Malicious website ?

Hi all, I've just been trying to access www.cnczone to download the most recent version of Eazilathe. Unfortunately my anti virus software keeps telling me that it's a malicious site and that it's a known dangerous website.

Have any other members had this trouble? Or is it just Norton being ultra carefull.

I'm surprised, as I understood it to be a well used site.

Best regards,

Keith.

Edited By Keith Rogers 2 on 17/05/2023 22:50:45

If this is the site you want I've just opened www.cnczone.com no problem at all, using Firefox on Linux Mint 21

John

I have had this in the past with known sites. Using Norton on MAC OS, I just disable Norton and download the required file then re initiate it. If you worry you can then do a full scan, never had a problem, it is unusually caused by an out of date certificate.

I consider Norton a virus.

I too tried and www.cnczone.com opened without problems (Firefox on Windows).

Ditto, Chrome on Win10 with Norton.

iPad, running 16.4.1 (a), happily opens https://www.cnczone.com **LINK**

without any protest or warning.

MichaelG.

I can get to it on my work machine and that is protected to the nines. If I can reach it on that there is most certainly no issue with that website

Now then boys and girls, told that an AVM is red-flagging a website as a security risk, is it a good idea to rush in and try it? If the website is a wrong 'un, the bad guys may have put considerable effort into making it look and feel legitimate. You could be jumping into a honeypot. A second Charge of the Light Brigade.

What does connecting to www.cnczone.com with a Browser prove? Almost nothing in a security sense, apart from the possibility of painfully finding your AVM is out-of-date compared to Keith's Norton.

Better to check suspicious sites with one of the online checkers. I used **LINK** to scan www.cnczone.com. (Others available) It applied about 40 checks, which all came back clean, and provides other reassuring information. I'm 99% certain cnczone is safe. The remaining doubt is because of the unlikely possibility that Norton and Keith are one step ahead of everyone else! More likely it's a false positive: a mistake, or maybe www.cnczone.com was briefly spoofed or malfunctioned suspiciously recently, now fixed.

Dave

Edited By SillyOldDuffer on 18/05/2023 10:01:06

That is certainly top advice. Luckily I have isolated VM's I can try this type of thing on.

Why would you trust an online website purporting to check other websites any more than you would trust any other online website ? Does not compute...

Thanks for all your help

Having tried yesterday at various times to no avail, I tried again this morning after your reassurances and had no problem. Strange!

Thanks again.

Keith.

Ahh! It's the downloads page that's causing the problems. When I tried last time I only went to the Homepage--no problem.

If you search for www.cnczone/forums/downloads you hit trouble!

Oh well it seemed like a good idea at the time, I'll just have to use my old version of Ezilathe (wrong spelling in first post)

Regards,

Keith.

Keith

As before **LINK** https://www.cnczone.com/forums/downloads.php

works fine for me.

Could it be that you are using an old URL, starting with http instead of htttps

MichaelG.

I don't use Norton, but I'm guessing it's flagged up because cnczone's forum is a site from which you can download executable files.

As a warning, it could be infected by one of the "Drive By" malware programs
https://www.kaspersky.com/resource-center/definitions/drive-by-download 

Google Safe Browsing Check is probably a reasonable place to start
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.cnczone.com%2Fforums%2Fdownloads.php

Bill

Edited By peak4 on 18/05/2023 12:19:38

Ok having retried the specific URL in a safe location, it does get flagged for high risk of malware/malicious sources. It could quite easily be because you can download untrusted executables as suggested above.

I would just ensure that any link you use to download is in fact coming from the trusted location and not some arbitrary and weird looking url (hovering over links shows the url in the bottom left corner of the browser, make sure its what you would expect from them normally).

You could, disable AV protection, download these files, re-enable AV protection and scan the file, but only really recommended in an isolated environment.

I think in this instance the antivirus could be over zealous with it's protection.

Yes indeed, and "Quis custodiet ipsos custodes?" has always been a problem. (Who watches the watchmen?)

Faulty logic as a reason for not bothering with deeper checking though. Even though security is never perfect, it's still prudent to do ones best.

As far as I know, no-one has successfully faked a website security check website - yet. Not impossible, but a tricky challenge to pull-off for any length of time.

The site I used lists the resources it uses, and they can all be verified individually. So if someone had successfully hijacked www.cnczone.com, they have to hijack URLVOID and it's sub-sources as well. That depth of deception is hard work. And if URLVOID is in doubt, other web check sites are available - Bill mentions Google Site Check.

Security is a balance between inconvenience and safety. I try a notch or two harder than average, which is usually enough to stay one step ahead of evil-doers.

Dave

If tested from a work computer, IT Departments almost invariably block anything on the internet that Downloads software. Unless they've made a mistake, or the job is done by the office-junior as a sideline. Businesses rarely take the risk of allowing employees to do whatever they want with a work computer: apart from the privacy issue, it reduces system reliability and makes diagnosing faults much harder. IT professionals go for tight configuration control!

Dave

To add to this it looks pretty secure from an SSL / cipher /Web Server vulnerability scan point of view.

(usually the standard to define that a site is protected and secure, check the SSL Labs site for more information).

The I have generated report for CNCZone here. What this indicates is that the site is secure.

Edit to add a description of what the SSL LAbs scanner does.. 

SSL Labs by Qualys is one of the most popular SSL testing tools to check all the latest vulnerabilities & misconfiguration. Certificate issuer, validity, algorithm used to sign Protocol details, cipher suites, handshake simulation It tests the website’s SSL certificate on multiple servers to make sure the test results are accurate.

Edited By Rooossone on 18/05/2023 13:53:40

You are right, they do. I was trying to not get too technical but I have access to cloud based virtual machines in an isolated network subnet that I can use for things like this.