Major freebie anti-virus scanner Avast has apologised for a cock-up defining the vast majority of the web as malign. Rather than a Howard Beale-style insight into the state of the modern interwebs, the finding of any sites with scripts or frames - including Avast's own support forums - as malign was the result of a rogue virus …
So, Avast goes all Grandpa Simpson on us:
No, Grandpa, that's Google
No, Grandpa, that's El Reg
No Grandpa that's Google again
Now let's see if I can get these html helpfiles restored...
Yes I can.
Yes, I can. At least they let you rescan files in the virus chest and all. Still, ruined my evening...
Fortunately i managed to figure to how to turn the web shield off. (For me it seemed to be everything that some form of Redirect in it, so All Wiki's, my personal web page, and about half of the pages i usually read)
Could just turn off the webshield. It would catch the script in the web cache, but you'd at least have been able to surf the internet.
But them some of the real ones would have slipped through.
It all turned out okay. The ninjas couldn't catch me once I set myself on fire.
Security thrown out with the bath water
Scanning every website you visit for every possible (known) virus is silly.
If you surf the web with any regularity, you need an OS/browser combination that is hardened against infections, and designed to contain them (relatively) safely if they do take hold.
You don't want some gun-slinging wideboy OS walking around shouting "If you shoot first you better not miss because I won't". When in fact said OS misses every time, and drops the keys to the castle behind him as he runs away crying. Jesus.
A bullet can shoot through a peep hole.
The only surefire way to not get infected by the web is to not get on it. In any other circumstance, there WILL be a way. No system is hardened enough against exploits that you can't get owned in some way. A combination of user hacks, privilege escalations, and so on could knock down just about anything: including a "secured" OS.
but I am under no illusion that indiscriminately scanning everything that comes in to my computer against an incomplete blacklist will offer me any level of protection that I couldn't get though equally potent technologies such as prayer, homeopathy, witchcraft etc.
@The Alpha Klutz; So in other words,
because AV doesn't catch *everything*, you are going to turn it off so it might as well not catch *anything*? That is exactly the kind of attitude that will get your computer pwned. New exploits come out for modern, "hardened" browsers every week. Some are disclosed, and some aren't.
"That is exactly the kind of attitude that will get your computer pwned."
Not really, I regularly check what executables are running on my box and dialing into which IP addresses. I haven't spotted any strange activity yet (at least nothing that couldn't be satisfactorily explained as benign with a bit of careful research). And of course I am generally careful about what I do on the computer in the first place.
I could have a rootkit, but so could anyone, because that is exactly the kind of thing that slips through the Antivirus net, regardless of how much it comforts you to believe that you are protected.
Instead of wasting time and/or money on Antivirus software, buy a nice pot plant and put it somewhere near your monitor. It will enrich your life more than any security software.
(that's after you install that secure OS I was talking about earlier, of course)
PS. Obviously I recognise that if you don't know how to use a computer properly, you should use Antivirus software (I make sure my family do), but think of it only as the training wheels on your bike. If you never want to take them off, fine by me, but don't expect me to feel as though my two-wheeled bike is somehow inadequate.
just because AV doesn't catch everything doesn't mean you should shun it. Yes, I realise that Linux malware is rare, which is, I suppose, how you justify your not using AV. But for the 87% of all computer users whose computers run Windows, it is important. Eight years of experience programming (I assume that counts as using a computer properly, but you appear to be the expert on that), and AV has saved my ass several times.
The best example of this I can give you: Firefox allows prefetching of search results, which is on by default. I once googled for something inconspicuous, and my firewall/AV combo caught an intrusion attempt. As it turned out, Firefox prefetched the first result which just so happened to be malicious. The website attempted to attack my computer. No regular monitoring of executables or open connections could have caught that, my friend.
And, FYI: I've seen AV catch rootkits before. Just because it doesn't always doesn't mean you shouldn't try.
"Firefox prefetched the first result which just so happened to be malicious"
I always thought prefetching was a bad idea (or at least, a relatively pointless one). Hopefully in the future software will be designed with these considerations in mind, but you have highlighted our sometimes misplaced trust in the software vendors and their products. Bear in mind of course that placing too much trust in your AV can be as dangerous as placing too much trust in your browser.
It was wrong of me to discount AV completely, or to come across that way. (I LOVE hyperbole).
I just see it as a losing battle, if your AV catches 80% of malware now (just a guess), how much will it catch next month? Next year? In 5 years? At some point the percentage will level off at a relatively useless level, given the exponential growth of malware. I think it would pay to start coming up with alternatives now.
What a doofus
...nothing else to add, really
I know I don't have a virus because my AV says so
and I know my AV works because I don't have a virus
Your argument applied to a different problem:
Did you know that new mutations of bacteria and viruses are discovered constantly? Eventually medicine as we know it will be useless. Therefore, we should stop using medicine and find other ways of protecting ourselves. I propose living in a bubble.
Here's your handle
I have done that. Unless you count cigarettes, cigars, and alcohol. I may not live forever, but I'll last forever.
"Your argument applied to a different problem:"
Because medicine relies on a DIAGNOSIS from a trained professional, in other words a doctor.
Medicine is not an attempt to have the population hopped on drugs 24/7 "just in case" they catch something. In fact medicine fails when applied in this way, you cannot put everyone on antibiotics because then they will stop working.
You may be thinking about vaccination, in which case the closest computing metaphor for a vaccine would be a software patch, (which I am all in favour of, obviously), and not Antivirus software.
Furthermore, do you know what the medical world lacks? Good antivirals.
The Reg reader...
who had to go through the rigmarole of adding an exception to Avast's misfiring software could have just paused or turned off the web scanner - two clicks.
Avast alert finds WHOLE WEB malign
Not the whole web, just about 95% of it.
Re: Avast alert finds WHOLE WEB malign
Caps lock exaggeration for comic effect beats pedantry. But thanks.
For me it was about 50%
Basically, everything that had a redirect in it, so anything running on Mediawiki, lots of forums, The register, and a few other sites.
Saw this happen last night,
I just played World of Tanks 'til it got sorted.
I would complain, but it's free AV software and they sorted it pretty sharpish.
How long until we wake up one morning and find that the entire interweb HAS actually been pwned by the bad guys?
t i t l e
What?... You mean it hasn't already??
what?? you mean...
it hasn't already?
mean it hasn't already?
@Alister @thenim @AC
"We will bury you!" [ Nikita Kruschev - 1964 ]
"When Microsoft releases your virus embedded in the latest MSDOS, you've won the game!"
[ Dark Avenger - 1991 ]
Not just the web
I saw the web alerts yesterday, and assumed that they related to some dodgy ads loaded as part of the page (or which would have been loaded).
This morning on a freshly booted PC and with Avast! updated it started complaining that DVD menu authoring software I run regularly should only be run in the Avast! sandbox.
No such prob on mine
Strange. I must've missed the naughty update: since my web scanner's on, but I haven't seen any such page from Avast! Either that or I only browse the 5% which wasn't affected!
Ironically the Web *IS* malign
Every IT manager pays lip-service to the demand of installing resident antivirus software, but in reality it isn't that effective as a protection. Mainly because the dangerous malware is the new stuff which hasn't yet been examined and catalogued by the AV people. That, and feature-bloat is a major problem with AV software. I guess this is because to the uninitiated, the package with the most 'shields' seems -on paper- like the better one, so to win the sales-war every vendor has to bloat their offerings to the max.
What users don't realise, of course, is that most of these 'shields' are just pointlessly duplicating the action of the core product. If a webpage is scanned before you're allowed to open it, if any file-download from that site is filtered as a data stream, if the downloaded file is then scanned as it is saved to disk, and then scanned yet again as it's launched, how does that achieve anything that scanning the file once doesn't?
The best protection is achieved by a combination of (some or all) of:
Using a more-secure browser
Removing unneeded plugins
Running the browser with limited priveleges
Using a virtual machine
Setting a software-restriction policy which prevents users from launching downloaded .exes
A simple AV product which scans all executable files as they arrive.
I sort of agree with what you are saying but:
"mainly because the dangerous malware is the new stuff which hasn't yet been examined and catalogued by the AV people."
Yes, this is the most dangerous sort of malware - but only for people who are running machines with up-to-date AV software on. If you dont have any antivirus then every virus (even ancient ones) is going to be a risk. The old malware is still out there - its not like Smallpox :-)
of Avast's new functional testing: connect internet tube to computational doohicky.
Sad, but unfortunately that was one of the only updates to accurately label the internet. Back to the fudged results later...
changed to MSE last week after having Avast ( thanx guys ) for years.
being random has benefits !