RCU Forums - View Single Post - Virus warning
Thread: Virus warning
View Single Post
Old 08-28-2012, 10:39 AM
  #58  
Radical Departure
My Feedback: (13)
 
Radical Departure's Avatar
 
Join Date: Jul 2003
Location: Fayetteville, Arkansas AR
Posts: 514
Likes: 0
Received 0 Likes on 0 Posts
Default RE: Virus warning
ORIGINAL: TheDriftingNarwhal
You have to understand how the applications work.
If something looks like an attack - even if it isn't - it will try to block it. If there is no way to block it, perhaps it won't allow you to continue to the page.

As far as the ''Superior'' Norton, perhaps rather than Norton being ''smarter'' than all the rest, perhaps it is simply a different form of security software that doesn't scan for that type of attack and therefore does not display an error.

And this is most likely a block that is consistent among programs that actively block such issues. No problems with this, however I can say that it isn't the fault of the web developers or advertisers (morerc.com seems legit but not sure there) but more likely a failed implementation using code logically written accidentally in the same form of an attack.

It isn't an attack most likely. Think of emails - images are blocked unless you know who they are because images can lead to attacks. Of course most images are not attacks.. but they are prevented anyways.

This problem however is a more unlikely coincidence in the code and is therefore blocked with more effort.

It's pretty much just the software doing what it's supposed to do, it can only go so far to determine if something truly is an attack.
Personally I don't think its an actual exploit, but as you mentioned, more than likely sloppy coding. On the other hand, I'm not going to risk it by disabling a bunch of stuff and seeing if that is indeed valid. Plenty of legit sites have had problems, sites much bigger than RCU or morerc.com. In that vein, if other network devices are also showing a site has a problem, then I have to take it that there is a problem, regardless if its sloppy code or an actual exploit. Sloppy code opens itself up to exploits, so who's to say what the real deal is until the code is actually looked at. At a minimum, one way to find out is to pull the banner ads in question and see what happens. Its interesting to note that the spikes started on Aug. 20th. Shouldnt be hard for the web guys to backtrack to that date and see what changed.
Radical Departure is offline  
Reply Like