Reply to topic

Avast blocks Neon images

raddison
Registered Member
Posts
513
Karma
0

Avast blocks Neon images

Fri Jan 20, 2017 5:52 pm
Hi guys,

Right to the point: Avast blocks Neon User and User LTS images to download. A message pops up saying Win64:vitro threat detected.

The files triggering aforementioned detection are vmlinuz and vmlinuz.efi.

Submitted both files to Virus Total. There too, Avast (only) detected the same infection in both.

Submitted the files to Avast themselves. They concluded both were false positives and told me to update because they had corrected the problem. Updated time and time again to no avail. Avast is still blocking the downloads.

None of the other "reputable" anti-virus programs detect anything malicious or unwanted.

My point: some Windows users who want to cross over to Neon might be scared off/ might become suspicious.

I think those are false positives but my peace of mind is gone. That's rather unfortunate because I love Neon.

A Windows-specific malware in a GNU/Linux OS makes no sense to me.

If any of you has had a similar experience in conjunction with Avast and Neon, please post it. I'd like my peace of mind restored.


Best wishes community,
Richard Addison


Proud to be powered by Plasma
nalvarez
Registered Member
Posts
6
Karma
0
OS

Re: Avast blocks Neon images

Fri Jan 20, 2017 6:23 pm
Ugh, Avast too? We already had trouble with Chrome Safe Browsing marking the .iso files as potentially dangerous right after the download...
User avatar alideda
Registered Member
Posts
200
Karma
0
OS

Re: Avast blocks Neon images

Fri Jan 20, 2017 7:11 pm
This address has been compromised,
I think I'll bypass the Neon because this is not the first case, unlocked repositories, browser automatically download from this server, no more trust.
http://ftp.icm.edu.pl/packages/kde-appl ... -amd64.iso
Image
User avatar kde-jriddell
Registered Member
Posts
64
Karma
0
OS

Re: Avast blocks Neon images

Fri Jan 20, 2017 7:28 pm
It's nonsense and I've no idea why it would claim to be compromised.

Verify your image using gpg
>gpg2 --verify neon-useredition-20170119-1018-amd64.iso.sig
gpg: assuming signed data in 'neon-useredition-20170119-1018-amd64.iso'
gpg: Signature made Thu 19 Jan 2017 11:18:13 GMT using RSA key ID 075E1D76
gpg: Good signature from "KDE neon ISO Signing Key <neon@kde.org>" [full]

It will match this key
https://keyserver.ubuntu.com/pks/lookup ... 00075E1D76
User avatar bcooksley
Administrator
Posts
19763
Karma
87
OS

Re: Avast blocks Neon images

Fri Jan 20, 2017 7:54 pm
The file has been re-reported to Avast for additional review, as it would appear they haven't resolved the issue. This is something which is out of our hands and is something we can do nothing about unfortunately.


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
User avatar alideda
Registered Member
Posts
200
Karma
0
OS

Re: Avast blocks Neon images

Fri Jan 20, 2017 8:18 pm
The file is blocked by Firefox browsers so it is not possible to do the checking. Empty iso file and temporary download file txt.part. I use yandex dns servers that block malware.
Only this server is blocked:
Code: Select all
http://ftp.icm.edu.pl/packages/kde-applicationdata/neon/images/neon-useredition/20170119-1018/neon-useredition-20170119-1018-amd64.iso

What to check when this is impossible?
User avatar bcooksley
Administrator
Posts
19763
Karma
87
OS

Re: Avast blocks Neon images

Fri Jan 20, 2017 8:56 pm
Browse to http://files.kde.org/neon/images/neon-u ... mirrorlist and select an alternative mirror.

Safe Browsing is a separate issue being discussed in the other thread.


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
User avatar kde-jriddell
Registered Member
Posts
64
Karma
0
OS

Re: Avast blocks Neon images

Sat Jan 21, 2017 12:24 am
Reports of KDE neon Downloads Being Dangerous Entirely Exaggerated
http://jriddell.org/2017/01/21/reports- ... aggerated/
raddison
Registered Member
Posts
513
Karma
0

Re: Avast blocks Neon images

Sat Jan 21, 2017 10:27 am
Hi guys,

I don't want or like unjustified paranoia.

I shall ask a third party to post a screenshot with Avast blocking Neon. It will be reasonable proof for me that Avast are sabotaging Neon or they act in good faith but lack competence.


Best wishes community,
Richard Addison


Proud to be powered by Plasma
raddison
Registered Member
Posts
513
Karma
0

Re: Avast blocks Neon images

Sun Jan 22, 2017 12:11 pm
kde-jriddell wrote:It's nonsense and I've no idea why it would claim to be compromised.

Verify your image using gpg
>gpg2 --verify neon-useredition-20170119-1018-amd64.iso.sig
gpg: assuming signed data in 'neon-useredition-20170119-1018-amd64.iso'
gpg: Signature made Thu 19 Jan 2017 11:18:13 GMT using RSA key ID 075E1D76
gpg: Good signature from "KDE neon ISO Signing Key <neon@kde.org>" [full]

It will match this key
https://keyserver.ubuntu.com/pks/lookup ... 00075E1D76



Agreed. However, some Windows users (and wannabe Neon users) can't use that method without a third party app. And that app is more of a headache than anything else.

I think a SHA256 would be beneficial if hosted on a Ubuntu secure server and would practically cure my headache.


Best wishes community,
Richard Addison


Proud to be powered by Plasma
User avatar bcooksley
Administrator
Posts
19763
Karma
87
OS

Re: Avast blocks Neon images

Sun Jan 22, 2017 6:18 pm
Avast's Customer Care team have informed us that they've confirmed the issue and have escalated this to their Virus Lab for further analysis and resolution of the issue.


KDE Sysadmin
[img]http://forum.kde.org/content/bcooksley_sig.png[/img]
raddison
Registered Member
Posts
513
Karma
0

Re: Avast blocks Neon images

Sun Jan 22, 2017 8:50 pm
bcooksley wrote:Avast's Customer Care team have informed us that they've confirmed the issue and have escalated this to their Virus Lab for further analysis and resolution of the issue.


"Escalated"? Yeah. That's exactly what they told me. Then, they said it was a false positive and it would be fixed in the next update. Seems their Customer Care is useless. Perhaps it's worth mentioning they haven't found anything in the images released December 29 2016. Hope they'll manage to sort it out somehow, cause I don't belive there's Win64:vitro in those images. Thanks for keeping us updated on the matter.


Best wishes community,
Richard Addison


Proud to be powered by Plasma
User avatar compatico
Registered Member
Posts
87
Karma
0
OS

Re: Avast blocks Neon images

Mon Jan 23, 2017 1:43 am
raddison wrote:cause I don't belive there's Win64:vitro in those images. Thanks for keeping us updated on the matter.
Best wishes community,
Richard Addison

Rest assured there is no issue...I've downloaded files from all of the mirrors and all of them have the same clear hash - the files have not been infected nor altered. It's an Avast issue with signature recognition producing a false positive which happens a fair bit actually.
raddison
Registered Member
Posts
513
Karma
0

Re: Avast blocks Neon images

Mon Jan 23, 2017 11:22 am
compatico wrote:
raddison wrote:cause I don't belive there's Win64:vitro in those images. Thanks for keeping us updated on the matter.
Best wishes community,
Richard Addison

Rest assured there is no issue...I've downloaded files from all of the mirrors and all of them have the same clear hash - the files have not been infected nor altered. It's an Avast issue with signature recognition producing a false positive which happens a fair bit actually.


Hi,

Unfortunately Avast's services have fallen short of my expectations. Hence I'm giving up on Avast. End of story.

I shall download both User and User LTS. Then I'll checksum both and post the sums right here to be scrutinized by the community. I'm fairly sure there won't be any discrepancies. Just wanna exclude the possibility of a "man in the middle" as well. That should and will restore my confidence.


Best wishes community,
Richard Addison


Proud to be powered by Plasma
User avatar scummos
Global Moderator
Posts
1134
Karma
7
OS

Re: Avast blocks Neon images

Mon Jan 23, 2017 11:28 pm
raddison wrote:Agreed. However, some Windows users (and wannabe Neon users) can't use that method without a third party app. And that app is more of a headache than anything else.

I think a SHA256 would be beneficial if hosted on a Ubuntu secure server and would practically cure my headache.

I think the problem is that the KDE mirror network can't use SSL, because SSL doesn't work well with distributed mirror networks, and thus providing SHA sums is not very useful ... GPG signatures, on the other hand, rely on a different path for verification of the key trust, and thus are useful even if both image and signature come from an unreliable source.

I guess people should consider distributing checksums with their release announcements, be it by email or blog.


I'm working on the KDevelop IDE.

 
Reply to topic

Bookmarks



Who is online

Registered users: Alexa [Bot], Baidu [Spider], Bing [Bot], boudewijn, BulletDust, Cris70, cylverbak, Exabot [Bot], gfielding, Google [Bot], jsamr, mcoudert, mkoniuszko, pasis, Yahoo [Bot]