Comments on websites
What the..?!
Sat 31 Jan 2009 05:27:25 AM UTC — Xp54321A Google search for "bitdefender" brings up this: http://www.google.com/search?ie=UTF-8&oe=UTF-8&sou.... BUT Google gives you this warning page? http://www.google.com/interstitial?url=http://www.... More information can be found here: http://www.google.com/safebrowsing/diagnostic?site.... Was BitDefender.com compromised or something? WOT still has the site as green. Is this a false positive? (If so, it's the first one I've seen.) Also Firefox warns it is an attack site but it relies on Google for the list of sites to warn you about....
False Positive
Sat 31 Jan 2009 06:16:10 AM UTC — wehaveitallVery good catch Xp! It appears, however, Google has an error.
If you perform a Who-is lookup (there's a link on the scorecard), the last time the website information was updated was August 2008. It was created by the current owner in 2001, and its location is still San Jose, California.
The website has not been compromised, and Bit Defender did not put anything dangerous up. Therefor, it's an error. And you caught it very fast. The advisory was placed five hours ago, according to the advisory page (see the corner of the screen) at http://safebrowsing.clients.google.com/safebrowsin....
I posted a topic in the google help forum, explaining this problem. You can see if anyone's replied at http://www.google.com/support/forum/p/Web+Search/t...
As you can probably guess, my username is WOTfan.
Thanks again for pointing this out.
A big thank you to all the WOT staff
How can anyone here determine a false positive?
Sun 01 Feb 2009 07:05:50 PM UTC — JustAMomwehaveitall ...
I realize I'm new here, but I find something difficult to understand. Does anyone here who was speculating on the validity of the warning on the site have any official connection to that site? If not, how could anyone here know at the beginning of this saga whether the website had been compromised or unintentionally linked to content that contributed to the warning? How could anyone know in advance of any type of official announcement that something is a "false postive?"
Well-known and" legitimate" websites (or their servers) are compromised all the time ... even those with experienced staff looking over things. The reputation of the company has no bearing on whether or not their site or server is vulnerable to others. The amount of time someone has been in business has nothing to do with whether or not their site could be vulnerable to the ill intent of others.
It is not a badge of shame for a website to have been flagged (unless they are intentionally behind the distribution of badware ... and those have no shame anyway.) What is a shame is that the public doesn't understand that many sites that are flagged are victims. They are victims of those who are intentionally hacking sites and servers and distributing malicious third party content that is often found on those sites.
While there's no doubt that it is an inconvenience for site visitors and for the site owners, the service provided that prevents us from accidentally stumbling on something malicious before a site owner has time to learn of it and fix it, is a valuable service. I don't think we should undermine that process by second guessing it. Nothing is ever perfect, but we are not in the position to judge whether a site that is not under our control has received a meaningful warning vs a false positive.
Anyway, I'm glad to see the WOT community working together to provide additional information to each other and to our families and friends. However, I would like to know that, as a community, an effort is being made to fully understand the processes and circumstances by which a website may be issued a warning related to badware and that we will give the involved parties a chance to work the kinks out without prematurely assuring others that a site is "safe."
Here's how
Sun 01 Feb 2009 07:45:07 PM UTC — wehaveitallIf you perform a who-is lookup (a record of their hosting information) it's the same owner as its been since 2001, when BitDefender was founded. That means the green rating and the WOT comments apply to the same owners as it was before Google added the warning. BitDefender is a very well known antivirus company, and if they weren't compromised, I guarantee they wouldn't turn on us like that
A big thank you to all the WOT staff
A badware warning does not mean a company turned on anyone
Mon 02 Feb 2009 01:38:54 AM UTC — JustAMomIt doesn't matter one iota what the who-is lookup says, or how reputable the business / site is. Any website can either be compromised or be a victim of 3rd party content that is not what they expected. Revolving network ads are frequently the cause of a warning being placed on a site. Until those ads are pulled and no longer in rotation, the site places visitors in danger.
Just because they are innocent victims does not mean that a site should not be flagged. If there is a problem, even at the hands of the bad guys, the public needs to be protected until the problem is resolved. They should not adopt a false sense of security and ignore the warning just because the site is "reputable."
I'm not sure what you're not getting
Mon 02 Feb 2009 02:50:54 AM UTC — wehaveitallIt wasn't compromised, the who-is PROVES its the SAME OWNER. I'm not sure what you don't understand about that.
And BitDefender has no ads whatsoever on their website, nor are there links to third party websites. All of their links point to pages on their own website.
The website is safe, and the warning WAS removed. It was a mistake.
A big thank you to all the WOT staff
I don't get what YOU don't understand
Mon 02 Feb 2009 03:26:37 AM UTC — JustAMomMy comments are not about whether or not the site was compromised or whether or not it was ever a danger to anyone. My comments are related to the idea being expressed here that one can tell from who-is data and "reputation" whether or not it is even feasible that a site could have been compromised. This is displaying a false sense of security.
The examples I gave were not examples that I felt were specific to this particular site. They were general examples of the number of ways that a legitimate, reputable site could be in a situation that would cause a legitimate warning.
Who-is data might be one factor used to suggest that a site may be fly-by-night and should be approached with caution. However, who-is data is not a good factor to determine that a warning is false.
The trust factor in social engineering is one thing that gets people into trouble on the internet. That same trust factor, that assumes that reputable sites cannot innocently become a part of the problem, is misplaced.
That said, I have not in any way indicated that I know (or care) one way or the other whether or not this particular instance was a false positive. My concern is when others lead people to believe that who-is data and reputation can be the final determination of whether or not a site flagged by Google is safe or not.
I can only assume from your naivety that, in your experience, the only sites you have heard about that cause redirects to fake antivirus sites or successfully download and install undesireable code are those that are truly attributed to the bad guys.
Apparently, you have never seen discussions about educational institutions and other reputable sites, that find that they have problems they didn't know about on their sites, that are causing visitors problems.
If you haven't already done so, I might suggest that you spend some time reviewing the material on the Stopbadware.org site and take a look at the discussions on the Badwarebusters.org forum sponsored by Stopbadware. It will give you a fresh look at your assumptions.
Response to your comments
Mon 02 Feb 2009 03:52:49 AM UTC — wehaveitallThe website has no redirects to third party websites, and was not compromised. No ads, and no new products or downloads. There was nothing to trigger the warning. If the website wasn't compromised, there's no links to third party websites, no ads, and no new products, then there's nothing that can cause this.
The way websites that are unaware of dangers on their own websites get those dangers, is when ads vary, links to other websites are either compromised, or dangerous links are irresponsibly put up.
The other way is when they recommend a download that is unsafe. BItDefender put nothing like this up, however, and there was nothing causing this warning.
A big thank you to all the WOT staff
You have a hijacker on your comp, I'm afraid.
Sat 31 Jan 2009 06:22:41 AM UTC — Anony MouseThe information you're getting is not wrong, it's correct.
There's a hijacker on your comp working in the background which is trying to take you to a pishers' attack site. You'll find that happens with whatever download site or page you want to visit.
This has been commonly happening, mostly in USA and Canada.
I'd suggest that you run your anti-Virus and get rid of the worms that have proliferated by now all over your computer.
I would recommend Avast anti-Virus, because it's the best in the Market and it's free of cost for Home Users.. If you're a Commercial Organization, I'm afraid you'll need to buy it, since they give it free only to home users and Charitable Organizations as their contribution to the Community.
The reason I know about this is that a similar worm has hit three of my friends in USA [I'm now in India] and I'm helping them find resolutions. One had no choice but to format her hdd, which was a pity.
All the best.
Anony Mouse.
Re: You have a hijacker on your comp
Sat 31 Jan 2009 09:18:23 AM UTC — SamiNo, this is Google saying bitdefender.com has malicious content, as you can see on the diagnostics page. Either Google has made a mistake or some of BitDefender's servers have been compromised.
Excuse me?
Sat 31 Jan 2009 06:23:22 AM UTC — wehaveitallWhere are you getting this? There's no hijacker on my computer, I went to bitdefender myself to test it. If you go to the real google advisory link (and you can even type it in AND check WOT's rating and see its no spoof) it shows BitDefender as unsafe.
PS:I'm using Avira, the number 1 firewall/antivirus
A big thank you to all the WOT staff
Maybe you're right and I'm wrong.
Sat 31 Jan 2009 06:40:31 AM UTC — Anony MouseI'm just sharing what I know from the most recent experiences of my friends.
But then, I'm not Savonarola.
I'm just a li'l techie with limited experience.
Sorry I couldn't help.
Anony Mouse.
PS,
By the way, all the links given by you above are showing Green on my comp and when I went there, they were all green.
The Google warning said it might be harmful based on a visit which they reported.
The Google page had one of the listings there, in the related subject, showing Amber.
The link that came up as suspect says it's shareplaza that's infected, by the way.
This is just FYI.
Please ask a few other friends of your to check out the links and you might find them all seeing something else.
If that happens, you might need to re-think a bit, don't you agree?
Just a thought.
Please stop
Sat 31 Jan 2009 05:21:16 PM UTC — wehaveitallExactly. That's why its blocked, but its a false positive. We've established that. It's the same owner as its been since 2001, and a very legitimate owner.
Malicious software includes 17 scripting exploit(s), 3 trojan(s).
It's an antivirus. This sort of thing is why you cannot have multiple Antivirus programs on one computer. Antivirus programs remove things from your computer upon scanning, monitor your computer for incoming attacks, etc. and it's an easy mistake for a computer to think its dangerous.
It is asked that you not post in topics such as these unless it is an opinion, you have a question, or if you have experience in the area you are giving advice about.
A big thank you to all the WOT staff
All around !
Sat 31 Jan 2009 11:56:00 AM UTC — AthloniteHey Xp !
I have been looking into those links for a good two hrs. now . Checked all and Google won't let me close to any of them. Got around this by Googling the other sites mentioned by Google and did finally get to them. Have to say that some of those bitdefender sites are what Google says, Fraud but, others are legit. I guess it's not just the sites they are referring to but, also the servers on which they are hosted. Some of them have redirected me to pretty bad sites. Have left my mark on them, but others were well, hosting the good stuff. This info. from Google is a bit old . My guess is that most of the malware vendors have changed sites as they usually do.
They don't generally stay in one place too long. Just long enough to make a killing and they are gone. Don't worry , I was sandboxed all night.
Athlonite
Your help is always needed.
So...
Sat 31 Jan 2009 03:44:31 PM UTC — Xp54321So is BitDefender actually malicious? (I went there under FF 3.0.5 sandboxed last night and did not encounter anything malicious. A look through the source code of the page did not seem to show anything suspicious either but the source linked to JavaScript files rather than showing the scripts themselves. For me right now, a Google search for "bitdefender" displays two suspicious results with 8 green but 3 of those are marked by Google as malicious (BitDefender.com). :|
BitDefender
Sat 31 Jan 2009 04:01:53 PM UTC — GalaxyfoxI just went around the site (ignoring Google and Firefox's malicious site warning) and I didn't find anything harmful and nothing happened to my computer.
BitDefender
Sat 31 Jan 2009 05:03:10 PM UTC — cod head (not verified)Hey you Three,bomber command here.Be careful going behind enemy lines when flying solo.
Google Safe Browsing glitches
Sat 31 Jan 2009 05:17:00 PM UTC — SamiThey just briefly labeled the entire web dangerous. I didn't see anything malicious on BitDefender's website either, but then again, I didn't browse the entire site.
Reply in Google Help Forum
Sat 31 Jan 2009 05:22:23 PM UTC — wehaveitallThey replied there saying this too, but BitDefender is the only thing blocked...
A big thank you to all the WOT staff
Resolved
Sun 01 Feb 2009 05:56:24 AM UTC — wehaveitallIt appears they fixed the problem, as it is no longer blocked.
A big thank you to all the WOT staff
Google messed up big time
Sun 01 Feb 2009 06:36:01 AM UTC — SpacequadHave a look at this link and you tell me, did they mess up or what?
http://www.chroniclejournal.com/CP_stories.php?id=...
maybe this is a bigger problem then they realized or wanted to admit!
Michael
This just goes to show how
Sun 01 Feb 2009 12:24:17 PM UTC — RobThis just goes to show how much of an influence Google has on the internet. They are generally trusted so an inexperienced user may have run a mile when searching for a site such as Amazon, Currys, Play.com or any of the other reputable web shops.
In other news Google made an absolute killing in Adwords clicks which didn't show such warnings.
code is code...
Sun 01 Feb 2009 06:03:58 PM UTC — g7wcode - all dialects {language} and all forms (syntax)
forget or misplace a semicolon and you're in debug mode.
same thing with forward slashes for URI's
I find this refreshing in the sense that even Google is not fallible - proves that the human touch is still required (though in Google's recent case it was more-likely a human that messed things up?)
:-D
Heh...
Mon 02 Feb 2009 12:45:30 AM UTC — Cam42http://www.downloadsquad.com/2009/01/31/google-get...
I see your point, but . . .
Mon 02 Feb 2009 09:50:20 AM UTC — BobJamHey JustAMom,
I understand what you are saying, but being cautious about someone claiming a false positive is one issue (though Wehaveitall and several others found no evidence of a redirect in the underlying code of the site), but in this particular case it turned out to be EVERY site that was Googled . . . see Sami's and Spacequad's and Cam42's links.
An excerpt from Spaceguad's link:
"If you did a Google Internet search between 9:30 a.m. ET and 10:25 a.m. ET on Saturday, you likely were unable to access any website in the search results list."
While I agree that claiming a particular warning is a false positive may be in error, in this particular case not only did Google screw up EVERY site (and FF gets it's blacklist from Google), but Wehaveitall's due diligence was spot on.
If I was unfamiliar with Wehaveitall's level of experience or otherwise doubted someone's claim of a false positive, I agree with you . . . and I certainly wouldn't visit the site. But I think that if someone made a post here that was irresponsible or led users to visit a malicious site, Sami or someone else on the WOT staff would remove that post.
BobJam
Mon 02 Feb 2009 04:26:56 PM UTC — JustAMomI fully understand what happened with all sites being flagged with a warning that day. I also know that this site was flagged by Google before the internet fiasco and the flag was not cleared until many hours after the shock-wave had settled down.
It's always easy in hindsight to validate a claim that something was safe, but the reality is that when the first comment was made about the safety of the site, it was said in relation to depending upon who-is data. That reference using who-is data was pure speculation and should have been addressed as such.
As long as other readers view this entire thread and realize that the who-is data should not be used to claim that something is a false positive, I will be a happy camper. I don't want to see others use this as an example of how someone should second guess the state of a site that has been flagged for badware.
Thank you for your comments, as it is refreshing to see that someone actually sees my point in this discussion.