FF-3b3 - turning off virus scanner

Discussion about official Mozilla Firefox builds
Locked
stephendonner
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA
Contact:

Post by stephendonner »

Me again -

Please do take the time to fill out the following:

http://wiki.mozilla.org/QA/Firefox3/AVIntegration

Instructions are in the Wiki page itself, and should be self-explanatory.

Thanks!

Stephen
User avatar
Recall
Posts: 1686
Joined: November 7th, 2004, 11:07 am
Location: United Kingdom

Post by Recall »

the-edmeister wrote:Stephen, my concerns are:
1. a pref to turn the scan off entirely
2. a warning when an AV program isn't installed on the system

W2K SP4 - PII 350 - 768 MB-RAM
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b3pre) Gecko/2008012104 Minefield/3.0b3pre


2- Vista already tells you this in the security centre, so does xp so I believe that is not a relevant choice.

NOD32 has since 2.7 and also in 3.0 had problems with certain files in FF and causes it to hang. I will do some testing and report back when I find a file of relevance.

Stephen, go to wildersecurity forums http://www.wilderssecurity.com/forumdisplay.php?f=88 and do a search on firefox, it will bring up many, many hits with issues. I never get freezing in IE or other browsers.

EDIT>

http://www.eicar.org/download/eicarcom2.zip is picked up as Virus in NOD32?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0
stephendonner
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA
Contact:

Post by stephendonner »

MeCasa wrote:Stephen , give us a standardized, controlled test, there's currently way too many variables to test anything other than conjecture.

I realize there will still be countless variables in a controlled test but some patterns may develop, especially on specific AV's.

PS: We still need a switch


I'm not sure how my asking for specific metrics for those whom experience this problem could be seen as "conjecture,"; I've put up http://wiki.mozilla.org/QA/Firefox3/AVIntegration to help aggregate the data so we can work through the various scenarios in a much-clearer way.

Could you help out by supplying data for the three test files linked from that Wiki page? That would be really, really useful.

Thanks!

Stephen
stephendonner
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA
Contact:

Post by stephendonner »

Recall wrote:
the-edmeister wrote:Stephen, my concerns are:
1. a pref to turn the scan off entirely
2. a warning when an AV program isn't installed on the system

W2K SP4 - PII 350 - 768 MB-RAM
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b3pre) Gecko/2008012104 Minefield/3.0b3pre


2- Vista already tells you this in the security centre, so does xp so I believe that is not a relevant choice.

NOD32 has since 2.7 and also in 3.0 had problems with certain files in FF and causes it to hang. I will do some testing and report back when I find a file of relevance.

Stephen, go to wildersecurity forums http://www.wilderssecurity.com/forumdisplay.php?f=88 and do a search on firefox, it will bring up many, many hits with issues. I never get freezing in IE or other browsers.

EDIT>

http://www.eicar.org/download/eicarcom2.zip is picked up as Virus in NOD32?


As it well should be; EICAR is a test file meant to test basic functionality of a given vendor's anti-virus offering.

Also, I'm specifically asking for folks to report their findings with *Firefox 3*, the most-recent trunk (in-development) build as possible, too. We're not going to back-patch Firefox 2; now is the chance to get this right from our side in Firefox 3, and attempt to mitigate--where possible--integration issues with AV vendors.

Stephen
Bozz
Posts: 2684
Joined: October 18th, 2007, 1:53 pm

Post by Bozz »

Am I missing something or do you have to create an account?
User avatar
Recall
Posts: 1686
Joined: November 7th, 2004, 11:07 am
Location: United Kingdom

Post by Recall »

stephendonner wrote:
Recall wrote:
the-edmeister wrote:Stephen, my concerns are:
1. a pref to turn the scan off entirely
2. a warning when an AV program isn't installed on the system

W2K SP4 - PII 350 - 768 MB-RAM
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b3pre) Gecko/2008012104 Minefield/3.0b3pre


2- Vista already tells you this in the security centre, so does xp so I believe that is not a relevant choice.

NOD32 has since 2.7 and also in 3.0 had problems with certain files in FF and causes it to hang. I will do some testing and report back when I find a file of relevance.

Stephen, go to wildersecurity forums http://www.wilderssecurity.com/forumdisplay.php?f=88 and do a search on firefox, it will bring up many, many hits with issues. I never get freezing in IE or other browsers.

EDIT>

http://www.eicar.org/download/eicarcom2.zip is picked up as Virus in NOD32?


As it well should be; EICAR is a test file meant to test basic functionality of a given vendor's anti-virus offering.

Also, I'm specifically asking for folks to report their findings with *Firefox 3*, the most-recent trunk (in-development) build as possible, too. We're not going to back-patch Firefox 2; now is the chance to get this right from our side in Firefox 3, and attempt to mitigate--where possible--integration issues with AV vendors.

Stephen


Ok, I only mentioned old builds as it has been an inherant problem and thought it might help to search the problem.

Ok just did a quick test:

File 1 = Virus and detected
File 2 = Virus and detected
File 3 = 1 minute 19 seconds to scan in DM manager, same in manual scan. This causes FF to freeze when downloading, same in IE, not really a good test file imo.

* Vista 64bit Full patched
* Asus P5N-E SLI, 4GB Ram, E6600 2.4ghz Dual Core.
* Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b3pre) Gecko/2008012304 Minefield/3.0b3pre - Build ID: 2008012304
* NOD 32 Version 3.0.621.0
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0
User avatar
a;skdjfajf;ak
Posts: 17002
Joined: July 10th, 2004, 8:44 am

Post by a;skdjfajf;ak »

I would like to point out that AVG can be set for real-time scanning, and I suspect many have this enabled, so scanning again with the DM is useless waste of time.

Firecat is very knowledgeable about AV's IMO.
http://www.wilderssecurity.com/showpost ... ostcount=9

Perhaps what's needed here is a thread started at Wilderssecurity asking for testing/input with different AV's. I would think there are at least a few there that may use Minefield builds maybe.

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b3pre) Gecko/2008012314 Minefield/3.0b3pre Firefox/3.0 ID:2008012314
Alan Baxter
Posts: 4419
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post by Alan Baxter »

AVG Free
Windows XP Pro SP2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012304 Minefield/3.0b3pre
PIII 600MHz
1GB RAM

1. Firefox 10 sec, Manual 8 sec
2. Firefox 12 sec, Manual 8 sec
3. Not done. 100MB download too large for my connection speed. I do all large downloads with a third-party download manager anyhow.

Comments:
- AVG resident shield popped up a warning in less than a second if I extracted eicar.com to the desktop and tried to execute it.
- I have not enabled AVG resident shield "On-close scanning". It's not necessary or recommended by the vendor.
- An additional 10 seconds or more added to each download done by Fx is unacceptable for me. AVG already provides me with the features I need to protect my computer. Automatic download scanning is not necessary. If Fx 3 doesn't provide me with an option to disable it, then I'll choose to use a third-party download manager instead.
MeCasa
Folder@Home
Posts: 13475
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post by MeCasa »

RaiseMachine wrote:
MeCasa wrote:Stephen , give us a standardized, controlled test, there's currently way too many variables to test anything other than conjecture.

I realize there will still be countless variables in a controlled test but some patterns may develop, especially on specific AV's.

This will, I imagine, (from my experience) become part of the FFT (Full Functional Tests) section on Mozilla's Litmus system. Probably part of the Downloading section.

Very nice. I like this type of venue so I signed up, not sure I know enough but perhaps I can help

Thanks

Edit: grammar
Last edited by MeCasa on January 23rd, 2008, 11:03 pm, edited 1 time in total.
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................
MeCasa
Folder@Home
Posts: 13475
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post by MeCasa »

stephendonner wrote:I'm not sure how my asking for specific metrics for those whom experience this problem could be seen as "conjecture,";

By conjecture I meant the inevitable debate over side issues such as a switch, which you should add by the way

MeCasa wrote:Stephen , give us a standardized, controlled test,.

Here's one that will work

stephendonner wrote:Could you help out by supplying data for the three test files linked from that Wiki page? That would be really, really useful.

Yes I can, I'll even fire up a nightly. If the way I presented my info was wrong or I presented the wrong info please let me know and I'll redo the test


AVG Free
Windows XP Pro SP2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012304
Minefield/3.0b3pre
CPU T2400 @ 1.83 GHz
2 Gb RAM

1. FF started scanning and 3 seconds later a virus dialog box appeared, FF continued scanning until I shut down download box
2. Tried it multiple times, every time FF brought up a blank web page with following
"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
3.Took 9 minutes to download file, scanning then started, still scanning 15 minutes later when I shut it off
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................
Alan Baxter
Posts: 4419
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post by Alan Baxter »

MeCasa wrote:2. Tried it multiple times, every time FF brought up a blank web page with following
"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"

You really shouldn't swear like that in these forums, MeCasa. :)
Try "Save Link As..." instead of opening it. That will trigger AVG.
MeCasa
Folder@Home
Posts: 13475
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post by MeCasa »

:oops: Never thought about "Save Link As" I just clicked on the 1st link and used the standard dialog box to "Save As". The second link went to that page as soon as I clicked on it, never gave me a chance to "Save As"

I've got a large download coming in on b2, but tomorrow morning I'll fire Minefield back up and retest.

Thanks for the help ;-)
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................
MeCasa
Folder@Home
Posts: 13475
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post by MeCasa »

OK Stephen, with a little help from Alan I believe I did you a little better this time. Retesting using "Save link As"

AVG Free
Windows XP Pro SP2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012304
Minefield/3.0b3pre
CPU T2400 @ 1.83 GHz Dual
2 Gb RAM

1. virus found 3 seconds DM; 3 seconds manual
2. virus found 3 seconds DM; 3 seconds manual
3. 9 minutes to download, DM still scanning 25 minutes after download started (I had to close browser to stop scan); No virus found
Manual scan; 3 seconds; No virus found

If you'd like more tests or a retest just post and I'll test, build a switch and I'll test it too :-)
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................
stephendonner
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA
Contact:

Post by stephendonner »

Hi folks -

Thanks for the input from the couple of you who ran the meager test I posted; it's throughly clear that this is a problem, and I'm confident it will be addressed before we ship Firefox 3.

I've updated http://wiki.mozilla.org/QA/Firefox3/AVIntegration with your two results.

I'd like to wait on further tests until after https://bugzilla.mozilla.org/show_bug.cgi?id=409815 lands (which should be soon); at the very least, we need to see if that patch alleviates the problem, and we should, if not disabling this functionality outright (as many of you are requesting), make it default but offer a way via Advanced prefs or about:config to disable it.

Note that I'm not responsible for decision-making, but I have made the problem clear to our developers (module owners), and we'll be working together to address it.

I've run numerous tests on this myself, as has Rob Arnold, and we know it sucks.

Thanks for your continued patience,

Stephen
Last edited by stephendonner on January 28th, 2008, 3:52 am, edited 3 times in total.
User avatar
Stifu
Posts: 984
Joined: July 13th, 2007, 8:02 am

Post by Stifu »

This sounds quite good, and it's nice to see some reaction, thanks Stephen. :)
Locked