all on this site the threat lies or even if the threat is real.

[prairie dog]

you're welcome

This being the first release of this new feature, I'm sure some tweaks will be coming in future updates

[YoKenny1]

I believe that installing hpHOST file will block those sites and if you install HostsMan with its browser speed up proxy HostsServer that has logging capability you will be able to see what sites are referred that load malicious content:
http://www.softpedia.com/get/Network-Tools.../HostsMan.shtml

MysteryFCM is the maintainer of hpHosts file.

[whatmeworry?]

YoKenny1, on Aug 22 2009, 11:19 AM, said:

I believe that installing hpHOST file will block those sites and if you install HostsMan with its browser speed up proxy HostsServer that has logging capability you will be able to see what sites are referred that load malicious content:
http://www.softpedia.com/get/Network-Tools.../HostsMan.shtml

Thanks, YoKenny1, for this info. I may give this a try. On the other hand, I'm really trying to reduce the number of programs I'm running rather than adding still more. In the past few years, I've tried several programs that were supposed to warn me about dodgy web sites or even block them. I found, however, that the programs often caused more problems than they solved. Oh well, I'll see whether my curiosity gets the better of me. It usually does .

Again, thanks very much.