Downloading from UTT website

Happy New Year all.

When I tried to download the CRJ1000 from http://www.unitedtrafficteam.com/index.php/ai-models/utt/item/this-utt-ai-bombardier-canadair-crj-1000-model Malwarebytes warned me off it.

Am I safe to override this or have there been issues with UTT's website anyone is aware of? Is there perhaps somewhere else that's 'safe' I could get this a/c from?

TIA

Neil

Probably just a fluke. I have Malwarebytes installed and just downloaded the FSX version of the CRJ using Chrome without any flak.

Chrome does flag the site as 'Not Secure', but I've run into multiple FSX related sites that share that issue.

I had the paid version of Malwarebytes a while ago. Gave it up because of too many false alarms.

Jorgen

Was the warning something about the connection not being secure?

If so, that's only because the web Dev of that website has not installed a TLS certificate in the website server so you see that nice little feel good padlock in your address bar. So right away the website is now dubbed evil and naughty and must comply with Google's monarchy of mandatory TLS encryption...

https://www.virustotal.com/gui/url/c0614e1ea380fb75dd540b9aef351f74dbebbbb524d103c1fbd5387226b65ad8?nocache=1

Just so you know, anti-virus now-a-days is not. It's over bloated and analogous to a barf bag. It also intercepts your TLS connections to a website because it has to in order to "protect" you. Then it more than likely feeds your telemetry to anti-virus headquarters. It's so bad that one anti-virus product packed its very own crypto miner so they were making money at your CPU's expensive.

I stopped using an anti-virus some 8 years ago. I'm very computer smart, never got magically infected, no PUPS or encountered some Guy Fawkes mask wearing hacker invading my computer with a RAT (Remote Access Trojan) or otherwise.

I do three chief things:

1) Scan ALL downloads (actually check their SHA256 hash) at Virus Total. The general consensus is four hits and you toss, but it depends on what you got. A game hack for example will ring more bells than Anita Ward could ever dream of. I also look at the Behaviors and YARA results of the scan. I have edited the Wikipedia page on VirusTotal to include the part about the U.S. Cyber Command giving VirusTotal unclassified malware samples...

2) I run the now FOSS (Free Open Source Software) Sandboxie classic for my browsers. So should malicious JavaScript et al get rendered in the browser, it will hopefully stay in the sandboxed environment and not jump to the OS for execution. Sandboxie can and will protect you from a lot of zero days and ransomware.

3) Make periodic full 1:1 hard drive clones and data backups on many forms of media that are kept external to the computer in $35 fireproof safes and manually encrypted and sent to the "cloud".

From the Wikipedia entry:

Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability.

So don't scan personal files like PDFs or whatever.

I once wanted to know who was checking out the submitted files to VirusTotal. So I used a file laced with what is called a canary token that is harmless and uploaded that to VirusTotal and waited. I saw most IP hits generated from that file's access were from China with the rest coming from Russia and other countries. https://www.fortinet.com/resources/cyberglossary/what-is-canary-in-cybersecurity

This doesn't invalidate VirusTotal's usefulness or anything. It just shows you who's looking at the uploaded files for their malware research purposes.