why is "oceanofgames.com" blocked in Web Antivirus protection mechanism?

[maxmathew]

Hi,

 

  I really wonder why is “oceanofgames.com” blocked in Web Antivirus protection component in recent times? I have been entering this site maybe more than 10 years, and it wasn’t being blocked up to recent times.

  I submitted that address to reanalyze this site in opentip.kaspersky.com and they opened a ticket for reanalysis to communicate via email. They reanalyzed and they wrote me via my email “Blocking this url is correct”.  I told them that this site’s being blocked was suspicious in my point of view, i said:  because i have been entering this site for a long time and it wasn’t in the blocking list up to recent times maybe more than 10 years. And i added that i would like to see their analyze reports,too, if this was possible for them. They answered me : “According to our statistics, malware was distributed from this resource.”. This answer looked really weird to me. Because the scope of Web Antivirus protection mechanism must not be in the length of blocking the sites where there can be malicious downloads. Web Antivirus must block the phishing sites, for example, the sites which can lower down the security of connected clients via dangerous links, via javascript codes, … etc. These kind of dangerous sites must be in the scope of web antivirus protection mechanism. If the scope of Web Antivirus protection mechanism is expanded to a length to blocking the sites where there can be malicious downloads, then Web Antivirus must block all legitimate or unlegitimate download sites where malicious downloads may exist.  This is ridiculous in my opinion.. Because for example: github.com has malicious downloads ,too, but Web Antivirus allows it. Why? Or some download sites may include programs which may have malicious codes. I couldn’t remember their names to give an example right now :), The scope of Web Antivirus protection mechanism must not include the sites where there can be malicious downloads. Kaspersy Antivirus protection mechanism already does this work. When we try to download a file which may have malicious codes in it, Kaspersky scans all files being downloaded, executed in real time. But Kaspersky Antivirus protection module doesn’t find phishing web sites, for example. This is Web Antivirus’s responsibility. Do you understand what i try to mean?  I really don’t understand this point about why oceanofgames.com is blocked.. If somebody could clarify this subject,i would be glad. 

 Sincerely..

[Flood and Flood's wife]

Hi,   I really wonder why is “oceanofgames.com” blocked in Web Antivirus protection component in recent times? I have been entering this site maybe more than 10 years, and it wasn’t being blocked up to recent times.

 

Hello @maxmathew, 

Welcome back! 

Nothing is static, websites evolve all the time, sometimes not in a good way:

 

If you disagree with the analysis, it would be best to continue with the Kaspersky Technical Team, using the case you already logged, explain to them you don’t understand, ask them to explain again?  

Thank you🙏

Flood🐳+🐋

[Apal]

It’s now a bad website, because I have downloaded call of duty from this site of 500 mb some 3 months ago, and after installation, my pc’s task manager was showing cmd 100 disk usage and pc freezed. So, I have to fully reset the pc. So, I think it’s hosting malwares now. And, at that time, I was not having kaspersky. 

[maxmathew]

Hi,   I really wonder why is “oceanofgames.com” blocked in Web Antivirus protection component in recent times? I have been entering this site maybe more than 10 years, and it wasn’t being blocked up to recent times.

 

Hello @maxmathew, 

Welcome back! 

Nothing is static, websites evolve all the time, sometimes not in a good way:

 

If you disagree with the analysis, it would be best to continue with the Kaspersky Technical Team, using the case you already logged, explain to them you don’t understand, ask them to explain again?  

Thank you🙏

Flood🐳+🐋

Thank you for your answer. I agree with you. Nothing is static, websites evolve all the time, but not all websites evolve. Since more than 10 years, that website’s appearence never changed. If there were any changes, this would be obvious even from its appearence,too, even if i ignore checking the website’s source code.   Thank you for your advice. Maybe i do that, maybe i don’t. Because in every conflict of antiviruses’ working style,if i would write to technical department, my messages would be more than 200 maybe to technical department. I will think of it. I just wanted to learn your opinions, that’s why i wrote here.. thank you for yuor answer.

It’s now a bad website, because I have downloaded call of duty from this site of 500 mb some 3 months ago, and after installation, my pc’s task manager was showing cmd 100 disk usage and pc freezed. So, I have to fully reset the pc. So, I think it’s hosting malwares now. And, at that time, I was not having kaspersky. 

How did you come to this conclusion that it was a good site in the past, and now it’s bad? 🙂 I have been using this site maybe more than 10 years, and it had sometimes malicious codes in their downloads during more than 10 years. My point is not this point. I just tell that scope of Web Antivirus protection component must not include the websites where downloads may have malicious things sometimes. This mustn’t be Web Antivirus’s mission. Kaspersky Antivirus protection components related with real time (file antivirus, system watcher, maybe we can include application control,too,--> web antivirus component is different, related with browser security) already does these works of removing threats. If they load the mission of blocking sites where malicious downloads may exist, then Web Antivirus must include all download sites, upload sites where malicious downloads might exist, and this would be a huge conflict which to choose for blocking. for example: mega.nz upload site, there are many downloads, there, too, and time to time those downloads may have malicious codes in them, whoever knows what kind of things the people uploaded. Why is Web Antivirus component not blocking those sites then? This mustn’t be Web Antivirus’s  mission to do that,i just say this point. And oceanofgames.com have games downloaded in it, and of course there may be some downloads (and there were) which are malicious, but just because of this reason, Web Antivirus protection component mustn’t include this site in blocking list. phishing websites, the websites which may compromise client pcs in a dangerous way using javascript codes, or dangerous links, ...etc these kind of sites must be the scope of Web Antivirus module. oceanofgames.com is just a download site and as far as i see, never changed more than 10 years. and it wasn’t in the blocking list more than 10 years, what changed ? This is really ridiculous, i just pointed this point.. Anyway, take care.. 

 

Sincerely..

[Wesly.Zhang]

Hello, @maxmathew 

Your point

Why is Web Antivirus component not blocking those sites then such as mega.nz? why block  "oceanofgames.com” ?

First, web-antivirus has a Website Reputation Database, if a website have a many malicious url which has been detected by kaspersky, This website will be blocked. It is a normal threats response. mega.nz is a download and file share website, the resources stored on this website are diverse. The reputation value of this type of file sharing website may be much higher than that of the website you mentioned, so it will not be blocked after a few malicious links are discovered.

Regards.

[maxmathew]

Hello, @maxmathew 

Your point

Why is Web Antivirus component not blocking those sites then such as mega.nz? why block  "oceanofgames.com” ?

First, web-antivirus has a Website Reputation Database, if a website have a many malicious url which has been detected by kaspersky, This website will be blocked. It is a normal threats response. mega.nz is a download and file share website, the resources stored on this website are diverse. The reputation value of this type of file sharing website may be much higher than that of the website you mentioned, so it will not be blocked after a few malicious links are discovered.

Regards.

Thank you for the information you gave. But I gave these examples (mega.nz, github.com,...) to indicate that blocking simple download sites just because of the fact that the reputation system shows malware is distributed, is a wrong system,in my opinion. This is a war between antivirus companies and malware creators. And every day evolving malware techniques may compromise pcs where antiviruses find another technique to defend against them. This war always goes on. But what i mention here is: by using reputation system,if we try to block every download site where malwares may exist and where reputation values are low, then this would look like this: “this tree has lots of apples and falling on our heads (reputation value is low,i mean) , and we must cut this tree. That tree has some apples on it, it hasn’t so much risk to fall on our heads (reputation value is little higher). So we don’t need to cut it. “  If we block every low reputation download sites to lower the risks of pcs’ being “injured” instead of evolving av techniques to fight with malwares on pcs’ by using real time protection of avs, if we become over-protective by blocking even download sites, then where is the freedom of surfing in internet? Block it, because it spreads malicious downloads, block that, it distributes malicious downloads, block this, block that, in the end, we come to a point that almost all download sites where malicious downloads may exist , were blocked. In my point of view, if there is no other risk, if it’s JUST because a download site has malicious downloads and if there is no other security-related reason, then let kaspersky real time protection detect the threats. Why are you afraid, why are you so protective? (by saying “you”,i meant Kaspersky team) This over-protective manner just helps “preventing freedom of surfing”.  We may think different about this subject, but there is no use to block simple download sites,in my point of view, if there are no other security related reasons rather than just having malicious downloads. 

 

Sincerely..