Avast and Yahoo

[mike1977]

When I go to mail.yahoo.com with Firefox, Avast pops up that it has been marked as a phishing site.

Using IE, IE crashes
Using Chrome, it's fine.

 

[UsernameIssues]

I installed Avast to try and replicate your findings. I did not get the phishing warning, but one or more of the Avast plug-ins does cause a crash for IE10 with 32 bit tabs. If 64bit tabs are enabled for IE10, then you will be told that the Avast plug-ins have been disabled because they are not compatible with IE's Enhanced Protection Mode... thus, IE10 will no longer crash.

My suggestion would be to use IE10 with 64bit tabs and disable the Avast plug-ins (or uninstall Avast and use MSE instead).

 

[andrew129260]

There is probably something like a false definition for avast. By the clock, right click the avast icon, and choose update-program. This will update the definition files and the program avast. This should fix the issue. If not, I suggest letting them know by going to the avast forum and reporting it.

-Just checked, no issue accessing it. Update your definitions should fix the issue.


I would not suggest Microsoft Security Essentials at all based on the tests that have been conducted recently:

See here:

http://www.av-comparatives.org/wp-content/uploads/2013/07/avc_prot_2013a_en.pdf

http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1[report_no]=132335

They failed to even get a basic score. Not sure why everyone around here keeps recommending an antivirus with such a bad detection rate. This is not an attack, just wondering. Avast is the best free antivirus currently, but keep in mind this changes from month to month due to diffrent threats, research. You have to look at consistency over a couple of months. A product getting that low of a score on any month is not acceptable. Avast is just pretty good for free.

Check out avira as well.

Best Paid consistently are Kasperky and bitdefender.



Usernameissues is correct. Avast does have a confirmed bug with internet explorer 10.
Although the issue above is with him and firefox.


I will say Avast and IE10 on my machine does not have any issues. But My settings are always different then everyone else. I am all about messing with settings of software.

 

[UsernameIssues]

You are correct. MSE scores low on a variety of tests, but MSE gets along with W7 and other apps better than most AV tools - especially apps that use MS's volume shadow service to copy/backup files that are in use. That is why you see me (and others) suggesting MSE.

As far as MSE's scores low - MS has addressed that concern many times and I'm satisfied with their answers.

I support a lot of computers that use MSE, others that use AVAST, AVG, Norton... The computers that use MSE still get infected and have consumed way too much of my time cleaning them up. I think that MS is slow to add malware to the list of things to watch for and the heuristics within MSE could be a lot better. But I also spend time helping people deal with issues caused by AV tools not working well with other apps. Given the choice between the two, I opt to point people to MSE and I set MSE for the highest level of protection (which is not the default settings??).

I got your PM - no worries

Also - I failed to make it clear, that I could not replicate the phishing warning using IE, Firefox or Chrome - but I did not spend much time on that since I was more interested in AVAST crashing IE10. On the Phishing warning, I might not have seen it due to my use of OpenDNS. I should have pointed the VM to use a more generic DNS service, Then I might have landed on one of Yahoo's servers that AVAST was (incorrectly?) flagging.

 

[UsernameIssues]

@OP.
When one first visits mail.yahoo.com, one should be redirected to a login server (login.yahoo.com). Are you getting the phishing warning while on login.yahoo.com or are you using a persistent cookie to automatically log in?

login.yahoo.com is an https site. I wonder if something has gone wrong with your Firefox install as it pertains to https websites. Perhaps you were not being redirected properly and the warning was justified. You might want to try the SSL test found here: http://weblogin.bu.edu/troubleshooting?cmd=ssl
[Link courtesy of A Guy from this post.]

For what it is worth, I installed Avast again (and updated the list of things to watch for). I could not replicate the warning using Firefox and Google DNS (8.8.8.8).... but IE10 still crashes :-(

I tested while visiting login.yahoo.com and revisiting mail.yahoo.com after setting a cookie. I changed a few settings in IE and AVAST. I restarted the Virtual Machine a few times - but nothing helped. IE10 + AVAST plug-in = crash.

 

[andrew129260]

@OP

Malware could be another cause of this. Are you sure avast is what is flagging it? Could you please post a screenshot of the issue you are experiencing? That would help us a lot more. You could also try http://www.sevenforums.com/tutorials/2022-problem-steps-recorder.html.


I rarely see compatibility problems between antiviruses and other things.
The reason internet explorer crashes is due to internet explorers protected mode. The protected mode is internet explorer is very aggressive. It lets nothing between it and a webpage come in contact. This prevents malware such as keyloggers and other threats from interacting with the page, while also protecting internet explorer from the webpage due to evil javascript code or bad active x controls. This is a very good thing and I am glad internet explorer has upped its game in security. Problem is, this added protection prevents Avast's scanner that scans webpages from doing its job. (As well as the avast addon that says if a site is safe. Like WOT) Avast has to find a different way of scanning the pages, and/or work with Microsoft on a fix.

But regardless, the user is using firefox and not internet explorer. :focus:


I just tried it on my machine once more and got the message the user is getting.
Confirmed. This was after my definitions have been updated.

I will let avast know.

Started the thread on avast forum.

http://forum.avast.com/index.php?topic=132869.0

Found this:

THIS site is blocked for a reason. It was compromised!

http://forum.avast.com/index.php?topic=132441.0

http://support.clean-mx.de/clean-mx/phishing.php?id=1257489

Do not go to the site in the subject line. This is a valid block.

 

[derekimo]

Started the thread on avast forum.

I am not sure if I would be allowed to post the link to it, didn't see anything in the forum rules but I do not want to take the risk.

Go ahead, people do it all the time.

 

[andrew129260]

ok It's up

Started the thread on avast forum.

I am not sure if I would be allowed to post the link to it, didn't see anything in the forum rules but I do not want to take the risk.

Go ahead, people do it all the time.

Thanks, wasn't sure if it wasn't allowed or not.

See important note above!

Next time I should research more. Whew!

 

[ThrashZone]

Using IE, IE crashes

Seems UsernameIssues is on topic and explains why
I would add to that note,
http://www.sevenforums.com/system-security/206705-good-free-system-security-combination.html

 

[UsernameIssues]

~~~
The reason internet explorer crashes is due to internet explorers protected mode.
~~~

Just to be clear, there are two (levels ?) of the Protected Mode within IE10.

Protected Mode

I do not recommend that people turn this one off. IE10 still crashes with this off and the AVAST plug-ins (add-ons) enabled. [I did not show that in the video below, it was already getting too long.]


Enhanced Protected Mode (EPM)


While it is true that you should restart your computer once you enable EPM, once you have done that restart, you can then toggle EPM on and off without subsequent restarts.

The default settings for IE10 on a 64bit OS is to NOT enable EPM. In that state, the 64bit OS will will create a windowless 64bit instance of IE10 that oversees the 32bit windows (visible) tabs and 32bit plug-ins. Once you enable EPM (and maybe restart the computer), the tabs become 64bit (even more secure) and they use 64bit plug-ins. The virtual machine used to make the video below already has EPM enabled and has already restarted.

You might want to watch this in the full screen mode and at 720p.


Sorry that the video is so long, I was attempting to find a way to show that IE10 will automatically disable the two 64bit plug-ins (add-ons). You will get those two notifications the first time that you start IE10 after installing AVAST8... to recreate those two notifications, I disabled the plug-ins and then re-enabled them.

Notice the URL that I start with for all 3 browsers it an HTTP address. All 3 get redirected to the same HTTPS URL. I've followed this issue on several other forums and AV sites, but I've not found any info that will help me to replicate the warning from AVAST for Firefox. Can someone please tell me how to replicate that warning?

http://mail.yahoo.com/

https://login.yahoo.com/config/login_verify2?&.src=ym&.intl=us

I've not seen any forum threads that have convinced me that people are landing on a phishing site. There are a few posts elsewhere that question a javascript file on some (but not all?) Yahoo mail log in servers.

BTW, I've not seen too many posts in other forums attempting to document IE10 crashing with these AVAST plug-ins... hence my harping on that issue. Sorry if the OP does not use or care much about IE10. It would be nice to her from the OP again


edit: Here are the versions of the 3 browsers:

 

[ThrashZone]

I can't see the Sentence your Quoting it must be from the links he posted ?
if so the link should be Removed to avoid anyone taking this advice course !
I agree that is not a recommended thing to do,
Activating EPM is better a much Safer option and your thorough example on Post 10 of your original link in Post 2 is ultimately the course to take,
Sorry can't help with Firefox or errors with Avast but hopefully someone can assist.
Cheers.
Mike1977 does not have a good "issue updating" record not since 10/ 2011

Edit,
Thanks for clearing that up I do see the paragraph now must have been site issues I did read all of his replies looking for it lol ?

 

[UsernameIssues]

I can't see the Sentence your Quoting it must be from the links he posted ?
if so the link should be Removed to avoid anyone taking this advice course !
~~~

The forum had issues last night; perhaps my last post will look correct if you clear your browser's cache.

I quoted andrew129260 when he said, "The reason internet explorer crashes is due to internet explorers protected mode."

I also have a code box with the HTTP URL to that I set as the home page for each browser and the HTTPS URL that each browser was redirected too. In my opinion, these links are not dangerous. (See this current VirusTotal link that shows the HTTPS link to be clean and this earlier VirusTotal link that showed a Phishtank hit that might have started all of this in the first place.)


This article may interest Yahoo users:
Yahoo Mail Accounts Have Been Getting Hacked for Months

I have lots* of active yahoo e-mail accounts... none of which show any signs of being used by others. Perhaps I've just been lucky or the bad guys skipped my accounts since I have no contacts stored in any of these accounts for them to spam.

*I have lots of online accounts (such as the one for this forum) and I sprinkle the e-mail accounts associated with those accounts across various e-mail accounts.

 

[mike1977]

The message still comes up.

 

[Lady Fitzgerald]

...This article may interest Yahoo users:
Yahoo Mail Accounts Have Been Getting Hacked for Months...

Months, my Aunt Fanny! More like years.

 

[UsernameIssues]

The message still comes up.

Can you provide any steps that might help me reproduce the message?

Did you watch the video in post #10?

 

[mike1977]

I was just going to mail.yahoo.com in Firefox and kept getting it. I don't have problems now though.