Internet Security Warning Alert for Logos.com

Page 1 of 1 (14 items)
This post has 13 Replies | 1 Follower

Posts 4932
David Paul | Forum Activity | Posted: Wed, Apr 15 2020 6:44 PM

My security software has locked on this twice today. FL needs to attend to this issue ASAP.

Posts 733
David Wanat | Forum Activity | Replied: Wed, Apr 15 2020 8:37 PM

I’ve never encountered this before. What sort of OS and antivirus are you using?

WIN 10 i7 9750H, RTX 2060, 16GB RAM

Ultimate: Verbum | Diamond: Orthodox  | Gold: Eastern Rite, Ordinariate, Anglican | Silver: Baptist, Lutheran, Messianic, Methodist, Pentecostal, Reformed, SDA, Standard

Posts 4932
David Paul | Forum Activity | Replied: Thu, Apr 16 2020 12:54 AM

Win 10 & Kaspersky TS

Posts 1937
Donnie Hale | Forum Activity | Replied: Thu, Apr 16 2020 9:51 AM

Third-party antivirus software is the virus.

(I realize this doesn't deal w/ the situation you're actually in, but as a piece of advice from a 30+ year technologist...)

-Donnie

Posts 4932
David Paul | Forum Activity | Replied: Thu, Apr 16 2020 6:44 PM

Donnie Hale:

Third-party antivirus software is the virus.

-Donnie

Would you please elaborate?

Posts 70
Diego Lara | Forum Activity | Replied: Thu, Apr 16 2020 8:44 PM

The Antivirus is not the virus. This is an old mentality from an era (15-20 years ago) when Antivirus were bloated and did a very bad job blocking antivirus programs. Today antivirus are light and virus blocking technology is so advanced that they block nearly all viruses including zero day viruses. 

Posts 29293
Forum MVP
MJ. Smith | Forum Activity | Replied: Thu, Apr 16 2020 9:20 PM

Diego Lara:
old mentality from an era (15-20 years ago)

I had carefully been staying out of this thread because I was too lazy to retrieve the details and too experienced to dismiss suggested explanations. Note I call it "experienced" not "old mentality".

I had two cases of a security warning alert for Logos.com in the last week and a half or so. They were an attempt to trick me into allowing a virus in under the ruse of protecting me from viruses. Had it persisted, I would have researched it's source further and checked international virus warnings. But I am retired and lazy.

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 4932
David Paul | Forum Activity | Replied: Thu, Apr 16 2020 9:24 PM

MJ. Smith:

Diego Lara:
old mentality from an era (15-20 years ago)

I had carefully been staying out of this thread because I was too lazy to retrieve the details and too experienced to dismiss suggested explanations. Note I call it "experienced" not "old mentality".

I had two cases of a security warning alert for Logos.com in the last week and a half or so. They were an attempt to trick me into allowing a virus in under the ruse of protecting me from viruses. Had it persisted, I would have researched it's source further and checked international virus warnings. But I am retired and lazy.

It's not your job. It's FL's job. They are the ones whose site is being targeted.

Posts 70
Diego Lara | Forum Activity | Replied: Thu, Apr 16 2020 10:21 PM

I work in the IT industry, so I also have experience. And based on my experience security software is essential. And why would you be the one to troubleshoot it? You work for Faithlife?

Posts 29293
Forum MVP
MJ. Smith | Forum Activity | Replied: Fri, Apr 17 2020 12:43 AM

Diego Lara:
And based on my experience security software is essential.

I absolutely agree and I depend upon it.

Diego Lara:
And why would you be the one to troubleshoot it?

So that I don't open the site, message, etc. that produced the spoofed security alert again. True, it was not as annoying as the old ploy that put the browser in a loop.but I personally prefer to avoid hackers' work. I prefer to appreciate the elegance of a logical proof rather than the elegance of a hacker's hack.

David Paul:
It's not your job. It's FL's job. They are the ones whose site is being targeted.

No, it was not FL that was being targeted; it was my machine that was targeted and I happened to navigate to FL so the security error was built to look as if their site was bad ... pretty much whatever I navigated to next would appear to have a security error. Nerdiness is a disease with a very slow recuperation rate ... so, since I can no longer simply call support on the floor below, I do it myself or call my grandson if it's a real puzzle. But I've recovered enough that I rarely pull the cover off any more.

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 11054
Denise | Forum Activity | Replied: Fri, Apr 17 2020 6:48 AM

MJ. Smith:
Nerdiness is a disease with a very slow recuperation rate

Indifferent

I remember getting one of the early 'smart' phones ... ATT! ... 30 years ago. You could check your stock, and watch the market crash.  You had to squeeze under the table, so people wouldn't see you using it.

"I didn't know God made honky tonk angels."

Posts 2588
Lee | Forum Activity | Replied: Fri, Apr 17 2020 7:39 AM

Such warning messages may or may not be the fault of FL.

From what I've seen of FL's websites and auxiliary content, they're clean.

Posts 1937
Donnie Hale | Forum Activity | Replied: Sat, Apr 18 2020 1:45 PM

David Paul:
Would you please elaborate?

Sure. Please note that I'm not saying don't use AV software - I'm saying don't use it if it's not from the operating system vendor.

In spite of what Diego Lara stated (and I mean no offense toward him), you can do just a minimum amount of research into all of the security holes that 3rd party AV solutions introduce into your system. They are poorly implemented, security-wise - presenting new vectors of attack all on their own.

With the "protection" they supposedly offer, they must make implementation choices that make a system more insecure. One specific example is the products which supposedly protect your internet traffic in real-time. More and more sites are https by default (secure, TLS = "transport layer security" - which used to be known as SSL); and that trend will continue. TLS works because your operating system or your browser comes with a set of root certificates which are used to verify that the other end of a secure connection is who it says it is. One of the goals of TLS is to prevent man-in-the-middle attacks. Which means any other software or hardware between your browser and the web server on the other end can only see the encrypted traffic. That includes AV software.

To get around this, those AV packages install an additional root certificate - themselves - and then see the decrypted traffic and then re-encrypt it to the web server. This is a man-in-the-middle attack, even if it's supposedly benign. Do you know what they're doing with traffic that you expect to be encrypted? Worse than that, they run behind the standards. All TLS should be at least 1.2 now, 1.3 is better. Browsers and the large internet players and web servers keep very up to date on those standards and on new threats as they're identified and corrected. The AV packages don't.

So... I'm very up-to-date in this space. I've worked in network groups at large online presences. I've not used a 3rd party AV package since Microsoft introduced its first version version of Defender, 2006. I'm talking numerous laptops and PCs for myself, my wife, and my children when they were at home. So I'm putting my money where my mouth is. I use the Windows Defender and Firewall tools that come with the O.S.

I hope that answers your question.

Donnie

Posts 2588
Lee | Forum Activity | Replied: Sat, Apr 18 2020 1:52 PM

Donnie Hale:

Sure. Please note that I'm not saying don't use AV software - I'm saying don't use it if it's not from the operating system vendor.

Heresy! Wait, I'm in the same club...  Wink

Page 1 of 1 (14 items) | RSS