Avast blocks Neon images
Tags:
None
Registered Member 
|
Hi guys,
Right to the point: Avast blocks Neon User and User LTS images to download. A message pops up saying Win64:vitro threat detected. The files triggering aforementioned detection are vmlinuz and vmlinuz.efi. Submitted both files to Virus Total. There too, Avast (only) detected the same infection in both. Submitted the files to Avast themselves. They concluded both were false positives and told me to update because they had corrected the problem. Updated time and time again to no avail. Avast is still blocking the downloads. None of the other "reputable" anti-virus programs detect anything malicious or unwanted. My point: some Windows users who want to cross over to Neon might be scared off/ might become suspicious. I think those are false positives but my peace of mind is gone. That's rather unfortunate because I love Neon. A Windows-specific malware in a GNU/Linux OS makes no sense to me. If any of you has had a similar experience in conjunction with Avast and Neon, please post it. I'd like my peace of mind restored. Best wishes community, Richard Addison
Proud to be powered by Plasma
|
|
KDE Developer
|
Ugh, Avast too? We already had trouble with Chrome Safe Browsing marking the .iso files as potentially dangerous right after the download...
|
Registered Member
|
This address has been compromised,
I think I'll bypass the Neon because this is not the first case, unlocked repositories, browser automatically download from this server, no more trust. http://ftp.icm.edu.pl/packages/kde-appl ... -amd64.iso 
|
Registered Member
|
It's nonsense and I've no idea why it would claim to be compromised.
Verify your image using gpg >gpg2 --verify neon-useredition-20170119-1018-amd64.iso.sig gpg: assuming signed data in 'neon-useredition-20170119-1018-amd64.iso' gpg: Signature made Thu 19 Jan 2017 11:18:13 GMT using RSA key ID 075E1D76 gpg: Good signature from "KDE neon ISO Signing Key <neon@kde.org>" [full] It will match this key https://keyserver.ubuntu.com/pks/lookup ... 00075E1D76 |
Administrator
|
The file has been re-reported to Avast for additional review, as it would appear they haven't resolved the issue. This is something which is out of our hands and is something we can do nothing about unfortunately.
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
The file is blocked by Firefox browsers so it is not possible to do the checking. Empty iso file and temporary download file txt.part. I use yandex dns servers that block malware.
Only this server is blocked:
What to check when this is impossible? |
|
Administrator
|
Browse to http://files.kde.org/neon/images/neon-u ... mirrorlist and select an alternative mirror.
Safe Browsing is a separate issue being discussed in the other thread.
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
Reports of KDE neon Downloads Being Dangerous Entirely Exaggerated
http://jriddell.org/2017/01/21/reports- ... aggerated/ |
|
Registered Member
|
Hi guys,
I don't want or like unjustified paranoia. I shall ask a third party to post a screenshot with Avast blocking Neon. It will be reasonable proof for me that Avast are sabotaging Neon or they act in good faith but lack competence. Best wishes community, Richard Addison
Proud to be powered by Plasma
|
|
Registered Member
|
Agreed. However, some Windows users (and wannabe Neon users) can't use that method without a third party app. And that app is more of a headache than anything else. I think a SHA256 would be beneficial if hosted on a Ubuntu secure server and would practically cure my headache. Best wishes community, Richard Addison
Proud to be powered by Plasma
|
|
Administrator
|
Avast's Customer Care team have informed us that they've confirmed the issue and have escalated this to their Virus Lab for further analysis and resolution of the issue.
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
"Escalated"? Yeah. That's exactly what they told me. Then, they said it was a false positive and it would be fixed in the next update. Seems their Customer Care is useless. Perhaps it's worth mentioning they haven't found anything in the images released December 29 2016. Hope they'll manage to sort it out somehow, cause I don't belive there's Win64:vitro in those images. Thanks for keeping us updated on the matter. Best wishes community, Richard Addison
Proud to be powered by Plasma
|
Registered Member
|
Rest assured there is no issue...I've downloaded files from all of the mirrors and all of them have the same clear hash - the files have not been infected nor altered. It's an Avast issue with signature recognition producing a false positive which happens a fair bit actually. |
|
Registered Member
|
Hi, Unfortunately Avast's services have fallen short of my expectations. Hence I'm giving up on Avast. End of story. I shall download both User and User LTS. Then I'll checksum both and post the sums right here to be scrutinized by the community. I'm fairly sure there won't be any discrepancies. Just wanna exclude the possibility of a "man in the middle" as well. That should and will restore my confidence. Best wishes community, Richard Addison
Proud to be powered by Plasma
|
Global Moderator
|
I think the problem is that the KDE mirror network can't use SSL, because SSL doesn't work well with distributed mirror networks, and thus providing SHA sums is not very useful ... GPG signatures, on the other hand, rely on a different path for verification of the key trust, and thus are useful even if both image and signature come from an unreliable source. I guess people should consider distributing checksums with their release announcements, be it by email or blog.
I'm working on the KDevelop IDE.
|
Bookmarks
Who is online
Registered users: Bing [Bot], blue_bullet, Google [Bot], rockscient, Yahoo [Bot]
