Urgent admin attention needed (security)

[risey]

Hi there, Norton is flagging all AVID links including the forum as unsafe, I investigated further by going to https://safeweb.norton.com/report/show?url=avid.com and a zip file on your server has a trojan in it. All users with Norton will get this unsafe message. I also noticed AVID server was down for a while today as I could not sign in....

[Carl Kolchak]

Funnily enough, I encountered the same thing - several downloads were taking hours, and failing.

I ended up trying to download at another facility, and they encountered the Norton problem - their admin got in a flap, and refused to allow me to visit the site, let alone log in and download anything.

Don't know if it was just today, or if Norton always has this problem - but as a precaution, it made me think twice about accessing Avid.com on the studios Mac.


Sent from my iPhone using Tapatalk

[Darryl Ramm]

You should be treating these warnings as likely wrong. Lots of false positives that waste you time. Although, sure Avid should check.

Most software vendors, and I hope Avid as well do pretty thoughtful AV inspection of files they publish. It's pretty standard practice to run ever file though multiple AV checkers before publishing, and I would hope Avid does that.

But in general I have an easy solution. Uninstall Norton from your PC. Poor quality AV software *is* the virus destroying your computer.



Sent from my iPhone using Tapatalk

[risey]

As you can see Norton has found the suspicious zip file on their server causing the problems, whether false positive or not. As for uninstalling Norton, no chance, I been using Norton since 1999 and along side Malwarebytes they have saved my ass many times :P

[Raphie]

False positive

Trojan.Gen is a generic detection for many individual but varied Trojans for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics.

Trojan horse programs pose as legitimate programs or files that users may recognize and want to use. They rely on this trick to lure a user into inadvertently running the Trojan. Often a Trojan will mimic a well known legitimate file name or pose as a particular type of file, like a .jpg or .doc file to trick a user.

Distribution of Trojans on to compromised computers occurs in a variety of ways. From email attachments and links to instant messages, drive-by downloads and being dropped by other malicious software. Once installed on the compromised computer, the Trojan begins to perform the predetermined actions that it was designed for.
Antivirus Protection Dates

[JoelG]

I'm not sure whether there is anything to be worried about (probably not), but that file appears to be a time server setup file used for Avid Interplay, in case anyone was curious: http://resources.avid.com/SupportFil...ms%20Rev.E.pdf

I would never run a Windows system without an AV, but I would agree that Norton is probably more of a problem then solution..

Joel

[DJ Hellfire]

Norton sucks. It uses a ridiculous amount of system resources. In my PC days, I ran AVG Free and never had an issue. It's lightweight and doesn't require you to install a bunch of bloatware, at least not the last time I used it. Haven't ran a PC since 2013, and even then, 2011-2013 I ran it with no anti-virus at all and just stayed away from any suspect sites. Never had an issue outside of one client bringing an infected flash drive. A quick google search and I was able to find and remove that virus manually, and never plugged anyone's drive into the computer again. That $1000 PC build ran exceptionally well until I sold it for barely $200 (minus ebay/paypal fees) two years after building it.

[jeffro]

It's a false positive. That file has been there for over a year with no problems reported. We even scanned it again (still clean) and then removed it (yesterday). Norton is still flagging our site. They said they need to rescan our site so we are pursuing that (they said the process could take 15-20 days).

[Darryl Ramm]

The best protection against trojanware is not any AV software, it's the wetware between your ears. Given the false positives, number of zero day exploits and overall impact of, and vulnerabilities themselves in AV software it is far from a natural to just assume it is a good idea. Or to think it is "saving your ass" just because it's flagging alerts... many of them can be false.

The best thing is don't download any crap you don't need to to a production DAW, don't use it to surf the internet or do email and don't allow other muppets who don't need to to touch the computer, connect drives etc. to it. And if you do need to move stuff to the computer stage it through a different computer and run AV software on the files there. Keeping a DAW stable often means tuning off OS automatic updates, which makes the computer vulnerable to attack... but many of those still require sloppy user actions. If you are not automatically or manually pulling latest OS updates for stability reasons then it's even more important to keep the computer offline/away from idiot users.

[panamajack]

Been accessing the DUC from a PC with Norton Anti-Virus running in the background for more than a year. I have PT installed on other computers. Downloaded a few user manuals recently. Now Norton Anti-Virus has flagged a directory that is telling me a file Norton calls "Trojan.Gen.2" is hiding there. Partial url is:

http://resources.avid.com/SupportFil...eSync/NTPprep_

Is Avid's site good to go or has Norton stumbled on a dormant virus lurking in the support files?