Blocking common PUAs
So I have been seeing a lot of clients coming to us with "DNS Unlocker", "OneSystemCare", "WinZip Driver Updater", "PC Mechanic", and the like. Even those with the managed AV.
I have been trying to figure out where they are getting this from, and put myself in the shoes of someone completely lobotomized on the Internet. I found 2 potential culprits.
- The first one is actually Bing. People joke around a lot about Bing being bad, but it is actually harmful for some users. The difference between Bing and Google when you search for software is that Google shows the official website at the top of the search, while Bing shows stuff like Cnet and Softonic (depending on the popularity of the software). Although those sites aren't innherently bad, they do contribute to the second culprit.
- Ads! This is where the end user gets all their premium quality software. Those big flashy download buttons that are displayed on ads right next to the website's own download button. Those scary looking messages saying "you have over 9000 issues detected! click here for ez fix!". During my simulated lobotomy I found these very enticing to click on.
I have had a lot of success in simply installing an adblocker, and setting their standard search engine to Google.
Now, this lead me to checking out MaxFocus' web protection. But that doesn't quite cut it. It has the functionality I want, but its filters are incredibly lackluster. I tried blocking the "Web Advertisements", but I could hardly notice any ads being blocked. A few got blocked, but others quickly took their place. I looked up the common ad websites in the "Website Lookup" tool in MaxFocus. Turns out most of them were under "Computer and Internet Info"! I don't want to block all the computer and internet info in the world! (although knowing these filters, that probably won't amount to much)
So I tried adding custom filters. Emphasis on 'tried'. The filters needed to be imported as a CSV. Okay, so all the web filters in the world are txt. But alright, I'll play along. Then I converted one to CSV. This should work, right? sigh
Nope, MAX 300 entries allowed. Eh.. what? I'm sorry, but... what even is this? What is the intended purpose of this feature?
How are you solving this? Any tips?
submitted by Stabington