My security software has locked on this twice today. FL needs to attend to this issue ASAP.
I’ve never encountered this before. What sort of OS and antivirus are you using?
Win 10 & Kaspersky TS
Third-party antivirus software is the virus.
(I realize this doesn't deal w/ the situation you're actually in, but as a piece of advice from a 30+ year technologist...)
-Donnie
Third-party antivirus software is the virus. -Donnie
Would you please elaborate?
The Antivirus is not the virus. This is an old mentality from an era (15-20 years ago) when Antivirus were bloated and did a very bad job blocking antivirus programs. Today antivirus are light and virus blocking technology is so advanced that they block nearly all viruses including zero day viruses.
old mentality from an era (15-20 years ago)
I had carefully been staying out of this thread because I was too lazy to retrieve the details and too experienced to dismiss suggested explanations. Note I call it "experienced" not "old mentality".I had two cases of a security warning alert for Logos.com in the last week and a half or so. They were an attempt to trick me into allowing a virus in under the ruse of protecting me from viruses. Had it persisted, I would have researched it's source further and checked international virus warnings. But I am retired and lazy.
old mentality from an era (15-20 years ago) I had carefully been staying out of this thread because I was too lazy to retrieve the details and too experienced to dismiss suggested explanations. Note I call it "experienced" not "old mentality".I had two cases of a security warning alert for Logos.com in the last week and a half or so. They were an attempt to trick me into allowing a virus in under the ruse of protecting me from viruses. Had it persisted, I would have researched it's source further and checked international virus warnings. But I am retired and lazy.
It's not your job. It's FL's job. They are the ones whose site is being targeted.
I work in the IT industry, so I also have experience. And based on my experience security software is essential. And why would you be the one to troubleshoot it? You work for Faithlife?
And based on my experience security software is essential.
I absolutely agree and I depend upon it.
And why would you be the one to troubleshoot it?
So that I don't open the site, message, etc. that produced the spoofed security alert again. True, it was not as annoying as the old ploy that put the browser in a loop.but I personally prefer to avoid hackers' work. I prefer to appreciate the elegance of a logical proof rather than the elegance of a hacker's hack.
No, it was not FL that was being targeted; it was my machine that was targeted and I happened to navigate to FL so the security error was built to look as if their site was bad ... pretty much whatever I navigated to next would appear to have a security error. Nerdiness is a disease with a very slow recuperation rate ... so, since I can no longer simply call support on the floor below, I do it myself or call my grandson if it's a real puzzle. But I've recovered enough that I rarely pull the cover off any more.
Nerdiness is a disease with a very slow recuperation rate
[:|]
I remember getting one of the early 'smart' phones ... ATT! ... 30 years ago. You could check your stock, and watch the market crash. You had to squeeze under the table, so people wouldn't see you using it.
Such warning messages may or may not be the fault of FL.
From what I've seen of FL's websites and auxiliary content, they're clean.
Sure. Please note that I'm not saying don't use AV software - I'm saying don't use it if it's not from the operating system vendor.
In spite of what Diego Lara stated (and I mean no offense toward him), you can do just a minimum amount of research into all of the security holes that 3rd party AV solutions introduce into your system. They are poorly implemented, security-wise - presenting new vectors of attack all on their own.
With the "protection" they supposedly offer, they must make implementation choices that make a system more insecure. One specific example is the products which supposedly protect your internet traffic in real-time. More and more sites are https by default (secure, TLS = "transport layer security" - which used to be known as SSL); and that trend will continue. TLS works because your operating system or your browser comes with a set of root certificates which are used to verify that the other end of a secure connection is who it says it is. One of the goals of TLS is to prevent man-in-the-middle attacks. Which means any other software or hardware between your browser and the web server on the other end can only see the encrypted traffic. That includes AV software.
To get around this, those AV packages install an additional root certificate - themselves - and then see the decrypted traffic and then re-encrypt it to the web server. This is a man-in-the-middle attack, even if it's supposedly benign. Do you know what they're doing with traffic that you expect to be encrypted? Worse than that, they run behind the standards. All TLS should be at least 1.2 now, 1.3 is better. Browsers and the large internet players and web servers keep very up to date on those standards and on new threats as they're identified and corrected. The AV packages don't.
So... I'm very up-to-date in this space. I've worked in network groups at large online presences. I've not used a 3rd party AV package since Microsoft introduced its first version version of Defender, 2006. I'm talking numerous laptops and PCs for myself, my wife, and my children when they were at home. So I'm putting my money where my mouth is. I use the Windows Defender and Firewall tools that come with the O.S.
I hope that answers your question.
Donnie
Heresy! Wait, I'm in the same club... [;)]
