Author Topic: False Alarm - currency converter  (Read 4792 times)

0 Members and 1 Guest are viewing this topic.

artfire

  • Guest
False Alarm - currency converter
« on: March 19, 2009, 09:31:55 PM »
Just dropping by to mention that our currency converter is triggering a false alarm since yesterday for avast users.  While we have posted that this is a false positive, I lost my first paying customer today due to this and our members are likely currently losing sales.

www.artfire.com

I sent an email to support but would appreciate it if someone would contact me regarding updating the avast definitions.


tony at artfire dot com

THANKS!

onlysomeone

  • Guest
Re: False Alarm - currency converter
« Reply #1 on: March 19, 2009, 09:40:58 PM »
and where can this currency converter be found?

artfire

  • Guest
Re: False Alarm - currency converter
« Reply #2 on: March 19, 2009, 10:01:47 PM »
It is in the footer on most pages.  I think the issue is that it is a JS call to a remote server.  This updates daily and displays geographically appropariate currency based on IP.

Here is a screen shot of the malware warning.



Thanks.
Tony

onlysomeone

  • Guest
Re: False Alarm - currency converter
« Reply #3 on: March 19, 2009, 10:22:27 PM »
It is in the footer on most pages.  I think the issue is that it is a JS call to a remote server.  This updates daily and displays geographically appropariate currency based on IP.

Here is a screen shot of the malware warning.



Thanks.
Tony

Did you try to report it as false positive?
In the screen shot you posted you see in the right lower corner of the avast! warning the possibility of "report as false positive"...
you can write a description there, and if it is indeed a false positive, I'm quiet sure that it will be solved as soon as possible :)

artfire

  • Guest
Re: False Alarm - currency converter
« Reply #4 on: March 19, 2009, 10:25:41 PM »
I don't use avast.  This was sent to me by a member.  She mentioned that the report for a false positive required information she did not know.

I am merely trying to connect with someone in support as this false positive is now impacting the revenues of my member artisans.  Hopefully between this forum and my emails we can work together to get this issue straightened out.

THANKS!

onlysomeone

  • Guest
Re: False Alarm - currency converter
« Reply #5 on: March 19, 2009, 10:34:35 PM »
I'm sorry because I can't directly help you, but false positives are usually solved quiet fast...

the e-mail address to write to (if you haven't already done) is:
virus (at) avast (dot) com

describe your problem and also give them a link to this forum page...

I wish you luck  :)

yours
onlysomeone

kubecj

  • Guest
Re: False Alarm - currency converter
« Reply #6 on: March 19, 2009, 10:42:43 PM »
Yep, this was a false positive which was fixed earlier this morning.

OTOH, it's caused by something I consider quite wrong - obfuscating and encrypting javascript. Since malware does this almost always, we'll may be forced to detect the obfuscation and not the content in near future and such problems will arise.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: False Alarm - currency converter
« Reply #7 on: March 19, 2009, 10:55:27 PM »
obfuscating and encrypting javascript. Since malware does this almost always, we'll may be forced to detect the obfuscation and not the content in near future and such problems will arise.
Can users avoid this using NoScript into Firefox, I suppose.
Does Webshield alert allow user to inform false positives like the file scanner?
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86816
  • No support PMs thanks
Re: False Alarm - currency converter
« Reply #8 on: March 19, 2009, 11:05:16 PM »
No,it doesn't matter if you use NoScript or not.

avast would still detect the obfuscated javascript on the source code of the page, it doesn't have to run the script to be detected by avast.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: False Alarm - currency converter
« Reply #9 on: March 19, 2009, 11:27:20 PM »
No,it doesn't matter if you use NoScript or not.
avast would still detect the obfuscated javascript on the source code of the page, it doesn't have to run the script to be detected by avast.
I know that, just that the obfuscated script will be blocked by NoScript, won't it?
The best things in life are free.

artfire

  • Guest
Re: False Alarm - currency converter
« Reply #10 on: March 19, 2009, 11:29:52 PM »
Thanks!  I greatly appreciate your attention to this.  We had this in place many months ago and the obfuscation element had not occurred to me. I apologize. Had I thought of that, I would have mentioned it in my original post.  

 I have reviewed my notes on the project and that was a choice we made when we implemented.

To respond to that issue - there are legitimate competitive advantage reasons to use obfuscation.  In our particular market there at least 60 competitors.  Even the top player has not yet put this level of currency conversion (or any for that matter) in place.  We find our functions, marketing and even subcontractors quickly copied as we strive to innovate faster than the other venues.    As this function tested as high value to our customers and other sites had not yet determined how to effectively implement this service, we didn't want to hand them the answer on a silver platter.   Market differentiation and offering a unique value proposition are even more important in a down economy.

I certainly understand the reasoning behind this identification factor.  But, as media cycles shorten, competitive intelligence is made easier and Darwinian Capitalism forces rapid, lean adaptation, the ability to make it just a little harder for your competitors to copy you is likely to be a common practice.

Thanks again.

Tony
« Last Edit: March 19, 2009, 11:31:24 PM by artfire »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86816
  • No support PMs thanks
Re: False Alarm - currency converter
« Reply #11 on: March 20, 2009, 01:27:11 AM »
No,it doesn't matter if you use NoScript or not.
avast would still detect the obfuscated javascript on the source code of the page, it doesn't have to run the script to be detected by avast.
I know that, just that the obfuscated script will be blocked by NoScript, won't it?

Yes, all script obfuscated or otherwise would be blocked by NoScript but my reply was related to your response to kubecj, which I took be would noscript stop avast detecting obfuscated script.

obfuscating and encrypting javascript. Since malware does this almost always, we'll may be forced to detect the obfuscation and not the content in near future and such problems will arise.
Can users avoid this using NoScript into Firefox, I suppose.
Does Webshield alert allow user to inform false positives like the file scanner?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security