Siglent.eu - Malwarebytes shows riskware

[807]

Whenever I try to visit siglent.eu, I get a warning that the site is not secure, and a riskware popup from Malwarebytes. This happens in firefox, chrome and edge.

I know that sometimes Malwarebytes can indicate false positives, but there must be a reason why the website triggers this response. This isn't a recent event it's been doing it for months (years?). Surely the website creator can put this right?

[coromonadalix]

kill your software, and this site works with no warning on my side

edge and waterfox and firefox

it is an official site so far ?   unless other(s) say otherwise

Download section is working fine ?

[wraper]

"connection not secure" appears only because Malwarebytes interfered with it. As of why, who knows, it says riskware, not even malware.

[tautech]

http://www.siglenteu.com/

[rf-loop]

@807 and all
 
If one want to visit Siglent's official website in European region, correct address is:

https://www.siglenteu.com/

 There is often confusion about this. Someone has also come to tell me that he has looked some information on Siglent's website and then when we wondered about it, it turned out that people had never even visited Siglent's website, but that dealer's website and was under the belief that it was Siglent's website.  It has often caused confusion. 
Of course, it says on the page that it is an authorized distributor, but a surprising number of people still thought they had visited the device manufacturer Siglent's website.

[807]

@coromonadalix...I did quit Malwarebytes & the warning went away, & no, I didn't have to start a thread about it, but I thought it would be helpful feedback, knowing that tautech would read a thread that mentioned Siglent 

It may well be a false positive, but there's still a reason why it's flagged up. If I was a web creator & this happened to my website, I would want to know why & then do something about it, rather than ignore it & potentially lose hits to my website.

[807]

All the other Siglent websites work OK. This is the order that is shown when I Google for "siglent"...

siglent.eu
siglenteu.com
siglent.co.uk
int.siglent.com

[2N3055]

All the other Siglent websites work OK. This is the order that is shown when I Google for "siglent"...

siglent.eu
siglenteu.com
siglent.co.uk
int.siglent.com

siglent.co.uk - Siglent Products from Telonic Instruments
siglent.eu  - Siglent authorized distributor

Siglent (company itself):
siglenteu.com
siglentna.com
siglent.co.jp
www.siglent.com
int.siglent.com

[jjoonathan]

> Surely the website creator can put this right

Yeah, but it's non-trivial for important reasons.

Here's what is supposed to happen: your computer trusts a bunch of root certificate authorities to sign off on websites. This list is determined by your browser/os/antivirus. Every connection needs to be signed off by one of the authorities. This prevents "man in the middle" attacks where some goober at your ISP or landlord or employer or Starbucks pretends to be amazon.com and tries to steal your credentials / bomb you with ads. How does your browser know if it's talking to the real amazon or goober amazon? By seeing if the certs are signed. The cert authorities don't sign off on goobers.

Here's a common problem: what if a CA gets caught signing off on goobers? Then Google/Microsoft/Malewarebytes pull that CA and all the sites they signed stop working for you until they find another CA. It could be that your browser/os/antivirus revoked the CA but siglent's browser/os/antivirus didn't because China is less concerned about the particular goober than Google/Microsoft/Malewarebytes. In that case the website looks good to siglent but you get a warning as if someone was trying to pull off an attack even though the actual problem is administrative/political. Here's another common problem: if siglent gets a cert that expires in 2 years and then the website administrator for the English domain leaves in 1 year and either forgets to leave a note to renew or the new guy doesn't internalize the need to act on the note, the existing cert expires and boom you get a warning. At least in this case everyone will see the same warning and it should be fixed quickly.

99% of the time if you see one of these warnings it's a false positive and an indication of an administrative/political snafu rather than an actual MITM attack. The language on the cert warnings is dire because if most people condition themselves to bypass the errors, the system stops being an effective deterrent. However, because the language *is* dire and the system *is* an effective deterrent, 99% of the time the right move is to bypass. If you're just window shopping new oscilloscopes, bypassing is probably fine. Just try not to get so complacent that you would bypass and then fill in an important login or payment form.

EDIT: changed the language to not point so squarely at siglent, there's a good chance the snafu didn't start with them.

[2N3055]

> Surely the website creator can put this right

Yeah, but it's non-trivial for important reasons.

Here's what is supposed to happen: your computer trusts a bunch of root certificate authorities to sign off on websites. This list is determined by your browser/os/antivirus. Every connection needs to be signed off by one of the authorities. This prevents "man in the middle" attacks where some goober at your ISP or landlord or employer or Starbucks pretends to be amazon.com and tries to steal your credentials / bomb you with ads. How does your browser know if it's talking to the real amazon or goober amazon? By seeing if the certs are signed. The cert authorities don't sign off on goobers.

Here's a common problem: what if a CA gets caught signing off on goobers? Then Google/Microsoft/Malewarebytes pull that CA and all the sites they signed stop working for you until they find another CA. It could be that your browser/os/antivirus revoked the CA but siglent's browser/os/antivirus didn't because China is less concerned about the particular goober than Google/Microsoft/Malewarebytes. In that case the website looks good to siglent but you get a warning as if someone was trying to pull off an attack even though the actual problem is administrative/political. Here's another common problem: if siglent gets a cert that expires in 2 years and then the website administrator for the English domain leaves in 1 year and either forgets to leave a note to renew or the new guy doesn't internalize the need to act on the note, the existing cert expires and boom you get a warning. At least in this case everyone will see the same warning and it should be fixed quickly.

99% of the time if you see one of these warnings it's a false positive and an indication of an administrative/political snafu rather than an actual MITM attack. The language on the cert warnings is dire because if most people condition themselves to bypass the errors, the system stops being an effective deterrent. However, because the language *is* dire and the system *is* an effective deterrent, 99% of the time the right move is to bypass. If you're just window shopping new oscilloscopes, bypassing is probably fine. Just try not to get so complacent that you would bypass and then fill in an important login or payment form.

EDIT: changed the language to not point so squarely at siglent, there's a good chance the snafu didn't start with them.

Again: that is not Siglent site.
That is a company that sels Siglent stuff..

[KungFuJosh]

Again: that is not Siglent site.
That is a company that sels Siglent stuff..

Yeah, this whole thread doesn't belong here.

[807]

While I realise that it's not the manufacturers website, it still reflects on them, as the .eu site is an authorised distributer of their stuff, with the Siglent logo showing next to their address in the search list. So I would have thought that Siglent would show interest in the problem.

I've changed the thread title to indicate it's a Malwarebytes problem, rather than a browser problem.

[coromonadalix]

well     Siglent should do some cleanup and tell other "look a like site(s)"  to change their name(s)   just bring confusion   pffffffff

I did use this site to recover docs and fw updates

well  my bad if it is  .........