Ronald, Stop Scaring Poor AVG!
Posted by: Giorgio in SQL, Flash, Mozilla, Security, NoScriptSome minutes after I published my post about the Flash unpatched vulnerability being exploited through mass SQL injections, popups of this kind started flying all over my notebook’s desktop:
Since the “virus” was reported to be in my Firefox cache, and since Firefox has not the bad habit of randomly open cached files for execution, I guessed this “threat” was relatively harmless and AVG was just over-reacting to the mere “open for reading” action.
In facts, all my attempts to inspect the offending file using an hexadecimal editor were frustrated with “Access Denied” errors, and AVG on its side refused to give me any argumented detail about this alert.
Hence I typed about:cache in my awesome bar and quickly found a file matching the size of the “menace”: it was http://www.0x000000.com/rss.php, i.e. the RSS feed of Ronald van den Heetkamp’s “Hacker Webzine”…
So, was just a mere van den Heetkamp stink enough to scare the hell out of my cute (and frankly, absolutely virginal) anti-virus?
Actually the most likely culprit is Ronald’s latest article about the hot topic of the day: since he likes to feature generous portions of source code extracted from infected sites, a signature-based engine like AVG have no choice but going wild.
Dear anti-virus vendors, can we have a “Relax, I use Firefox + NoScript” Ronald-friendly option, please?
May 28th, 2008 at 8:05 pm
[…] another reason you may want to give it a spin. UPDATED 2:00 pm: Poor Giorgio. He posted an update to his alert about the Flash vulnerability he started getting popups all over the place stating […]
May 28th, 2008 at 8:45 pm
It’s actually worse, people are writing my provider and telling them to shut my site down :)) LOL it’s being made impossible to write about security.
May 29th, 2008 at 12:42 am
[…] another reason you may want to give it a spin. UPDATED 2:00 pm: Poor Giorgio. He posted an update to his alert about the Flash vulnerability he started getting popups all over the place stating […]
May 29th, 2008 at 11:04 am
If you’re that secure then do you need to run real-time AV? ;-)
May 29th, 2008 at 11:20 am
@Neil:
To have something funny to blog about :)
Actually, here in Italy we’ve got a privacy law requiring companies processing personal data to have a real time AV product installed, working and up to date on every workstation.
Yet another security theater example…
May 29th, 2008 at 11:32 am
Ronald you must write about gadgets and not about security if you want that your host provider dont put off your host xD.
Cheers
May 30th, 2008 at 3:20 pm
I love firefox, but i had AVG…Because very slow and anyway file is alert virus!…
I love and a favorite virus pro ; Avast :D
Thank you…
[Im sorry, because i speak very little English :) ]
June 2nd, 2008 at 11:20 pm
I had the same thing happen a few years ago when I emailed some code not as an attachment as plain text in the body of the email. I had found this code on a clients machine that I knew was a virus, but their av wasn’t picking up, I wanted to inspect it at my PC, well the mail admin came running down to me… your machine has a virus, ahhh… even though I got the email his mail filter picked it up and warned him, it took me about an hour to explain to him how this was happening and why he shouldn’t be concerned.
We should all move away from live scanners, clamav for the win.
June 3rd, 2008 at 10:18 am
And another reason why blacklisted signature-based AV is just useless, I had to re-write te article, I mean I am bowing down before AVG now. But what choice do i have? I wonder how the qualify sites as Securityfocus and Symantec then, who also host such code as examples?
July 20th, 2008 at 12:03 am
Hey Maone, do you ever take a look to Avira Antivir? It’s the best rated by Av-Comparatives:
http://www.av-comparatives.org/