Loading Profile...
Avira repeatedly reports virus detection at xmarks.com
When accessing data from the URL, "http://www.xmarks.com/"
a virus or unwanted program 'HTML/Spoofing.Gen' [virus] was found.
a virus or unwanted program 'HTML/Spoofing.Gen' [virus] was found.
I’m irritated
1
person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
The best solution from the company
-
Steve,
The Avira warning you describe is triggered when malicious sites use misleading URLs to deceive unsuspecting visitors. For example, the URL http://www-paypal.com/login might look at first glance like a genuine PayPal web site address, but a closer inspection reveals that www-paypal.com is not the same as www.paypal.com. Avira is providing a useful service here.
Unfortunately sometimes Avira reports false positives, as your experiences with Xmarks.com demonstrate. On Xmarks.com we construct our URL like so: http://xmarks.com/site/https://www.ya... Notice the yahoo.com address which appears at the end.
Our software uses this "yahoo.com" portion of the address to keep track of which site you requested information about. But Avira perceives this as attempted URL-misdirection on our part. I can assure you that we are in no way trying to mislead you into visiting a web site you never intended to visit.
I am opening a ticket in our issue-tracking software which describes the Avira problem you've reported. For the time being, you may ignore these Avira warnings when visiting our web site, or as an alternative you may add our web address to Avira's "whitelist" to make it stop reporting these false positives.
Thank you for bringing this to our attention.
regards,
Patrick
The company says
this solves the problem
-
Inappropriate?Steve,
The Avira warning you describe is triggered when malicious sites use misleading URLs to deceive unsuspecting visitors. For example, the URL http://www-paypal.com/login might look at first glance like a genuine PayPal web site address, but a closer inspection reveals that www-paypal.com is not the same as www.paypal.com. Avira is providing a useful service here.
Unfortunately sometimes Avira reports false positives, as your experiences with Xmarks.com demonstrate. On Xmarks.com we construct our URL like so: http://xmarks.com/site/https://www.ya... Notice the yahoo.com address which appears at the end.
Our software uses this "yahoo.com" portion of the address to keep track of which site you requested information about. But Avira perceives this as attempted URL-misdirection on our part. I can assure you that we are in no way trying to mislead you into visiting a web site you never intended to visit.
I am opening a ticket in our issue-tracking software which describes the Avira problem you've reported. For the time being, you may ignore these Avira warnings when visiting our web site, or as an alternative you may add our web address to Avira's "whitelist" to make it stop reporting these false positives.
Thank you for bringing this to our attention.
regards,
Patrick
The company says
this solves the problem
-
Inappropriate?really helpful reply Patrick, thanks for the prompt response.
Avira reports this when I launch Firefox, so presumably xmarks is looking up the home site upon launch and triggering the false positive. Can you explain what the mechanism is that does that lookup on launch? I have auto updating turned off (or I thought I did ;) )
I’m undecided
-
Inappropriate?While this probably won't be very satisfying to hear, the correct answer is... it depends. It depends upon which version of the product you have installed. It depends upon which features you currently have enabled. And it can also depend upon which home page you have chosen for your browser to display each time it is launched.
For example, on the machine I'm using at the moment my browser home page is set to perform a set Google search on startup. Consequently, Xmarks will also ask our servers for additional metadata about my search, since I have the "Smarter Search" and "Site Info" features enabled (under the Discovery tab in the Xmarks Settings dialog.)
As I mentioned earlier, if you have the option of adding a "whitelist" entry to Avira to tell it not to caution you about xmarks.com URLs, that might be a tenable solution for the short term.
Additionally, if you have any detailed log information from Avira about what exactly it deems to be suspect xmarks.com URLs, that would be very valuable to us as we begin to investigate a permanent solution.
regards,
Patrick
1 person says
this solves the problem
-
Inappropriate?All avira reports is the info i originally posted above, I'm afraid.
I load a blank page on browser launch, always. Slow enough launching as it is :(
I would guess it's the "smarter search" features that are triggering the false positive (making the assumption your explanation fits the circumstance ;) )
I'll white list the site - although that isn't necessarily ideal I guess it's no dumber than allowing xmarks to synchronize my passwords :D
Thanks for the responses Patrick.
Regards,
Steve
I’m thankful, happy
-
Inappropriate?My pleasure, Steve.
Avira seems to have a decent track record of cleaning up false positives in their AV client. If we determine that we can't fix this on our side we will open a ticket with Avira, so be sure to keep your Avira client up to date.
cheers,
Patrick
EMPLOYEE
