Got this message that popped up when I tried to click on the 5 Keys thread down the page a bit...Just wanted folks to know...

_________________


"WE ALL WE GOT! WE ALL WE NEED!"

So did I.

I ain't scurred!

_________________
GET YOUR EAR PLUGS READY!!!

I've recieved that message when I know for an absolute fact the site Iwas visiting ran no malware whatsoever. It's a crapshoot if you don't know who runs the site though.

I went ahead and clicked "advanced" and then proceed at own risk.

It's another one of Hawkscanners epic posts. Dude puts in way too much work for me to avoid the post based on a mistake by Google.

Could be one of the pictures he linked.

_________________
SEAHAWKS.NET. We All We Got, We All We Need

Sadly, it doesn't entirely matter whether the site is legitimate any more. One of their "new" fun tricks is getting harmful content on perfectly good websites.

As far as this goes, though, it has a problem with the Russell Wilson picture, which is embedded directly from winforever.com. I'd guess that there was just some malware posted in comments on the blog since google only complains about the 'blog.' section of their website. Probably nothing to worry about since we're just getting the one picture.

Alright guys, as I said in the 5 Keys to Victory Thread, I went ahead and switched out the Russell Wilson picture (hopefully that was truly was the problem). You guys still getting the same Malware message? Hopefully that solved the issue.

Can someone let me know if they're still getting that message or not?

It was clear on my end. No problem.

False positive. Blog.winforever a "known" malware distriibutor? Give me a break.

_________________
Joe Vellano, DT, 6'1", 300lbs, 61 tkls 14 TFL, 6 sacks" http://www.youtube.com/watch?v=Nc_yzeVi-eU, Mike Catapano 6'4" 271
QB Jordan Rodgers 6'1" 212# 2539 Yards, 60% completion 15td/5int

Be careful. You can't think about malware that way. Legitimate web servers are infected and subsequently controlled to serve malware. That is probably 90 percent of browser based malware now.

I had to handle an incident at work where an ad server that CNN utilized was linking to some malware.

What google is doing is a great step, although yes, sometimes it will false positive... In this case there was no risk to .net because we were just requesting a picture but I'd bet something harmful was posted at win forever.

I also use Chrome. Is that protection built in by default or do I need to enable something to get it?

_________________

With chrome I believe that works out of the box. Internet explorer has something somewhat similar you can set up too.

I would recommend setting up openDNS and having it block malware domains though. It it a DNS service, you just change your DNS servers to theirs and then log into their web interface where you can block URL categories or just malware domains. Pretty useful.

An example that may be relevant here... I opened up Tony Pauline's 'Draft Insider' blog on my phone a week or two ago and suddenly a porn site loaded up... which is strange considering my phone won't even let me open Pro-Football Talk without switching the settings. Seems like if you have a blog and don't keep an eye on the comments section, you could be in trouble.

The majority of alerts like that on legitimate websites are ads from quasi-legitimate online ad revenue sites. Obviously, we don't have ads here; but there are plenty of custom avatar pics hosted on a gazillion different websites, so just someone's profile pic being hosted on some untrusted site can trigger that.

...Or, a terrorist cracked .NET, and we're all getting a thousand viruses right now.

We run into this at my work. We provide a front end that insurance companies log into. We get a ton of false positives, and sometimes it is a random auto selected content setting or just for no apparent reason at all.

There is this sort of random half-joke half-rumor that the browser makers are going to start making us pay a fee to be "secure" and "well-known" and "safe" on their browser. On some of the stuff I've seen in alpha and beta testing it wouldn't surprise me a bit if we were headed down this road. I think a whole new round of browser wars are coming. Of course on the flip-side, we are just putting a lot more time toward developing our own apps for our customers to use that are free, and then they don't have to deal with any of that business. They download it from us, we control the back end, so they know that's secure, and we control log-ins, so that's secure, and we control the program in which the "workgroup" (can't give too much away here) that is receiving the data uses and all interactions. The web side of it just makes it easier, but we can bypass it entirely, but I find myself spending an inordinate amount of time going back through really specific processes that a big customer has dealt with for a day or two, only to find out it's just nothing and they're getting a false positive (or a negative, however you want to look at it).

We have NO outside advertising of any sort and are used by professionals in the industry to process claims, so it wouldn't even be some piece of bad linkage causing the problem. It's an irritant, but we usually figure it out within 15-20 minutes. It's the increased frequency that is the problem, and then I have to be a jerk and tell the president of a major company (well I don't, but the contact at my company who has me run through everything in the product does using my steps of reproduction and my workaround) that "we are very sorry, but this is why we only support IE 7,8, and 9 (barrrrrf), and don't provide support if you are using Chrome, Firefox or anything else (that works ten times better). Have a good day!

_________________

R.I.P. Dad. I miss you. You will never be forgotten
1/12/39 - 8/7/08