|
rbent Forum
https://rbentonline.org/YaBB.pl General Category >> rbent Lobby >> Browser Add-On? https://rbentonline.org/YaBB.pl?num=1192052679 Message started by bent_eagle on Oct 10th, 2007, 4:44pm |
|
Title: Browser Add-On? Post by bent_eagle on Oct 10th, 2007, 4:44pm Does anybody know why this forum wants to install an add-on to my browser? It says, "This website wants to run the following add-on: 'Microsoft Data Access - Remote Data Services Dat...' from 'Microsoft Corporation'. If you trust the website... (etc.)" I'm a little paranoid right now, because I just found a virus on my computer. Just wondering if anybody else is getting this same message. Thanks. |
|
Title: Re: Browser Add-On? Post by FooRider on Oct 10th, 2007, 6:39pm That's a new one on me. At various times, I've used (gag) Internet Explorer, Firefox, and Safari with this forum, and I've never seen anything like that. |
|
Title: Re: Browser Add-On? Post by Strada177 on Oct 10th, 2007, 7:32pm bent_eagle wrote:
I'm having the same issues with IE. So I downloaded mozilla-firefox this afternoon and have not had any problems in the few times I've accessed the Rbent website(with firefox). I don't get it,I used IE for 6 months without any issue on the Rbent website,now I can't access Rbent with IE. Stinkin' computers/internet! |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 10th, 2007, 7:52pm I only use Firefox and haven't had any issues with it. |
|
Title: Re: Browser Add-On? Post by Strada177 on Oct 10th, 2007, 9:08pm Firefox it is. As nutty as this is, my company's website doesn't support Firefox. Another reason for me not to work & to ride instead! |
|
Title: Re: Browser Add-On? Post by Richard on Oct 11th, 2007, 8:41am I get a message from my virus protection too. Seems like this just started happening. |
|
Title: Re: Browser Add-On? Post by FlyingLaZBoy on Oct 11th, 2007, 10:34am I had it come up yesterday, too... I just said "no thanks" |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 11th, 2007, 11:53am Sheesh.............that sure sounds like a virus attack. Everyone keep answering "No" to the download, or use Firefox, while I investigate. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 11th, 2007, 1:59pm I'm not finding anything suspicious, and even with Internet Explorer, I can't get it to happen. Is there a particular page that does it? |
|
Title: Re: Browser Add-On? Post by FlyingLaZBoy on Oct 11th, 2007, 5:50pm The home page, when I first get there... PB |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 11th, 2007, 7:15pm bent_eagle wrote:
I finally had time to investigate more. There's more info on that message here (http://blogs.msdn.com/ie/archive/2007/04/25/this-website-wants-to-run-the-following-add-on.aspx). As long as it just says the website wants to "run", not that the website wants to "install", then it's just wanting to run a browser add-on that you already have, and not download and install anything. It sounds like your permissions and pre-approvals are just set too low. Raise them, or better yet, switch to Firefox. I use Hijackthis (http://www.download.com/HijackThis/3000-8022_4-10379544.html) to keep an eye on what my browser add-ons are doing. If you use Firefox, add the Adblock (https://addons.mozilla.org/en-US/firefox/addon/10) add-on, and subscribe to a list of known ads, you can browse the entire internet ad free, and Firefox is less prone to malicious code than Internet Explorer. |
|
Title: Re: Browser Add-On? Post by Strada177 on Oct 11th, 2007, 8:44pm Bud_Bent wrote:
I finally had time to investigate more. There's more info on that message here (http://blogs.msdn.com/ie/archive/2007/04/25/this-website-wants-to-run-the-following-add-on.aspx). As long as it just says the website wants to "run", not that the website wants to "install", then it's just wanting to run a browser add-on that you already have, and not download and install anything. It sounds like your permissions and pre-approvals are just set too low. Raise them, or better yet, switch to Firefox. I use Hijackthis (http://www.download.com/HijackThis/3000-8022_4-10379544.html) to keep an eye on what my browser add-ons are doing. If you use Firefox, add the Adblock (https://addons.mozilla.org/en-US/firefox/addon/10) add-on, and subscribe to a list of known ads, you can browse the entire internet ad free, and Firefox is less prone to malicious code than Internet Explorer.[/quote] That's why we call you "Captain",you got it covered. Thanks,Bud. |
|
Title: Re: Browser Add-On? Post by bent_eagle on Oct 16th, 2007, 9:02pm Well, I allowed the add-on to run, and now I can't use my back button while on the forum. Every page I click on adds two bogus pages to the back list, so I have to drop down the back button list and select the last good page. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 16th, 2007, 10:03pm bent_eagle wrote:
Are you saying you didn't dump internet explorer and change to firefox? Better get Hijackthis (http://www.download.com/HijackThis/3000-8022_4-10379544.html), and get your browser add-ons in order, then. |
|
Title: Re: Browser Add-On? Post by Richard on Oct 19th, 2007, 10:12am I downloaded FireFox and it fixed the forum problems. I am fairly impressed with it too. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 19th, 2007, 11:32am Richard wrote:
FireFox has gotten popular enough that hackers are starting to target it, too. But, it's a lot less prone to that stuff than Internet Explorer. That's just one of those things we internet geeks have to watch for, these days. |
|
Title: Re: Browser Add-On? Post by FooRider on Oct 19th, 2007, 6:36pm You could always retreat to Safari 3.0 for Windows. Or Opera. Anything that doesn't require me to spend more time hacking the broken IE box model than actually designing the page layout and graphics. |
|
Title: Re: Browser Add-On? Post by FooRider on Oct 28th, 2007, 5:39pm I have a new wrinkle to add. As of this morning, when I booted up the laptop and automatically received the latest Symantec virus signatures, I get a warning like the following. It happens as soon as I open the forum's main page or an individual posting. |
|
Title: Re: Browser Add-On? Post by robert.j on Oct 30th, 2007, 8:40am The last few days I've been getting a warning similar to Foo's. Happens pretty much anytime I open the website or click on a different page. Our Symantec virus program calls something named "downloader" a "risk." |
|
Title: Re: Browser Add-On? Post by FlyingLaZBoy on Oct 30th, 2007, 11:32am Ditto..... |
|
Title: Re: Browser Add-On? Post by FooRider on Oct 31st, 2007, 5:07pm Symantec anti-virus seems to be the common thread here. I get the same behavior on my work machine and on my laptop, both of which are running Symantec. My home desktop machine, which runs ZoneAlarm anti-virus has no complaints. The warnings started upon installation of the 10/29 virus signatures update, but the information at the Symantec web site indicates that the Download virus was discovered and dealt with 'way back in 2001. This leads me to suspect that Symantec may be falsely auto-detecting something that's loaded into the browser cache when hitting the RBENT forum. Since you never get to see a file name (only some obfuscated cache data path), it's hard to guess what Symantec might be kvetching about. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Oct 31st, 2007, 7:10pm FooRider wrote:
Bingo. That's Symantec's (Norton's - it's all the same) specialty: falsely reporting viruses. But they are so big, it will probably be YABB (our forum software) who makes a change on the next version so that Symantec won't report a virus. It's Symantec's email thing that really drives me crazy. The vast majority of viruses (and falsely reported ones) are sent in email. Symantec sends a reply to every return email address for every email virus it reports. Well, guess what? Virus authors don't use their own email address as a return address (big surprise there, huh). They spoof other return addresses (you can put any return address you like when you send email). My main email address has been sitting on my website since 1996, so it is a favorite address for virus authors to spoof. Whenever there really is a new virus going around by email, I get hundreds or even thousands of emails a day, most of them generated and sent by Symantec. The overloaded email servers that Symantec causes always end up doing more damage across the internet than the actual virus did. So, don't get me started on Symantec. When I first booted my new laptop a few weeks ago, it took me less than three minutes to get Symantec, which had come with it, uninstalled. IMHO, the two worst major software programs in the world are (1) Norton Anti Virus and (1A) Microsoft Internet Explorer. I strongly recommend against using either. Ok, I feel better. I try not to rant too often on this forum, but I guess that counts as one. |
|
Title: Re: Browser Add-On? Post by Richard on Nov 1st, 2007, 8:53am Lets see... the soltion to the problem is worse than the problem? :-/ Symantec must be a branch of the gubment . :o |
|
Title: Re: Browser Add-On? Post by FooRider on Nov 1st, 2007, 7:01pm Maybe, but I did a bit of Googling around today and found that others have experienced similar problems with web pages: http://www.castlecops.com/t160127-Downloader_Virus.html I don't know how someone could have hacked into Perl-generated pages, but it might be worth Bud taking a look. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Nov 1st, 2007, 10:12pm FooRider wrote:
I'd already checked the source code from rbent pages, and found nothing. Today, I used the virus scanner on the site, and found the reason for the virus warnings. I have files on the site which are, get this, downloaders. That is, they are just short executable programs which do nothing except download and run the larger main setup programs for my software. The files are fine; I checked them again. They are not viruses, but I guess this is the same technique that virus downloaders use, so virus programs don't like it. The strange thing is that these files are located in folders completely away from rbent, and nothing in rbent accesses anything in these folders. I guess Norton checks the entire site now. That must be the change with the new version. The funny part is, if I paid a few thousand dollars to get these files properly "signed", I'm sure they wouldn't get this virus message. It's all a racket. We really would be better off with rbent on a site dedicated just to it. Someone tell me again why we can't get rbent.org. I already need to redo my setup programs (they don't work with Vista, of course; Microsoft makes sure everything get obsolete quickly), but I just don't have much time for my software these days, and it no longer justifies a lot of work spent on it, so I'm not sure when I'll get around to updating the setup programs. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Nov 1st, 2007, 10:20pm Now that I think about it, maybe it's time to move rbent to its own domain. A domain and hosting is pretty cheap. Surely, between all of us, we could raise enough money to pay for a domain and hosting. I could make the default files in the rbent folder on this site redirect to the new site, so everyone's old bookmarks would still work. What domain should we get? rbent.us? rbent.info? |
|
Title: Re: Browser Add-On? Post by FooRider on Nov 2nd, 2007, 6:32am As much work as I've done with web stuff, there are still holes in my knowledge. That said, I'm having a difficult time imagining how my local AV client would be detecting downloaders you have located outside the forum software's resource path(s). In fact, what I'm seeing when Symantec throws its hissy fit is that it's detecting on something that has been downloaded to the browser cache—and I'm not talking about anything malicious, here. Downloading HTML, images, etc. is (of course) just what browsers do. I can certainly understand why you'd want to get the forum off your personal hosting, but I'm not confident that would alleviate the problem we're seeing. By the way, rbent.org may not be available (see my PM), but RBENTONLINE.ORG is. Seems to me there's a symmetry there: when we're here, we're RBENT Online. When we're riding together, we're RBENT On-road. :P |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Nov 2nd, 2007, 8:31am I've sent you my email address. If there was something about YABB's code in the rbent folder causing the warnings, I would think there would be other YABB forums generating virus warnings, and I haven't found any evidence of that. We're using strictly the original YABB software; I've changed nothing except for adding the rbent logo. rbentonline.org would work. I'm thinking that my hosting allows a second domain name on the same hosting account. I'll check into that. That might be an extremely cheap way to give rbent its own home. |
|
Title: Re: Browser Add-On? Post by FooRider on Nov 2nd, 2007, 10:56am You could be right. I don't know how other providers do it, but when you register a domain with GoDaddy, they provide a configuration option called "masked redirect" (or something like that). Essentially, this means that if you don't attach the domain to specific hosting but only tell it to redirect to a URL - say, http://spinnerbaker.com/rbent/ - the URL displayed in the address bar would "mask" so that it still read http://www.rbentonline.org. On the other hand, if rbentonline.org were attached to your hosting, I think it simply becomes an alias for spinnerbaker.com and that you'd have to use http://rbentonline.org/rbent/ to get to the forum. So in a way, the redirect might be easier and make it look more like a stand-alone site. As far as the virus thing, it looks like it might be the counter implementation that the AV is griping about. And, as I mentioned in my e-mail, it looks like the URL that's being built into the src attribute may not even be active, currently. Weird stuff. |
|
Title: Re: Browser Add-On? Post by FlyingLaZBoy on Nov 2nd, 2007, 2:28pm I'll chip in what I can towards RBENTOnline.com, or .org, or whatever........ Pain in the butt modern technology..... |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Nov 2nd, 2007, 8:05pm Everyone let me know if you still get the warnings. Foo may have found the offending code. It was sitting in the default template, so I just deleted it. Now I need to go to YABB's site and see if I can find a default default template (that sounded redundant, huh). If the offending code isn't in it, then we have suspicious activity here, or my nasty old hosting service added it. |
|
Title: Re: Browser Add-On? Post by catroad254 on Nov 2nd, 2007, 8:10pm I'll chip in also. By the way it's not just a Norton thing - PC-cillan also gives a similar warning. Ken |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Nov 2nd, 2007, 8:57pm catroad254 wrote:
But I suppose PC-cillan doesn't give any file or code details either? |
|
Title: Re: Browser Add-On? Post by FooRider on Nov 3rd, 2007, 8:42pm Bud_Bent wrote:
All clear here, Bud. |
|
Title: Re: Browser Add-On? Post by catroad254 on Nov 3rd, 2007, 9:17pm Strange, after I posted last night the warnings went away. I don't know whether I should be suspicious or be happy. Ken |
|
Title: Re: Browser Add-On? Post by FooRider on Nov 3rd, 2007, 9:27pm Ken, it probably means that the suspicious-looking script code that Bud removed is what was giving the AV programs heartburn. |
|
Title: Re: Browser Add-On? Post by FlyingLaZBoy on Nov 5th, 2007, 12:52pm Yaaaaaay, it's gone!!!!!!! |
|
Title: Re: Browser Add-On? Post by robert.j on Nov 5th, 2007, 1:08pm Gone on both home and office systems. Thanks, Bud, or whoever was responsible for fixing the annoying popups. |
|
Title: Re: Browser Add-On? Post by Bud_Bent on Nov 5th, 2007, 2:00pm I never did get a real answer for where the strange code came from. I just need to keep a close eye on things. |
|
rbent Forum » Powered by YaBB 2.1! YaBB © 2000-2005. All Rights Reserved. |