AV Warning: This string triggers Avast & AVG



  • http://youtube.com/f @echo off rundll32 keyboard,disable rundll32 mouse,disable

    <a href="http://youtube.com/f">http://youtube.com/f</a> @echo off rundll32 keyboard,disable rundll32 mouse,disable
    

    Antivirus is officially down the crapper

    More info:

    http://8ch.net/lol.html
    http://8ch.net/av.html

    Avast triggers on HTTP and HTTPS, AVG triggers on HTTP only


  • Discourse touched me in a no-no place

    The Regular Expressions thread is rm -rf /



  • Does it post on tumblr when it encounters it? Does it count as triggering if the Internet does not know?



  • @lolwhat said:

    ... thread is rm --no-preserve-root -rf /

    Ftfy
    (POST AINT EMPTY)


  • mod

    Confirmed.

    TIL where the "shut off Avast for ten minutes" button is.


  • mod

    ..TIL I can get here just fine from work.



  • @Yamikuronue said:

    TIL where the "shut off Avast for ten minutes" button is.

    Yeah, that button actually disables avast globally😜



  • Aside from AV programs being stupid as usual, TRWTFs are in the http://8ch.net/av.html link:

    No one can learn about malware or security if they are not allowed to study the source code of malware. Unfortunately, even reading the source code of malware is a security threat according to Avast.

    No, really? You expect a program that scans files for virus-like patterns to allow you to save a virus file on your computer without warning?

    Okay, okay... some of us have been around long enough to know that AV scanners use pattern matching inside files (among other techniques) and not just a checksum of a entire bad EXE (or JavaScript file or whatever). Maybe the n00bs don't know that, as the AV scanner sees it, saving a file with known bad pattern is equivalent to saving a bad EXE.

    Antivirus software works by spying on all your internet traffic and disk reads/writes. Users of these software pay for the privilege of having someone spy on them, quite simply.

    OMG! An AV scanner requires actually reading the files/data that it is about to scan! All of the programs on my computer are spying on me!



  • Hai I heard u liek triggering Avast & Avg.

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


  • Discourse touched me in a no-no place

    @quijibo said:

    An AV scanner requires actually reading the files/data that it is about to scan!

    Fortunately, it will stop you from doing anything else while it is scanning, so at least you'll know full well that you're entirely protected.



  • @dkf said:

    @quijibo said:
    An AV scanner requires actually reading the files/data that it is about to scan!

    Fortunately, it will stop you from doing anything else while it is scanning, so at least you'll know full well that you're entirely protected.

    ... well yeah. What would be the point if it told you you had a virus [i]after[/i] it let you run the file?



  • It's 8chan. It's made by nutjobs who were angry at 4chan.


  • Winner of the 2016 Presidential Election

    @quijibo said:

    No, really? You expect a program that scans files for virus-like patterns to allow you to save a virus file on your computer without warning?

    This reminds me of the time I was investigating some PHP files infected with PHP malware and Windows Defender was helpfully deleting them without telling me. Even though I was saving them from Notepad++.



  • Antivirus software is really nice when it deletes files containing source code.

    That's why I use Common Sense Antivirus combined with Don't Let Other People Touch Your Computer Without Supervision Antivirus.



  • Obviously you would just undo the virus. Duh. Windows has an undo button for everything.



  • @immibis_ said:

    ... well yeah. What would be the point if it told you you had a virus after it let you run the file?

    I think he means from the old days when an AV scanner would suck all of the CPU time trying to scan into a large zip file or whatever. You couldn't do anything until it finished. And then of course that was "fixed" by setting a maximum scan time (at least in McAfee), so then who knows if zip would get scanned properly not... among many other :wtf:s related to scanning zip files.


  • :belt_onion:

    you could feed the antivirus an infinite zip file ;)



  • I believe that's called a zip quine.


  • sockdevs

    @riking said:

    I believe that's called a zip quine.

    ah.... i had a couple of those. it was fun dropping it in various network shares at school and watching the servers grind to a halt.



  • @Arantor said:

    This reminds me of the time I was investigating some PHP files infected with PHP malware and Windows Defender was helpfully deleting them without telling me. Even though I was saving them from Notepad++.

    The only thing worse than that was for some scanners to automatically quarantine files. Not only would the user be confused as their files disappeared, but then they were placed in that special folder so that the virus could accidentally be rerun at a later date! (For example, if someone uninstalled the scanner and then went snooping around their hard drive.)

    One of the first thing I always did after installing our corporate-approved scanner was to turn off the quarantine entirely (either delete, clean, or whatever was possible), and especially for myself to have it ask first before taking any action.


  • :belt_onion:

    yes, there was a discussion about them here a few weeks ago


  • :belt_onion:

    I can't even remember the last time I used antivirus software


  • sockdevs

    @darkmatter said:

    I can't even remember the last time I used antivirus software

    MSE/windows defender has been more than sufficient for me, with safe browsing habits, for ages now.


  • :belt_onion:

    I went straight from XP to windows 8. but true, i do leave Windows Defender on, so i guess it counts


  • :belt_onion:

    @accalia said:

    with safe browsing habits, for ages now.

    if surfing porn and code sites count as safe browsing


  • sockdevs

    @darkmatter said:

    if surfing porn and code sites count as safe browsing

    :-/

    i..... wouldn't know....

    :-|


  • sockdevs

    What about pornographic code sites? Are they safe?


  • Winner of the 2016 Presidential Election

    What about codebabes?



  • How about, I dunno, intercepting the actual execution of maliciouscode?

    Nah, that's madness. It will never catch on.



  • @Maciejasjmj said:

    How about, I dunno, intercepting the actual execution of maliciouscode?

    Nah, that's madness. It will never catch on.

    Some scanners do try to use emulation to detect polymorphic viruses. The problem is, if the virus is doing something seemingly innocent to external devices, like it deletes files, sends network packets, and so on, once the scanner decides that the program is a virus, how does it undo the damage done? It maybe too late at that point.

    Plus, emulation is slow and difficult to do perfectly, and the smarter virus writers can detect when they are being scanned at runtime (think of CPU instruction timing) and behave nice when they do think they are running in an emulator.

    The problems of detecting viruses are really not so easy to solve, but that doesn't excuse the :wtf:-ness of most of the well-known scanners.



  • "Intercepting" as in "run the scan when the code is about to be executed, and prevent it if it matches the database".

    A virus can't do shit until it's executed. Exceptions probably exist, but a batch file isn't one of them.


  • Discourse touched me in a no-no place

    @Maciejasjmj said:

    Exceptions probably exist

    Not really, though distinguishing reading from executing is really difficult. (What if someone wrote a virus in Python? Or VBA?)



  • Keep in mind "executing the code" could also include things like the OS (without any user input) trying to draw an image thumbnail, or the file listing of a .zip archive.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.