Unchecky Compromised?

Is Unchecky Compromised?

  • Yes

    Votes: 3 17.6%

  • No

    Votes: 9 52.9%

  • Unchecky What?

    Votes: 5 29.4%
  • Total voters
    17
  • Poll closed .
upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,403
2
65,358
6,699
Sweden
Not everyone here on MT for obvious reasons use the software Unchecky and personal I don't and haven't tested it but member @gin brought the site and the software to my attention with a profile post that Heimdal Pro was blocking there site and I could confirm it. I even sent a report about it to Heimdal Securitys support and asked them why. Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ). Because of this they would not remove the domain from there blocklist and they even recommend to stay away from the site even if it's possible to unblock and whitelist the url inside the software ( Activity Reports/Websites Blocked ).

Fair enough but it made me more curious so I sent a report also to F-Secure where I mentioned Heimdal Securitys report and still F-Secure excluded any issues with the url. Correct also IMO as the site itself is not malicious and I can guess F-Secure did not included the software as Heimdal Security did.

Your opinion?

Unchecky - Keeps your checkboxes clear

Download
 
  • Like
Reactions: AtlBo, CyberTech, spaceoctopus and 9 others
upnorth said:
Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ). Because of this they would not remove the domain from there blocklist and they even recommend to stay away from the site even if it's possible to unblock and whitelist the url inside the software ( Activity Reports/Websites Blocked )
Click to expand...
Same is with the Heimdal blocking bitdujour

https://www.virustotal.com/#/domain/download.bitsdujour.com
 
  • Like
Reactions: AtlBo, spaceoctopus, silversurfer and 5 others
I used this software month ago, were working well. But on every install as long you read and check boxes yourself youre fine without.

I was about to install it but saw this thread, i think im gonna pass for now. I dont think theres anything sketchy with unchecky tho

lolchecky.png
 
Last edited:
  • Like
Reactions: AtlBo, CyberTech, spaceoctopus and 5 others
Same is true if you use SUMo, kc-softwares.com is blocked,

VokkdW.png


Anyway if one think is a false positive can surely unblock I think,

I usually do a double check with Heimdal and PiHole,

the final response is given to urlscan.io, analyzing all the info given from that nice service

Not sure how false-positives are handled, because surely is a false positive,

maybe @Kyle_Katarn too should be informed (y)

I have to admit Heimdal catch some things PiHole didn't and same PiHole catch some things Heimdal didn't, so added together they make a very nice layer :)
 
  • Like
Reactions: AtlBo, Kyle_Katarn, CyberTech and 6 others
upnorth said:
Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ).

Your opinion?
Click to expand...
Do these professional companies know what a automated malware analysis sandbox is? Instead of assuming or guessing, they need to further investigate the file before blacklisting it. Do they not have an analysis expert working for them, if not, maybe they need to consider this, if they plan to operate in the security field.
 
  • Like
Reactions: spaceoctopus, gin, harlan4096 and 4 others
Hi bro @illumination

I suspect the vast majority of flags are done by robots, :alien:

The thing is completely different with PiHole, but as I liked the review of @ForgottenSeer 58943 I runned buying a lifetime of Heimdal as an essential component for my concept of layered security,

on PiHole too sometime using the default lists may happen that short urls needs to be whitelisted, like youtu.be,

I think they update that database time to time on their server end for Heimdal, like I do locally with my PiHole whitelist,
and blacklist,

Eventually if I see a list is creating too many false-positives, I delete that list :)
 
Last edited:
  • Like
Reactions: AtlBo, spaceoctopus, gin and 4 others
illumination said:
Do these professional companies know what a automated malware analysis sandbox is? Instead of assuming or guessing, they need to further investigate the file before blacklisting it. Do they not have an analysis expert working for them, if not, maybe they need to consider this, if they plan to operate in the security field.
Click to expand...
Good point and I agree as it raise another question how not only they but in general Security companies/vendors act on submissions either it's a file or url. But IMO it's after all common with plain support people answer and those are not always knowledgeable enough so the replies have to be taken with a bit of salt but F-Secure normaly always replies from there analysis experts and since F-Secure been around much longer then Heimdal Security I'll go with there flow first in this case as a big part also lays in trust but I still wouldn't fully ignore the VT reports.

@lowdetection Heimdal Security will not remove unchecky.com from there blocklist so they for sure does not consider it as a false positive. Was interesting to see that they also block kc-softwares.
 
Last edited:
  • Like
Reactions: AtlBo, spaceoctopus, gin and 4 others
We could open another big chapter here, i.e., how a bad actor can make you blacklisted into main vendors database, but I prefer leave that aside...

Google Ranking, and so on...

At one extent, I saw malicious sites becoming good, and good sites becoming malicious, :eek:

Even in this case, I am always the final decision maker for my little network,

3wchgO.png
 
  • Like
Reactions: AtlBo, gin, vtqhtr413 and 1 other person
upnorth said:
Was interesting to see that they also block kc-softwares.
Click to expand...
I agree with Heimdal about kc-softwares, it's crazy they are even allowed to advertise their scareware even at MT. Not even talking about redirects from in-software to mysterious 3th party vendor pages to download drivers from and fake Java download pages. I feel for souls installing Sumo/Dumo on systems without using any adblocker.
 
Last edited by a moderator:
  • Like
Reactions: Elias87, AtlBo, lowdetection and 4 others
@upnorth I uninstalled Unchecky last week so cannot comment on this issue.

davisd said:
I agree with Heimdal about kc-softwares, it's crazy they are even allowed to advertise their scareware even at MT. Not even talking about redirects from in-software to mysterious 3th party vendor pages to download drivers from and fake Java download pages.
Click to expand...
That's on the Developer(s), it's their actions and choices for supporting Adware builds. However, there is a warning about Unwanted Software on the Updates thread. Also applies to other applications such as CCleaner. See image below.
1533216895391.png
 
  • Like
Reactions: lowdetection, gin, harlan4096 and 2 others
One could always contact Andrew Newman over at Reason Securities, he is the Founder/CEO, and easy to talk too... If his website or software has been compromised, he would certainly be glad to have it brought to his attention.

It is always best to dig a little before coming to any conclusions regardless of what you are using, and questioning it as you have done here instead of blindly believing any software, it is a good practice/habit.
 
  • Like
Reactions: lowdetection, gin, harlan4096 and 2 others
You probably should trust Heimdal.

What I have found over the last couple years is Heimdal often picks up things WAY before anyone else does. I've had it block side-loads from legitimate websites attempting to serve malware redirects. Heimdal has increased staff, opened a second office in another country and have been increasing product detection rates and efficiency working up to the Thor release. (it's in beta/RC)

The reason I still use Heimdal even with my other systems in place is precisely because I trust the technology behind it and like how it blocks virtually anything that is remotely sketchy. My son places Runescape on private servers. Heimdal triggered about 60 blocks on his PC in the last few days. The private server was fine, then 3 days ago attempted to redirect in the background to a malware server. Without Heimdal, it's quite possible it would have gotten through.
 
  • Like
Reactions: lowdetection, gin, vtqhtr413 and 2 others
ForgottenSeer 58943 said:
You probably should trust Heimdal.

What I have found over the last couple years is Heimdal often picks up things WAY before anyone else does. I've had it block side-loads from legitimate websites attempting to serve malware redirects. Heimdal has increased staff, opened a second office in another country and have been increasing product detection rates and efficiency working up to the Thor release. (it's in beta/RC)

The reason I still use Heimdal even with my other systems in place is precisely because I trust the technology behind it and like how it blocks virtually anything that is remotely sketchy. My son places Runescape on private servers. Heimdal triggered about 60 blocks on his PC in the last few days. The private server was fine, then 3 days ago attempted to redirect in the background to a malware server. Without Heimdal, it's quite possible it would have gotten through.
Click to expand...
Should never be playing private servers. Games like wow/runescape are pretty much tied to in-game gold wich makes some people go insane. its very easy to rat people throught java client. Same with the pirated games. Should just set up adult filter to avoid this kind of stuff
 
  • Like
Reactions: lowdetection, gin and upnorth
Moonhorse said:
Should never be playing private servers. Games like wow/runescape are pretty much tied to in-game gold wich makes some people go insane. its very easy to rat people throught java client. Same with the pirated games. Should just set up adult filter to avoid this kind of stuff
Click to expand...

There are a lot of legit private servers and they've posed no issue for him. Just in case, his machine is behind heavy layered security and on it's own VLAN so I think we're pretty fine. He's got granular outbound control on his box, and we control outbound from the network at the gateway level. I no longer disclose our complete security systems, but they're extensive these days.

Nevertheless, Heimdal IS a part of that layer, a valuable part IMO.
 
  • Like
Reactions: AtlBo, upnorth, lowdetection and 2 others
Actually i never use unchecky, so can't vote :D . i like how heimdal works, nice companion for your av :emoji_ok_hand:

Nice thread btw (y)
 
  • Like
Reactions: AtlBo and upnorth
If i'm not wrong Unchecky belongs to ReasonCore security. About 1 year and half ago when i had Panda Internet Security on one machine and Avast IS on another, each time i downloaded ReasonCore security, Panda and Avast were blocking some URLs during the download process.

The program itself downloaded successfully without any problem. Then during installation and sometimes during use, it failed working correctly because Panda and Avast were constantly blocking some Urls belonging to Reason core. It continued like that for over a year. Then i stopped using it.
 
  • Like
Reactions: AtlBo, upnorth and lowdetection
illumination said:
Do these professional companies know what a automated malware analysis sandbox is? Instead of assuming or guessing, they need to further investigate the file before blacklisting it. Do they not have an analysis expert working for them, if not, maybe they need to consider this, if they plan to operate in the security field.
Click to expand...
Maybe because of the huge update that Heimdal is receiving, it may be a bit too agressive and needs refinement. Just a guess. :giggle:
 
  • Like
Reactions: upnorth and lowdetection
upnorth said:
Not everyone here on MT for obvious reasons use the software Unchecky and personal I don't and haven't tested it but member @gin brought the site and the software to my attention with a profile post that Heimdal Pro was blocking there site and I could confirm it. I even sent a report about it to Heimdal Securitys support and asked them why. Apparently they believe the site or rather the software been compromised as the software had a bit too many negative results on VT ( VirusTotal.com ). Because of this they would not remove the domain from there blocklist and they even recommend to stay away from the site even if it's possible to unblock and whitelist the url inside the software ( Activity Reports/Websites Blocked ).

Fair enough but it made me more curious so I sent a report also to F-Secure where I mentioned Heimdal Securitys report and still F-Secure excluded any issues with the url. Correct also IMO as the site itself is not malicious and I can guess F-Secure did not included the software as Heimdal Security did.

Your opinion?

Unchecky - Keeps your checkboxes clear

Download
Click to expand...
Thanks for the info (y) Because I don't really need it I have removed Unchecky from my computer. Better safe than sorry :cautious:
 
  • Like
Reactions: spaceoctopus, stefanos and upnorth

You may also like...