CFC site virus (es)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CFC site virus (es)

    There was a thread recently about viruses on the CFC site. Can't find it so starting a new one.

    Recently, a Keres entrant complained to me about not being able to go to the CFC site to see their rating. Message returned by his anti-virus is:

    Object is infected by HEUR:Trojan.Script.Generic

    Doesn't seem to impact my system but that behaviour was previously reported too.

    Now I know that technically speaking the CFC does not monitor ChessTalk but I'm not really in the mood for that discussion. Besides, I'm sure they should be monitoring their own site for viruses

  • #2
    Originally posted by Roger Patterson View Post
    There was a thread recently about viruses on the CFC site. Can't find it so starting a new one.

    Recently, a Keres entrant complained to me about not being able to go to the CFC site to see their rating. Message returned by his anti-virus is:

    Object is infected by HEUR:Trojan.Script.Generic

    Doesn't seem to impact my system but that behaviour was previously reported too.

    Now I know that technically speaking the CFC does not monitor ChessTalk but I'm not really in the mood for that discussion. Besides, I'm sure they should be monitoring their own site for viruses
    We have someone investigating the problem, Roger.

    Comment


    • #3
      This Keres entrant is probably running Kaspersky on his/her PC. Kaspersky is, in my opinion (possibly not yours), overly sensitive when blocking websites that might have a virus. Kaspersky likes to do that so it appears to be protecting you from harm and so is worth all the money you paid for it. At some point in the past, Kaspersky scanned chess.ca and decided there was a virus and so added it to its database of "dangerous" web sites. From then on, anyone running Kaspersky on their PC will be blocked from accessing it. Clearing the virus from chess.ca won't immediately remove it from Kaspersky's database: that may take many months to happen (or forever unless someone requests a re-scan; I'm not sure).

      Viruses have different levels of badness. The virus on chess.ca that many have seen (including me) shows a web page saying its time to upgrade Chrome. If you ignore it, reload the page, you can continue using chess.ca with no harm done. Web browsers are built to isolate web pages from the rest of your PC. You need to be tricked into downloading and running an executable file (.exe) or infected document (.docx, .xlsx, etc) or providing passwords to other sites, etc to be impacted. Most of us know not to fall for that, I hope, and so don't need Kaspersky's over-protection.

      One quick-fix users can do without needing chess.ca's support: disable the (overly sensitive) Kaspersky browser plugin. They can keep the Kaspersky virus scanner, if they want.

      The more devious viruses do not always do their bad thing, such as display the "time to upgrade Chrome" page. It may do this less than 5% of the time. That makes it really hard to reproduce the problem to find and fix it. A user gets the bad page, contacts support, support tries it, doesn't get the bad page, nobody else seems to get it, so closes the user's support request. Very frustrating for the users and for those trying to clear the website of viruses. Even more frustrating for those running overly-sensitive Kaspersky as it has now decided to always block your access due to this annoying but otherwise harmless virus.

      chess.ca is running on Drupal, very powerful software. Very powerful means very complex which means susceptible to bugs which includes security bugs. Over the past 5 years Drupal has had at least 3 major security bugs that were given the colourful names "Drupageddon" and "Drupalgeddon". For some powerful features, Drupal will save code as data in the database for (trusted) execution later. One of these security bugs meant hackers could save any virus as (trusted) code in the database. That means fixing this requires not only upgrading Drupal to fix the security hole but also scrubbing the database to remove any and all the bad code already saved into it. This is my guess of what has probably happened to chess.ca. I am not a Drupal expert, I have only read summaries of these security bugs, and I have zero access to chess.ca to see if this is its problem. But I can say chess.ca's virus does seem to be a particularly persistent virus and I sure feel for the team that is trying to slay it.
      Last edited by Don Parakin; Sunday, 12th May, 2019, 08:09 PM.

      Comment


      • #4
        Thanks for your helpful comments Don.

        A bit of a correction, however. If you have Kaspersky (free version), then it blocks chess.ca whether you have the browser extension turned on or not. And this is applicable for all browsers, it seems. Both Google Chrome and Firefox Mozilla, for example.

        I found this out, the hard way, while directing a section of a tournament recently. Very annoying for any TD as I had to run out in the hallway, ask a passer-by to look up a rating, and so on.
        Dogs will bark, but the caravan of chess moves on.

        Comment

        Working...
        X