Some minutes after I published my post about the Flash unpatched vulnerability being exploited through mass SQL injections, popups of this kind started flying all over my notebook's desktop:
AVG Notification: Threat Detected in a Cache File
Since the "virus" was reported to be in my Firefox cache, and since Firefox has not the bad habit of randomly open cached files for execution, I guessed this "threat" was relatively harmless and AVG was just over-reacting to the mere "open for reading" action.
In facts, all my attempts to inspect the offending file using an hexadecimal editor were frustrated with "Access Denied" errors, and AVG on its side refused to give me any argumented detail about this alert.

Hence I typed

about:cache

in my awesome bar and quickly found a file matching the size of the "menace": it was

http://www.0x000000.com/rss.php

, i.e. the RSS feed of Ronald van den Heetkamp's "Hacker Webzine"...

So, was just a mere van den Heetkamp stink enough to scare the hell out of my cute (and frankly, absolutely virginal) anti-virus?
Actually the most likely culprit is Ronald's latest article about the hot topic of the day: since he likes to feature generous portions of source code extracted from infected sites, a signature-based engine like AVG have no choice but going wild.

Dear anti-virus vendors, can we have a "Relax, I use Firefox + NoScript" Ronald-friendly option, please?

11 Responses to “Ronald, Stop Scaring Poor AVG!”

  1. #1 Peng’s links for Wednesday, 28 May « I’m Just an Avatar says:

    [...] another reason you may want to give it a spin. UPDATED 2:00 pm: Poor Giorgio. He posted an update to his alert about the Flash vulnerability he started getting popups all over the place stating [...]

  2. #2 Ronald van den Heetkamp says:

    It's actually worse, people are writing my provider and telling them to shut my site down :)) LOL it's being made impossible to write about security.

  3. #3 Peng’s links for Wednesday, 28 May » lolcat.us says:

    [...] another reason you may want to give it a spin. UPDATED 2:00 pm: Poor Giorgio. He posted an update to his alert about the Flash vulnerability he started getting popups all over the place stating [...]

  4. #4 Neil says:

    If you're that secure then do you need to run real-time AV? ;-)

  5. #5 Giorgio says:

    @Neil:
    To have something funny to blog about :)
    Actually, here in Italy we've got a privacy law requiring companies processing personal data to have a real time AV product installed, working and up to date on every workstation.
    Yet another security theater example...

  6. #6 Sirw2p says:

    Ronald you must write about gadgets and not about security if you want that your host provider dont put off your host xD.

    Cheers

  7. #7 BlogCini says:

    I love firefox, but i had AVG...Because very slow and anyway file is alert virus!...

    I love and a favorite virus pro ; Avast :D

    Thank you...

    [Im sorry, because i speak very little English :) ]

  8. #8 Changlinn says:

    I had the same thing happen a few years ago when I emailed some code not as an attachment as plain text in the body of the email. I had found this code on a clients machine that I knew was a virus, but their av wasn't picking up, I wanted to inspect it at my PC, well the mail admin came running down to me... your machine has a virus, ahhh... even though I got the email his mail filter picked it up and warned him, it took me about an hour to explain to him how this was happening and why he shouldn't be concerned.
    We should all move away from live scanners, clamav for the win.

  9. #9 Ronald van den Heetkamp says:

    And another reason why blacklisted signature-based AV is just useless, I had to re-write te article, I mean I am bowing down before AVG now. But what choice do i have? I wonder how the qualify sites as Securityfocus and Symantec then, who also host such code as examples?

  10. #10 Lucas Malor says:

    Hey Maone, do you ever take a look to Avira Antivir? It's the best rated by Av-Comparatives:

    http://www.av-comparatives.org/

  11. #11 FXを学ぶ says:

    FXを学ぶ!!!

Bad Behavior has blocked 2579 access attempts in the last 7 days.