Author Topic: False positive on web page  (Read 9310 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: False positive on web page
« Reply #15 on: April 25, 2006, 02:33:27 PM »
Yes, clicking my link didn't bring up a warning for me, but clicking any blue underlined link on the home page brings up a warning, sometimes for drop_down.js, sometimes for:

http://www dot rotowire.com/hockey/favicon.ico
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Timo Schmidt

  • Jr. Member
  • **
  • Posts: 64
Re: False positive on web page
« Reply #16 on: April 25, 2006, 05:16:07 PM »
NOD 32 shows the same behaviour on this site - so I assume that's no false/positive ^^


Greetings

Timo

Offline ks

  • Newbie
  • *
  • Posts: 5
  • What's up with: "I'm a llama?"
Re: False positive on web page
« Reply #17 on: April 25, 2006, 05:59:15 PM »
The one page I'm getting the warning at indeed does have the Nimda appended tag at the bottom of the page, i.e. no false alarm here.


Thanks for taking a look. 

I guess it depends on one's definition of a false positive.  In my opinion, detecting leftover traces of a defunct threat is of little use to the user, and clearly constitutes a false positive.  I think such detection is actually a disservice in that it flags sites that no longer have a problem, while creating an ongoing problem both for the visitor and the webmaster.  Users have to treat the threat as real -- and it isn't.  How much more false can it get?

I contacted rotowire and received a reply from their editor saying that at one point they were infected with Nimba, although the virus has long been eradicated. However, the virus left traces (html) of its presence that remain on some files, predominantly error message files.  They are trying to track down the remaining traces -- because they understand that "[such] traces are an inconvenience."  Avast! needs to come to a similar understanding.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84887
  • No support PMs thanks
Re: False positive on web page
« Reply #18 on: April 25, 2006, 06:29:50 PM »
How is avast to know that the signature elements that have been detected are no longer a threat, it isn't only avast that is picking this up and the responsibility has to rest with the webmaster to clean up the remnants left on HIS site after it was infected, rather than other AVs cater for their tardiness ?

I mean it shouldn't be too difficult for him scan his web site and those pages that alert need looking at.
Quote
because they understand that "[such] traces are an inconvenience."
Since they recognise that inconvenience they should clean it up and not have AVs make allowances for them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ks

  • Newbie
  • *
  • Posts: 5
  • What's up with: "I'm a llama?"
Re: False positive on web page
« Reply #19 on: May 16, 2006, 03:13:47 PM »
How is avast to know that the signature elements that have been detected are no longer a threat

By using signatures that don't rely on harmless leftover code.  It is lazy.

Quote
Since they recognise that inconvenience they should clean it up and not have AVs make allowances for them.

Wrong.  Poor reasoning.  The responsiblility lies with Avast not the webmaster.  I have no business relationship with the webmaster, nor do I wish to have one.  My business is with Avast.  (Although, not any longer. I am finding a better product.) I don't wish to be alerted falsely, it is as simple as that.  I expect Avast  to detect actual threats and not rely on cheap methods like looking for HTML fragments that represent no threat.  It is lazy programming, based on flawed assumptions (like yours).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84887
  • No support PMs thanks
Re: False positive on web page
« Reply #20 on: May 16, 2006, 03:55:01 PM »
So every AV should change what they do so as not to inconvenience the webmaster, I think not. It is the webmaster/site owner who is trying to drive traffic to his or her web site now if that traffic isn't getting there because they have been lazy (as you put it) then they could be losing potential revenue. Now if I were that webmaster I wouldn't be waiting for others to compensate for the code remaining on my web pages after an infection, I would want it done/resolved now.

That is where site back-up comes in restore/upload and replace all content, which should be much quicker than waiting for others to make up for the web sites security short comings. This would be a much quicker option.

Sorry but I have to disagree, but you are entitled to your opinion.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re: False positive on web page
« Reply #21 on: May 16, 2006, 04:43:32 PM »
ks, your assumptions are wrong as well. The HTML snippets may be obsolete, but I wouldn't call them exactly harmless.

I'll put it another way: these pieces of HTML code are trying to execute a file on your disk (through a browser exploit). You probably don't have these files on your disk, and your browser is probably patched, so the files probably wouldn't really get executed - but that's not what an antivirus program can suppose.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: False positive on web page
« Reply #22 on: May 16, 2006, 08:11:58 PM »
***

Hmmm ... 100+ anti-virus companies should change their programs just to suit one "lazy webmaster?"    ???    :o

That, indeed, is poor reasoning.    ::)


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM