mapx-
commented
3 years ago @ryanbr
Closed iam-py-test closed 3 years ago
mapx-
commented
3 years ago @ryanbr
iam-py-test
commented
3 years ago @DandelionSprout maybe this could also be fixed in your list? (considering it is used in other extensions)
protected-net
commented
1 year ago I would like to request the removal of totalav.com from your list.
The classification is misleading as TotalAV is one of a few antivirus vendors recommended by Microsoft on their website. https://support.microsoft.com/en-US/windows-antivirus-software-providers
Consistently performs highly in Independent Industry Testing. https://www.av-comparatives.org/awards/total-av/ https://www.av-test.org/en/antivirus/home-windows/manufacturer/protectednet/
Over 90,000 Trustpilot Reviews with a 4.4 rating: https://www.trustpilot.com/review/totalav.com
A member of AMTSO (Anti-Malware Testing Standards Organization): https://www.amtso.org/members
We understand that there maybe an occasional unhappy customer experience online as we have over 35 million users so there will be a high chance of some negatively but as you can see from above we are in no way a threat or fake as you have classified our website.
Thank you for your time and we very much hope you can be kind enough to re-consider this classification.
okiehsch
commented
1 year ago Done.
iam-py-test
commented
1 year ago Protected Net has engaged in a long history of deceptive advertising with TotalAV, and TotalAdBlock (which is blocklisted in EasyList due to it's deceptive ads; just ask ryanbr).
Earlier this year. An ad on the file sharing platform AnonFiles opens this deceptive popup:
Clicking Clean leads to TotalAV: https://tria.ge/230720-3qya9sbh2t/behavioral2
July, a scam notification claiming the system is infected leads to TotalAV: https://app.any.run/tasks/cc0dd977-97e3-4b4a-833b-dfc4d5f0be55/ You can never see a clear view of the URL, so it's impossible to say if there was an affiliate code or not.
Another deceptive ad. This one asks "is your device at risk" and pretends to be an android alert:
Where does it lead? TotalAV: https://tria.ge/230724-z8hfzsha64/behavioral1
All those examples are old because I haven't recently had time to look for malicious ads.
The actual TotalAV program is deceptive: https://www.youtube.com/watch?v=PcS3EozgyhI
Protected Net cited community reviews on Trustpilot. Look at the positive reviews? They were all "invited" and all have only ever reviewed one thing. This isn't true of all the positive reviews, and doesn't make them fake. It's just suspicious. What about other similar websites? Things aren't so great: https://www.mywot.com/scorecard/totalav.com https://www.virustotal.com/gui/url/42047d9bd1c0a9ffda3b38dc9e7e95d809a5b7f4b345dce42088d0ada486f6fb/community Community reviews aren't that reliable though.
Lightly covers one of their three lookalike antiviruses: https://www.youtube.com/watch?v=bIpYJoE7CxA
More sources: https://github.com/notracking/hosts-blocklists/issues/756#issuecomment-1172973042 https://github.com/hagezi/dns-blocklists/issues/1154 I don't have time today to find more sources, but will look later this week.
okiehsch
commented
1 year ago The reason I removed the filter is that the software is recommended by Microsoft atm, now maybe they have been scammed too. I can't say but the badlist is for cut and dried cases only imo.
DandelionSprout
commented
1 year ago The classification is misleading as TotalAV is one of a few antivirus vendors recommended by Microsoft on their website. https://support.microsoft.com/en-US/windows-antivirus-software-providers
The same Microsoft page also recommends McAfee, an AV I wouldn't have recommended to my worst enemies. So I don't think that page is a valid metric.
okiehsch
commented
1 year ago So you think we should block McAfee because you wouldn't recommend it to your worst enemies? What does that even mean? Is it because you think it's malicious or you think it performs badly?
iam-py-test
commented
1 year ago IMO McAfee isn't TotalAV. TotalAV is a PUP/scam, McAfee is legitimate just annoying and bad, and does not regulate their affiliate program. The reason I think TotalAV is malicious has nothing to do with how good it is at being security software. It's about deceptive practices. Norton is also listed on that page, and is a massive privacy offender, and and like McAfee is bundled with OEM Windows installs. It's not malware (though their cryptominer does bring them close). Neither should IMO be blocked as malware. Edit: ignore this poorly written response.
DandelionSprout
commented
1 year ago I've had big gripes with McAfee, mostly from tech shops whose half of their display PCs show "Your McAfee protection has expired". But that's a topic for another time and place.
okiehsch
commented
1 year ago I wouldn't use McAfee or Norton either but that does not mean the microsoft recommendation isn't a "valid metric".
Prerequisites
URL(s) where the issue occurs
totalav.comDescribe the issue
This is a known scam site; see https://github.com/VernonStow/Filterlist/issues/3#issuecomment-854248189, https://malwaretips.com/threads/total-av-is-it-a-scam.80362/, https://www.mywot.com/scorecard/totalav.com, and https://www.virustotal.com/gui/url/ea25fed9a0c7e2e4e53e312ed8679aec71177f7fbf62c4efc2318d44a6d4cb29/detection. There is even a YouTube video saying it is a scam: https://www.youtube.com/watch?v=HIPmnzH-Pr4
### Screenshot(s)N/A
Versions
Settings
-
Notes
I found this domain via a link in the spamy-paied Google results with uBo disabled. The owner/developer has created fake review sites (i.e. https://www.mywot.com/scorecard/safetydetectives.com ) and fake reviews to trick people into installing this scam av. https://www.productreview.com.au/listings/total-av has reports from only a few days ago saying it is a scam