MozillaZine

FF-3b3 - turning off virus scanner

Discussion about official Mozilla Firefox builds
stephendonner
 
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA

Post Posted January 23rd, 2008, 5:31 pm

Me again -

Please do take the time to fill out the following:

http://wiki.mozilla.org/QA/Firefox3/AVIntegration

Instructions are in the Wiki page itself, and should be self-explanatory.

Thanks!

Stephen

Recall

User avatar
 
Posts: 1686
Joined: November 7th, 2004, 11:07 am
Location: United Kingdom

Post Posted January 23rd, 2008, 5:42 pm

the-edmeister wrote:Stephen, my concerns are:
1. a pref to turn the scan off entirely
2. a warning when an AV program isn't installed on the system

W2K SP4 - PII 350 - 768 MB-RAM
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b3pre) Gecko/2008012104 Minefield/3.0b3pre


2- Vista already tells you this in the security centre, so does xp so I believe that is not a relevant choice.

NOD32 has since 2.7 and also in 3.0 had problems with certain files in FF and causes it to hang. I will do some testing and report back when I find a file of relevance.

Stephen, go to wildersecurity forums http://www.wilderssecurity.com/forumdisplay.php?f=88 and do a search on firefox, it will bring up many, many hits with issues. I never get freezing in IE or other browsers.

EDIT>

http://www.eicar.org/download/eicarcom2.zip is picked up as Virus in NOD32?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0

stephendonner
 
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA

Post Posted January 23rd, 2008, 6:01 pm

MeCasa wrote:Stephen , give us a standardized, controlled test, there's currently way too many variables to test anything other than conjecture.

I realize there will still be countless variables in a controlled test but some patterns may develop, especially on specific AV's.

PS: We still need a switch


I'm not sure how my asking for specific metrics for those whom experience this problem could be seen as "conjecture,"; I've put up http://wiki.mozilla.org/QA/Firefox3/AVIntegration to help aggregate the data so we can work through the various scenarios in a much-clearer way.

Could you help out by supplying data for the three test files linked from that Wiki page? That would be really, really useful.

Thanks!

Stephen

stephendonner
 
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA

Post Posted January 23rd, 2008, 6:04 pm

Recall wrote:
the-edmeister wrote:Stephen, my concerns are:
1. a pref to turn the scan off entirely
2. a warning when an AV program isn't installed on the system

W2K SP4 - PII 350 - 768 MB-RAM
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b3pre) Gecko/2008012104 Minefield/3.0b3pre


2- Vista already tells you this in the security centre, so does xp so I believe that is not a relevant choice.

NOD32 has since 2.7 and also in 3.0 had problems with certain files in FF and causes it to hang. I will do some testing and report back when I find a file of relevance.

Stephen, go to wildersecurity forums http://www.wilderssecurity.com/forumdisplay.php?f=88 and do a search on firefox, it will bring up many, many hits with issues. I never get freezing in IE or other browsers.

EDIT>

http://www.eicar.org/download/eicarcom2.zip is picked up as Virus in NOD32?


As it well should be; EICAR is a test file meant to test basic functionality of a given vendor's anti-virus offering.

Also, I'm specifically asking for folks to report their findings with *Firefox 3*, the most-recent trunk (in-development) build as possible, too. We're not going to back-patch Firefox 2; now is the chance to get this right from our side in Firefox 3, and attempt to mitigate--where possible--integration issues with AV vendors.

Stephen

Bozz
 
Posts: 2623
Joined: October 18th, 2007, 1:53 pm

Post Posted January 23rd, 2008, 6:05 pm

Am I missing something or do you have to create an account?
Thunderbird/Daily/41.0a1

Recall

User avatar
 
Posts: 1686
Joined: November 7th, 2004, 11:07 am
Location: United Kingdom

Post Posted January 23rd, 2008, 6:11 pm

stephendonner wrote:
Recall wrote:
the-edmeister wrote:Stephen, my concerns are:
1. a pref to turn the scan off entirely
2. a warning when an AV program isn't installed on the system

W2K SP4 - PII 350 - 768 MB-RAM
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9b3pre) Gecko/2008012104 Minefield/3.0b3pre


2- Vista already tells you this in the security centre, so does xp so I believe that is not a relevant choice.

NOD32 has since 2.7 and also in 3.0 had problems with certain files in FF and causes it to hang. I will do some testing and report back when I find a file of relevance.

Stephen, go to wildersecurity forums http://www.wilderssecurity.com/forumdisplay.php?f=88 and do a search on firefox, it will bring up many, many hits with issues. I never get freezing in IE or other browsers.

EDIT>

http://www.eicar.org/download/eicarcom2.zip is picked up as Virus in NOD32?


As it well should be; EICAR is a test file meant to test basic functionality of a given vendor's anti-virus offering.

Also, I'm specifically asking for folks to report their findings with *Firefox 3*, the most-recent trunk (in-development) build as possible, too. We're not going to back-patch Firefox 2; now is the chance to get this right from our side in Firefox 3, and attempt to mitigate--where possible--integration issues with AV vendors.

Stephen


Ok, I only mentioned old builds as it has been an inherant problem and thought it might help to search the problem.

Ok just did a quick test:

File 1 = Virus and detected
File 2 = Virus and detected
File 3 = 1 minute 19 seconds to scan in DM manager, same in manual scan. This causes FF to freeze when downloading, same in IE, not really a good test file imo.

* Vista 64bit Full patched
* Asus P5N-E SLI, 4GB Ram, E6600 2.4ghz Dual Core.
* Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b3pre) Gecko/2008012304 Minefield/3.0b3pre - Build ID: 2008012304
* NOD 32 Version 3.0.621.0
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0

a;skdjfajf;ak

User avatar
 
Posts: 17002
Joined: July 10th, 2004, 8:44 am

Post Posted January 23rd, 2008, 6:24 pm

I would like to point out that AVG can be set for real-time scanning, and I suspect many have this enabled, so scanning again with the DM is useless waste of time.

Firecat is very knowledgeable about AV's IMO.
http://www.wilderssecurity.com/showpost ... ostcount=9

Perhaps what's needed here is a thread started at Wilderssecurity asking for testing/input with different AV's. I would think there are at least a few there that may use Minefield builds maybe.

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b3pre) Gecko/2008012314 Minefield/3.0b3pre Firefox/3.0 ID:2008012314

Alan Baxter
 
Posts: 4418
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post Posted January 23rd, 2008, 8:59 pm

AVG Free
Windows XP Pro SP2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012304 Minefield/3.0b3pre
PIII 600MHz
1GB RAM

1. Firefox 10 sec, Manual 8 sec
2. Firefox 12 sec, Manual 8 sec
3. Not done. 100MB download too large for my connection speed. I do all large downloads with a third-party download manager anyhow.

Comments:
- AVG resident shield popped up a warning in less than a second if I extracted eicar.com to the desktop and tried to execute it.
- I have not enabled AVG resident shield "On-close scanning". It's not necessary or recommended by the vendor.
- An additional 10 seconds or more added to each download done by Fx is unacceptable for me. AVG already provides me with the features I need to protect my computer. Automatic download scanning is not necessary. If Fx 3 doesn't provide me with an option to disable it, then I'll choose to use a third-party download manager instead.

MeCasa
Folder@Home
 
Posts: 13459
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post Posted January 23rd, 2008, 10:58 pm

RaiseMachine wrote:
MeCasa wrote:Stephen , give us a standardized, controlled test, there's currently way too many variables to test anything other than conjecture.

I realize there will still be countless variables in a controlled test but some patterns may develop, especially on specific AV's.

This will, I imagine, (from my experience) become part of the FFT (Full Functional Tests) section on Mozilla's Litmus system. Probably part of the Downloading section.

Very nice. I like this type of venue so I signed up, not sure I know enough but perhaps I can help

Thanks

Edit: grammar
Last edited by MeCasa on January 23rd, 2008, 11:03 pm, edited 1 time in total.
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................

MeCasa
Folder@Home
 
Posts: 13459
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post Posted January 23rd, 2008, 11:01 pm

stephendonner wrote:I'm not sure how my asking for specific metrics for those whom experience this problem could be seen as "conjecture,";

By conjecture I meant the inevitable debate over side issues such as a switch, which you should add by the way

MeCasa wrote:Stephen , give us a standardized, controlled test,.

Here's one that will work

stephendonner wrote:Could you help out by supplying data for the three test files linked from that Wiki page? That would be really, really useful.

Yes I can, I'll even fire up a nightly. If the way I presented my info was wrong or I presented the wrong info please let me know and I'll redo the test


AVG Free
Windows XP Pro SP2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012304
Minefield/3.0b3pre
CPU T2400 @ 1.83 GHz
2 Gb RAM

1. FF started scanning and 3 seconds later a virus dialog box appeared, FF continued scanning until I shut down download box
2. Tried it multiple times, every time FF brought up a blank web page with following
"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
3.Took 9 minutes to download file, scanning then started, still scanning 15 minutes later when I shut it off
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................

Alan Baxter
 
Posts: 4418
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post Posted January 23rd, 2008, 11:07 pm

MeCasa wrote:2. Tried it multiple times, every time FF brought up a blank web page with following
"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"

You really shouldn't swear like that in these forums, MeCasa. :)
Try "Save Link As..." instead of opening it. That will trigger AVG.

MeCasa
Folder@Home
 
Posts: 13459
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post Posted January 23rd, 2008, 11:21 pm

:oops: Never thought about "Save Link As" I just clicked on the 1st link and used the standard dialog box to "Save As". The second link went to that page as soon as I clicked on it, never gave me a chance to "Save As"

I've got a large download coming in on b2, but tomorrow morning I'll fire Minefield back up and retest.

Thanks for the help ;-)
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................

MeCasa
Folder@Home
 
Posts: 13459
Joined: June 30th, 2004, 12:24 am
Location: Texas/NY US; San Jose CR

Post Posted January 24th, 2008, 1:32 am

OK Stephen, with a little help from Alan I believe I did you a little better this time. Retesting using "Save link As"

AVG Free
Windows XP Pro SP2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012304
Minefield/3.0b3pre
CPU T2400 @ 1.83 GHz Dual
2 Gb RAM

1. virus found 3 seconds DM; 3 seconds manual
2. virus found 3 seconds DM; 3 seconds manual
3. 9 minutes to download, DM still scanning 25 minutes after download started (I had to close browser to stop scan); No virus found
Manual scan; 3 seconds; No virus found

If you'd like more tests or a retest just post and I'll test, build a switch and I'll test it too :-)
Sex is dirty only if it's done right .... Live and Let Live .... Rules are Boring and I Don't Like Them
...................................................... MeCasaEsSuCasa ................................................

stephendonner
 
Posts: 6
Joined: January 23rd, 2008, 1:55 am
Location: Mountain View, CA

Post Posted January 28th, 2008, 3:39 am

Hi folks -

Thanks for the input from the couple of you who ran the meager test I posted; it's throughly clear that this is a problem, and I'm confident it will be addressed before we ship Firefox 3.

I've updated http://wiki.mozilla.org/QA/Firefox3/AVIntegration with your two results.

I'd like to wait on further tests until after https://bugzilla.mozilla.org/show_bug.cgi?id=409815 lands (which should be soon); at the very least, we need to see if that patch alleviates the problem, and we should, if not disabling this functionality outright (as many of you are requesting), make it default but offer a way via Advanced prefs or about:config to disable it.

Note that I'm not responsible for decision-making, but I have made the problem clear to our developers (module owners), and we'll be working together to address it.

I've run numerous tests on this myself, as has Rob Arnold, and we know it sucks.

Thanks for your continued patience,

Stephen
Last edited by stephendonner on January 28th, 2008, 3:52 am, edited 3 times in total.

Stifu

User avatar
 
Posts: 984
Joined: July 13th, 2007, 8:02 am

Post Posted January 28th, 2008, 3:50 am

This sounds quite good, and it's nice to see some reaction, thanks Stephen. :)

Return to Firefox Builds


Who is online

Users browsing this forum: Google [Bot], Josa, WildcatRay and 8 guests