AVG js


  • Winner of the 2016 Presidential Election

    So, I use the free version of AVG (a decision I am now reconsidering after reading this code, and also a few infections that have sneaked by its vigilant watch). I happened to notice that it is injecting a Javascript file reference into webpages loaded with Firefox. The following code was the first thing to spring out at me from that file, but I'm sure it's chock full of WTF:



    function Stuck (a_size) {
    this.size=a_size;
    //define the stuck size
    this.StuckArray=new Array(this.size);
    this.currentIndex = 0;

     //add an item to the begining of the stuck. If stuck is full, pop out the oldest item
    
     this.add = function(item){
      if (this.StuckArray.length>this.size)
      {
       this.StuckArray.pop();
      }
      this.StuckArray.unshift(String(item));
     };
     
     //finds if item exists
     this.find = function(item){
      var s_item=String(item);
      for (var i=0;i<this.size;i++)
      {
       if(s_item==this.StuckArray[i])
       {
       return true;
       }
      }
      return false;
     };
     
     //toString implemetation
     this.toString=function(){return this.StuckArray.toString()};
     
    
    }
    

    First off, there are a lot misspellings ("begining", "implemetation", etc). In the comments, maybe I could overlook that, but an actual object named Stuck (when clearly Stack is meant)?

    Edit: OK, this class isn't a stack at all. You add to it, and you search it? The only public interface is to add an item or test for its existence. Somehow, this is even more WTFy to me. Also: (nitpicky) the underlying "StuckArray" is exposed publicly.

    Secondly, why does this class even need to exist? It's just a thin wrapper around an array object, which, in Javascript, has its own intrinsic stack-like methods and queue-like methods (and indexOf, for find); not to mention that prototyping allows you to extend even the built-in types in JS.

    Thirdly, and most importantly, why is it injecting code into my webpages in the first place? There has to be a better way.

    ...

    On a barely related topic, which free antivirus solution should I replace this pile with?


  • Discourse touched me in a no-no place

     Pitch AVG into the dumpster from whence it came, grab Microsoft Security Essentials. It's Good Enough(TM) and considerably better behaved than most consumer-level commercial offerings (and several enterprise offerings)



  • I see two WTFs: That this is injected directly into the page (rather than using something like Firefox's own extension support), and having a size restriction at all, let alone having stuff fall off the other end of the array when you hit that restriction.

    But the rest of it, I'm not sure. Without that size restriction, this is just a really inefficient implementation of a set, which is a useful abstract data type. Doing it like this means that it could be replaced by something else, like a hash, without changing any code that depends on it, assuming said code doesn't directly access the underlying StuckArray.

    That the "StuckArray" is exposed publicly isn't that much of an issue for me, either. JavaScript doesn't have anything like "protected" -- it's either public or it's hidden entirely, either by closure tricks or native code. But if it's really hidden in that way, it seems like you wouldn't be able to do any sort of inheritance.

    I suppose you're right -- it might be better to simply extend or modify an array. On the other hand, you wouldn't be able to use the 'new Stuck()' syntax anymore. That's not entirely bad -- forcing people to call a constructor without the 'new' is a lot more flexible in the long run.



  •  FWIW, "der Stück" means "the piece".



  • You can reinstall AVG without the shitty "web filter", and you should get rid of that JS injection, I think.

    I doubt it's a reference to der Stück, AVG is a Slovak program.

    Said that, MS Security Essentials is the only semi-good free AV left, with the possible exception of Avast (I haven't used it since v4.7, which was quite bad, but friends tell me the current (v6?) is good.).
    AVG is very slow, and likes to cause conflicts with software; Avira, which WAS very good, sold itself to the dark side a few weeks ago, removing some known crap from the "Pontentially Unwanted" detection list, INSTALLING one of those itself, and advertising the other one (just google for "avira ask toolbar").
    Well, there are also Forticlient and Bitdefender - but I've never seen them do much good. Feel free to correct me if you think otherwise, I'd like to know.

    Myself, after Avira screwed so much with its users' trust, moved all my PCs to ESET. Good, fast, not cheap but affordable (especially in this 3-for-price-of-1.5 promo). Sure, most commercial AVs suck (Symantec, McAfee, Trend *shuddders* Micro)... but this one, as far as I can say, doesn't.

    PS. It's kinda odd... Avast is Czech, AVG and ESET are Slovak, and I seem to remember some other big name is from the former Yugoslavia...?



  • @Sanity said:

    I see two WTFs: That this is injected directly into the page (rather than using something like Firefox's own extension support)
    I'm not on Windows right now so I can't check, but I know for sure that there is an AVG addon (which I've disabled). But maybe that's just the mechanism they use to inject the JS in the first place.



  • @da Doctah said:

     FWIW, "der Stück" means "the piece".

    Das Stück. Anyway, how is this relevant? The class doesn't resemble a piece at all.



  • @da Doctah said:

     FWIW, "der Stück" means "the piece".

     

     

    It's "das Stück".

    It's always funny hearing Nightcrawler saying "Katzchen" instead of "Kätzchen" or hearing Nazis scream "Amerikaners" in Call of Duty.

     



  • @bannedfromcoding said:

    PS. It's kinda odd... Avast is Czech, AVG and ESET are Slovak, and I seem to remember some other big name is from the former Yugoslavia...?

    Avira is a German company (Avira GmbH).



  • @da Doctah said:

     FWIW, "der Stück" means "the piece".

    What???

    • First off it's "das Stück", i.e. it's neuter
    • If you can't write an u umlaut you replace it with "ue" instead of simply dropping it.
    • I don't see how "the piece" would make any more sense, anyways.

     

    EDIT: Ninja'd



  • @fire2k said:

    It's always funny hearing Nightcrawler saying "Katzchen" instead of "Kätzchen" or hearing Nazis scream "Amerikaners" in Call of Duty.

    Simpsons had a really great joke though. In one episode they had the mayor say "Ich bin ein Springfielder", and Homer responded "Mmmm, jelly donuts!"

    (I thought they must have had a German in their team to write that joke; on the other hand, the episode it called "Burns verkaufen der Kraftwerk" so yeah, probably not)



  • @derula said:

    Simpsons had a really great joke though. In one episode they had the mayor say "Ich bin ein Springfielder", and Homer responded "Mmmm, jelly donuts!"

    (I thought they must have had a German in their team to write that joke; on the other hand, the episode it called "Burns verkaufen der Kraftwerk" so yeah, probably not)

    Kennedy's gaffe is pretty well known in America, even among those who don't speak German (like me). And since the mayor is a Kennedy...



  • @derula said:

    @bannedfromcoding said:
    PS. It's kinda odd... Avast is Czech, AVG and ESET are Slovak, and I seem to remember some other big name is from the former Yugoslavia...?

    Avira is a German company (Avira GmbH).

    Is it surprising that anti-virus companies come from the countries viruses come from?



  • @boomzilla said:

    Kennedy's gaffe is pretty well known in America, even among those who don't speak German (like me). And since the mayor is a Kennedy...

    Hm... okay then. I thought it was well known, but didn't know it was known as a gaffe. I mean there was nothing wrong with the sentence other than it could also mean something different.



  • @blakeyrat said:

    @derula said:
    @bannedfromcoding said:
    PS. It's kinda odd... Avast is Czech, AVG and ESET are Slovak, and I seem to remember some other big name is from the former Yugoslavia...?

    Avira is a German company (Avira GmbH).

    Is it surprising that anti-virus companies come from the countries viruses come from?

    Anti-terror troops don't come from the same countries terrorists come from.



  • AVG is also Czech. Apparently technically Czechoslovak, but the Czech side of that.



  • @derula said:

    @boomzilla said:
    Kennedy's gaffe is pretty well known in America, even among those who don't speak German (like me). And since the mayor is a Kennedy...
    Hm... okay then. I thought it was well known, but didn't know it was known as a gaffe. I mean there was nothing wrong with the sentence other than it could also mean something different.

    I think the reason it's commonly known over here is because it's a gaffe- Despite not really being one. I'm willing to bet more people under 50 or so know the Jelly Doughnut part than know what the speech was actually about.



  • @derula said:

    @bannedfromcoding said:
    PS. It's kinda odd... Avast is Czech, AVG and ESET are Slovak, and I seem to remember some other big name is from the former Yugoslavia...?

    Avira is a German company (Avira GmbH).

    Were you adding to my list, or correcting me? Avira AntiVir is by Avira GmbH indeed (formerly some-crazy-long-name-foundation). AVG (Anti-Virus Guard) is by AVG Technologies, formerly Grisoft, from Slovakia.

    My point was that it was slightly odd that there are at least three antiviruses originating in the former Czechoslovakia.



    ED: And there's AVK (AntiVirenKit) by G-Data from Germany, to confuse the names further...



  •  I've used ESET (NOD32) for over 10 years on multiple PCs with exactly zero malware problems. I also know 2 people in charge of network security (one at a university, one at a large corporation) who use it on their personal PCs (I guess "personal PCs" is like "ATM machine", but.. meh). I don't find it that expensive, but I guess that's relative. It's worth every penny IMO.

     I've also heard similar testimony from fans of Kapersky, but have not tried it myself. It will be what I try should the day come when ESET's offering begins to suck.



  • @bannedfromcoding said:

    the only semi-good free AV left, with the possible exception of Avast (I haven't used it since v4.7, which was quite bad, but friends tell me the current (v6?) is good.)

    Yep, I'd agree with Avast. I use it here and have had zero malwarez since I started using it several years ago. Avast and Comodo (firewall only, not their AV) seem to do the trick for me here.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.