April Fools!

[mmhmm]

I haven't had any trouble since the April Fools' day avatar joke, yclept. My computer is working just fine. I don't know why Chrome would be warning you about those pages, either, since I've opened them and have had no problems. I use IE here. You might want to try a deep scan and a registry cleaning to see if that helps you any.

[moon/Laura]

yclept, the prank was only in effect for 12 hrs, after which everyone's avatars returned to whatever they were prior. no one else has reported anything like what you are seeing, so if you are getting a warning it seems like it has to be from something other than the prank.

wondering if any other chrome users have been getting warnings?? or anyone else at all, for that matter?

[mmhmm]

I don't have Chrome, Moon, but I'm posting on Firefox now, just to see if there are any problems surfacing here. Not a one. All's running smoothly. If yclept has a problem I doubt it came from this site. It might be an incompatibility somewhere, or could be a virus picked up elsewhere. There's lots of things that can cause slow performance. Why Chrome would be warning about certain pages in a thread here is beyond me. I'm getting nothing of the sort on either browser.

[privateinvestor]

Apr 4, 2011 13:00:07 GMT -5 mmhmm said:

I don't have Chrome, Moon, but I'm posting on Firefox now, just to see if there are any problems surfacing here. Not a one. All's running smoothly. If yclept has a problem I doubt it came from this site. It might be an incompatibility somewhere, or could be a virus picked up elsewhere. There's lots of things that can cause slow performance. Why Chrome would be warning about certain pages in a thread here is beyond me. I'm getting nothing of the sort on either browser.

If there are any links or tie ins with Facebook sites you may get a virus warning...I have with Norton Security Firewall recently.

But then again it might just be a Beautiful People thing again..

[yclept]

Most reviews I've read rate Chrome much better than I.E in most respects -- malware detection included. That's why I use it. This machine came with I.E., but I'm pretty sure the only time I ever used it was to download Chrome when I first got this machine a few months ago. I might have made things worse by getting rid of my avatar altogether since I didn't like the thing the malware provided -- I don't know, maybe that somehow opened me up to more consequences.
I'll do a deep scan and registry clean when I have time. If the boot doesn't improve, I guess I might take it somewhere for further analysis (not a pleasant prospect since it's a desktop, not to mention whatever the analysis will cost me), or buy another computer -- that's probably the only safe thing to do -- where shall I send the bill? I can't say for sure, but the slower boot started happening just about the time that this avatar thing came up.
I make a significant part of my living investing through use of this machine. It is vital that I know it is going to work. For all I know the extra boot time is due to some count-down that's going to wipe me out -- when? -- maybe next April 1? -- a potential time bomb I can't afford to risk.

[mmhmm]

Well, yclept, it doesn't seem logical that only one computer would be impacted if there had been something wrong with the avatars used. Moon would have heard from others who were having problems. Surely there are others here who use chrome, as well. Removing your avatar shouldn't have made any difference, and I'm sure this isn't the only site you visit on the internet. If there is a virus, it could have come from anywhere and timing may have been no more than a coincidence. One thing you have on a message board that you don't have on other sites is the opportunity to ask others if they're experiencing problems. Since nobody else seems to be, it's very safe to assume your problems didn't come from this site.

[moon/Laura]

if you don't have it already, the free version of malwarebytes (malwarebytes.com) is a good program..

i use firefox exclusively, both at home and at work and haven't had any issues..

[mmhmm]

Agree, Moonbeam. I use Malwarebytes, as well, along with SuperAntiSpyware. Between the two of them, I've never had an issue. I usually use IE, but have Firefox and use it from time to time. Using Microsoft Security Essentials as my virus program right now and have been quite satisfied with it, so far.

[Virgil Showlion]

Yclept,

The AFD avatars were .JPG images downloaded by me and then reuploaded to www.mediafire.com. Mediafire can generate false positives in certain malware detectors set to "extremely high" because it serves images in a way that could potentially (but does not) spoof the MIME type of the returned image.

In simple terms: if mediafire.com was a malicious site, an attacker could theoretically determine if your browser has certain image handling/filtering plugins. That said, there is no literature anywhere online that indicates mediafire.com exploits this vulnerability.

If the problem persisted even beyond the end of the Pokemon avatars, then Chrome obviously doesn't like somebody's new avatar. I'd be interested to know which page(s) the error pops up on and what specifically the error message is. All 'normal' avatars are handled by the ProBoards servers, and they sanitize incoming content thoroughly.

I strongly suspect that Chrome is triggering on a false positive, but I'll check it out for you.

- Virgil (Mod)

[yclept]

SBS found another instance of a Chrome user seeing warnings on a board I've never pulled up:
ETA: It looks likes someone else with Chrome is having issues on another Proboards thread.
notmsnmoney.proboards.com/index.c....lay&thread=5961

Today, Chrome is warning me to avoid opening pages 2, 4, and 7 of this thread. Today I tried pulling the pages up one by one by filling in their number in the "go to" box. Before today I had tried to go forward and backward using the directional arrows -- using that method lead me to believe that there was a whole block of pages showing the warning, but, of course I was trying to work my way towards the middle from top and bottom, and was stopped by the first page giving an error message. I just assumed all the ones in between were going to also give the warning.
I tried to copy and paste the Chrome warning, but it would not copy. I'll have to write it down and retype on another post.

[yclept]

The Google warning starts with a red circle containing a minus sign, then reads as follows:

"WARNING: Something's Not Right Here
notmsnmoney.broboards.com contains content from w_w.avatarswizard.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified w_w.avatarwizard.com that we found malware on the site. For more about the problem found on w_w.avatarswizard.com, visit the Google Safe Browsing diagnostic page."

"Google Safe Browsing diagnostic page" is a link on the warning page.

then there's a green message bar that says "Go Back"

"If you understand that visiting this site may harm your computer, Proceed anyway"

"Proceed anyway" is a link.

Edit: On the Google warning, the references to w_w.avatarswizard.com are not links, but were appearing as such on my post. Proboards seemed to be recognizing the form of a web address and turning them into links. I have replaced the middle "w" with an underline character to get rid of them as links. I don't think its a place anyone should want to go unless well enough armed to deal with whatever dangers may lurk there.

[Virgil Showlion]

It looks like a particular poster's avatar comes from a site that Chrome doesn't like. I've sent him/her a PM asking her to choose a new one.

I'll stress here that viewing images hosted on a potentially malicious domain does not create a security risk. In your case, Yclept, Chrome is trying to make sure you don't visit the site directly.

[Virgil Showlion]

The offending avatar has been removed. Let me know if the problem persists, Yclept.

[yclept]

Page 2 will now load for me. Pages 4 and 7 still give the warning.

Virgil,
I accept your explanation of this particular problem. However, I am still not comfortable about the fact that people with no affiliation to Proboards (i.e. you, right now) are, as far as I can tell, able to insert their own code in the HTML that creates a page and then somehow backload that code for other user's browsers to process and load. I've never seen anyone able to do so on any other site. I thought websites were supposed to have sandboxes where only their own programmers can "play". I only know enough to be dangerous to my sanity, such that HTML can direct the browser to some other site, and that Javascript is sort of a little executable running inside the browser, the limits of which I don't know (I'd hate to think it can do the old CPM/DOS equivalent of "C:del*.*".
It just seems to me that opens opportunities for any programmer to insert just about any code they want. I'm not saying you have nefarious intent, but there have to be millions of programmers out there who could do this, not all of whom would have lofty intent.
The avatar thing was probably good. It had not really questioned how you got the charts and such on the top of that other message board. The avatar thing brought it to my attention. When I examine the script on that board, I can see some of your inserted code -- don't pretend to understand it, and as I mentioned before I've never seen another website that seems to allow random users to insert stuff of their own to be downloaded to every other user.
I don't get a warm and fuzzy feeling about it. As time allows, I'm still doing some general reading about Javascript capabilities. Until I satisfy myself that this place is safe, I won't be using it much, if at all.

[Virgil Showlion]

Yclept,

ProBoards allows site administrators to insert code. Any new feature on the site, including the smileys, karma features, application bar, spell checker, message icons, "jump to page" feature, any many others are all implemented using JavaScript code.

JavaScript cannot access your file system. It cannot execute native code on your machine. It cannot change permissions, install applications, or access your local network.

In modern browsers (IE 8+, FF 3+), the only way to compromise your system is as follows:

• Install a malicious 'plugin'. Some sites will prompt you to install plugins automatically. This is typically what is meant by 'installing malware'. All such installations must be explicitly authorized by you. The attacks sometimes work because the plugin can be described as anything. For example, "Helpful Video Player". People who don't know any better go to sites like avatarwizards.com and reply "Allow" to plugin requests.
• Mark a site as 'trusted' when it isn't trusted.
• Leave ports accessible on your machine (this is virtually impossible to do in Windows XP or later).
• Download and run/install applications.
• Download and install poorly-programmed "toolbars" for your browser.
• View flash applets with outdated flash players.
• Download an HTML file to your local file system and run it on your hard drive.

Unless your machine is already infected, is using a poorly-programmed plugin, or you are using an older browser (pre-IE8 FF3), the following actions can not compromise your machine:

• Visiting a website.
• Clicking on any button or using any control on a website except the dialogs used to authorize plugin and toolbar installs, or homepage changes.
• Viewing an image.
• Downloading (but not executing) a file. (Note that most virus checkers will set off alarm bells if you download an infected file, for obvious reasons.)

This being said, many web browsers and virus checkers will give you strongly-worded Threat Detected or even Threat Neutralized messages when you attempt to do some of these things. The obvious reasons for this are: i) malware detectors consider you to be a "dumb user" and will protect you from situations where you could make a bad decision, ii) malware detectors like to remind you that they're there (and that you should keep on paying your monthly renewal fees).

All webpages do have the capability to doing the following:

• Determine your IP address (which indicates your ISP and location).
• Determine the website that referred you to your current location.
• Determine your Windows/Linux username, your browser type, and many of your hardware capabilities.
• Track the times and dates that you visit specific domains.
• Track all of your keystrokes while you are viewing a webpage on a given domain.
• Hang your browser (and possibly also your computer).
• Prevent you from closing your browser or certain popup windows.
• Fake the appearance of legitimate websites.
• Initiate requests to download/run files, install plugins, install toolbars, or change the homepage of your browser.
• Fill up your screen and prevent you from accessing other applications without Ctrl+Alt+Delete.
• Redirect you to another site.

If you consider it an unacceptable risk that any of the 13 administrators on notmsnmoney.proboards.com could perform any action in the above list, then coming here would be "unacceptably risky".

Normal users cannot insert any JavaScript code (or HTML code outside of the UBBC). The most dangerous thing that a normal user can do is provide a link to a malicious site.

I hope this answers your question.

As for pages 4 and 7, another user is using the same avatar site and has been asked to switch domains for your convenience.

[yclept]

Thank you for the detailed reply. I'm still pondering, but it is a bit of a relief to know I can confine my concerns to 13 administrators (very few of whom I have encountered at all) -- well 13 administrators and perhaps their hacker progeny. I had been worried that this ability was open to the millions of people who can program HTML and/or Javascript. I trust my former misunderstanding as to how widespread the ability to insert code is makes my earlier concerns understandable.
It would have been useful when this refugee board started to know this capability was going to be vested in administrators, as I recall it having been a pretty haphazard affair. People raised their hands and were pretty much accepted; nobody objected (that I saw) mostly because it was assumed (at least by me) that their powers would be confined to wrist slapping as they were on the old MSN boards. I'd venture a guess that most of the administrators don't have the programming chops to cause any harm -- I'm less sanguine about their 16 year old progeny who probably have access to the same machines with the passwords on a post-it stuck to the monitor. Likewise I don't know anything about administrators from other parts of the message board that I don't find reason to visit -- to me they are complete strangers. I would feel safer if they were confined to programming only within the boards they moderate, but suspect this is not possible.
It might be that I'll primarily rely on the obscurity of these boards to keep us all safe. If we were NSA or the Pentagon, I'm sure we'd attract more diligent attention! Then too, I can't imagine why anyone would want to waste their time to mess with us (except, of course, the 16 year old). Oh, oh, I've done it again. I've mentioned both "NSA" and "Pentagon" in a post -- some poor devil at NSA is now going to have to read this thread when the filters flag it. Sorry poor NSA reader -- just put it as yet another black mark against my file.
As to the avatar site, in recognition of a free and open internet, I reckon we can stop asking folks to refrain from using it. It might scare some other Chrome user, but as this thread is the only place I've ever encountered the Chrome warning, I don't imagine it will affect me on the board I read and post to.
Again, thanks for the time you spent to assuage my concerns. I don't see myself falling prey to any of the types of attacks you outlined as possible through this interface. Oh, and by the way, I don't agree that "truth is poisonous"! It's sometimes hard to ferret out, but not poisonous. ;-)

[moon/Laura]

yclept, to assuage your concerns a little bit further, out of all of us, Virgil and I are, I believe, the only two who mess with coding at all. And mine is limited to the code hacks I find on the Proboard Support forum.. I am no script writer.. Additionally, most of the hacking i did was in the beginning, and i stuck to more of the functional tweaks, with some cosmetic here and there (the different button style/size... skins, that sort of thing).