Unchecky Compromised?

[upnorth]

Not everyone here on MT for obvious reasons use the software Unchecky and personal I don't and haven't tested it but member @gin brought the site and the software to my attention with a profile post that Heimdal Pro was blocking there site and I could confirm it. I even sent a report about it to Heimdal Securitys support and asked them why. Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ). Because of this they would not remove the domain from there blocklist and they even recommend to stay away from the site even if it's possible to unblock and whitelist the url inside the software ( Activity Reports/Websites Blocked ).

Fair enough but it made me more curious so I sent a report also to F-Secure where I mentioned Heimdal Securitys report and still F-Secure excluded any issues with the url. Correct also IMO as the site itself is not malicious and I can guess F-Secure did not included the software as Heimdal Security did.

Your opinion?

Unchecky - Keeps your checkboxes clear

Download

 

[Deleted Member 3a5v73x]

Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ). Because of this they would not remove the domain from there blocklist and they even recommend to stay away from the site even if it's possible to unblock and whitelist the url inside the software ( Activity Reports/Websites Blocked )

Same is with the Heimdal blocking bitdujour

https://www.virustotal.com/#/domain/download.bitsdujour.com

 

[Moonhorse]

I used this software month ago, were working well. But on every install as long you read and check boxes yourself youre fine without.

I was about to install it but saw this thread, i think im gonna pass for now. I dont think theres anything sketchy with unchecky tho

 

[lowdetection]

Same is true if you use SUMo, kc-softwares.com is blocked,

Anyway if one think is a false positive can surely unblock I think,

I usually do a double check with Heimdal and PiHole,

the final response is given to urlscan.io, analyzing all the info given from that nice service

Not sure how false-positives are handled, because surely is a false positive,

maybe @Kyle_Katarn too should be informed

I have to admit Heimdal catch some things PiHole didn't and same PiHole catch some things Heimdal didn't, so added together they make a very nice layer

 

[illumination]

Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ).

Your opinion?

Do these professional companies know what a automated malware analysis sandbox is? Instead of assuming or guessing, they need to further investigate the file before blacklisting it. Do they not have an analysis expert working for them, if not, maybe they need to consider this, if they plan to operate in the security field.

 

[lowdetection]

Hi bro @illumination

I suspect the vast majority of flags are done by robots,

The thing is completely different with PiHole, but as I liked the review of @ForgottenSeer 58943 I runned buying a lifetime of Heimdal as an essential component for my concept of layered security,

on PiHole too sometime using the default lists may happen that short urls needs to be whitelisted, like youtu.be,

I think they update that database time to time on their server end for Heimdal, like I do locally with my PiHole whitelist,
and blacklist,

Eventually if I see a list is creating too many false-positives, I delete that list

 

[upnorth]

Do these professional companies know what a automated malware analysis sandbox is? Instead of assuming or guessing, they need to further investigate the file before blacklisting it. Do they not have an analysis expert working for them, if not, maybe they need to consider this, if they plan to operate in the security field.

Good point and I agree as it raise another question how not only they but in general Security companies/vendors act on submissions either it's a file or url. But IMO it's after all common with plain support people answer and those are not always knowledgeable enough so the replies have to be taken with a bit of salt but F-Secure normaly always replies from there analysis experts and since F-Secure been around much longer then Heimdal Security I'll go with there flow first in this case as a big part also lays in trust but I still wouldn't fully ignore the VT reports.

@lowdetection Heimdal Security will not remove unchecky.com from there blocklist so they for sure does not consider it as a false positive. Was interesting to see that they also block kc-softwares.

 

[lowdetection]

We could open another big chapter here, i.e., how a bad actor can make you blacklisted into main vendors database, but I prefer leave that aside...

Google Ranking, and so on...

At one extent, I saw malicious sites becoming good, and good sites becoming malicious,

Even in this case, I am always the final decision maker for my little network,

 

[upnorth]

We could open another big chapter here, i.e., how a bad actor can make you blacklisted into main vendors database, but I prefer leave that aside...

True! The topic is after all about Unchecky.

 

[Deleted Member 3a5v73x]

Was interesting to see that they also block kc-softwares.

I agree with Heimdal about kc-softwares, it's crazy they are even allowed to advertise their scareware even at MT. Not even talking about redirects from in-software to mysterious 3th party vendor pages to download drivers from and fake Java download pages. I feel for souls installing Sumo/Dumo on systems without using any adblocker.

 

[lowdetection]

With Unchecky probably the only thing is a little concern about subdomain logs.unchecky.com, my opinion unchecky is ok, I use Robtex too to get a first opinion, and yes sometime a person assigned to inspect a site should be needed, but eventually is handled only by robots.

unchecky.com - Robtex

 

[Ink]

@upnorth I uninstalled Unchecky last week so cannot comment on this issue.

I agree with Heimdal about kc-softwares, it's crazy they are even allowed to advertise their scareware even at MT. Not even talking about redirects from in-software to mysterious 3th party vendor pages to download drivers from and fake Java download pages.

That's on the Developer(s), it's their actions and choices for supporting Adware builds. However, there is a warning about Unwanted Software on the Updates thread. Also applies to other applications such as CCleaner. See image below.

Spoiler

 

[illumination]

One could always contact Andrew Newman over at Reason Securities, he is the Founder/CEO, and easy to talk too... If his website or software has been compromised, he would certainly be glad to have it brought to his attention.

It is always best to dig a little before coming to any conclusions regardless of what you are using, and questioning it as you have done here instead of blindly believing any software, it is a good practice/habit.

 

[ForgottenSeer 58943]

You probably should trust Heimdal.

What I have found over the last couple years is Heimdal often picks up things WAY before anyone else does. I've had it block side-loads from legitimate websites attempting to serve malware redirects. Heimdal has increased staff, opened a second office in another country and have been increasing product detection rates and efficiency working up to the Thor release. (it's in beta/RC)

The reason I still use Heimdal even with my other systems in place is precisely because I trust the technology behind it and like how it blocks virtually anything that is remotely sketchy. My son places Runescape on private servers. Heimdal triggered about 60 blocks on his PC in the last few days. The private server was fine, then 3 days ago attempted to redirect in the background to a malware server. Without Heimdal, it's quite possible it would have gotten through.

 

[Moonhorse]

You probably should trust Heimdal.

What I have found over the last couple years is Heimdal often picks up things WAY before anyone else does. I've had it block side-loads from legitimate websites attempting to serve malware redirects. Heimdal has increased staff, opened a second office in another country and have been increasing product detection rates and efficiency working up to the Thor release. (it's in beta/RC)

The reason I still use Heimdal even with my other systems in place is precisely because I trust the technology behind it and like how it blocks virtually anything that is remotely sketchy. My son places Runescape on private servers. Heimdal triggered about 60 blocks on his PC in the last few days. The private server was fine, then 3 days ago attempted to redirect in the background to a malware server. Without Heimdal, it's quite possible it would have gotten through.

Should never be playing private servers. Games like wow/runescape are pretty much tied to in-game gold wich makes some people go insane. its very easy to rat people throught java client. Same with the pirated games. Should just set up adult filter to avoid this kind of stuff

 

[ForgottenSeer 58943]

Should never be playing private servers. Games like wow/runescape are pretty much tied to in-game gold wich makes some people go insane. its very easy to rat people throught java client. Same with the pirated games. Should just set up adult filter to avoid this kind of stuff

There are a lot of legit private servers and they've posed no issue for him. Just in case, his machine is behind heavy layered security and on it's own VLAN so I think we're pretty fine. He's got granular outbound control on his box, and we control outbound from the network at the gateway level. I no longer disclose our complete security systems, but they're extensive these days.

Nevertheless, Heimdal IS a part of that layer, a valuable part IMO.

 

[gin]

Actually i never use unchecky, so can't vote . i like how heimdal works, nice companion for your av :emoji_ok_hand:

Nice thread btw

 

[spaceoctopus]

If i'm not wrong Unchecky belongs to ReasonCore security. About 1 year and half ago when i had Panda Internet Security on one machine and Avast IS on another, each time i downloaded ReasonCore security, Panda and Avast were blocking some URLs during the download process.

The program itself downloaded successfully without any problem. Then during installation and sometimes during use, it failed working correctly because Panda and Avast were constantly blocking some Urls belonging to Reason core. It continued like that for over a year. Then i stopped using it.

 

[spaceoctopus]

Do these professional companies know what a automated malware analysis sandbox is? Instead of assuming or guessing, they need to further investigate the file before blacklisting it. Do they not have an analysis expert working for them, if not, maybe they need to consider this, if they plan to operate in the security field.

Maybe because of the huge update that Heimdal is receiving, it may be a bit too agressive and needs refinement. Just a guess.

 

[Gandalf_The_Grey]

Not everyone here on MT for obvious reasons use the software Unchecky and personal I don't and haven't tested it but member @gin brought the site and the software to my attention with a profile post that Heimdal Pro was blocking there site and I could confirm it. I even sent a report about it to Heimdal Securitys support and asked them why. Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ). Because of this they would not remove the domain from there blocklist and they even recommend to stay away from the site even if it's possible to unblock and whitelist the url inside the software ( Activity Reports/Websites Blocked ).

Fair enough but it made me more curious so I sent a report also to F-Secure where I mentioned Heimdal Securitys report and still F-Secure excluded any issues with the url. Correct also IMO as the site itself is not malicious and I can guess F-Secure did not included the software as Heimdal Security did.

Your opinion?

Unchecky - Keeps your checkboxes clear

Download

Thanks for the info Because I don't really need it I have removed Unchecky from my computer. Better safe than sorry