Re: [libreoffice-users] Re: LibreOffice website security
Hi :) I think it is a legitmate concern especially if you only have one machine to look after and therefore can't afford to do any experimentation with using different antivirus programs. I was hoping that the chap would download the Windows version on a Gnu&Linux box and then run an antivirus scan using something other than Avira. He did kindly re-download but then scanned with Avira again. I've finally got around to sitting at an Xp machine and downloaded LibreOffice 4.04. The Xp machine here is running "Microsoft Security Essentials" and "Avg". Neither complained about the LO downloads. In Firefox it did give me the bar at the top, saying "Firefox prevented this page from automatically redirecting to another page". The download didn't start straight away so i clicked on the link, inside the page, that said "If your download does not start automatically, please click here". Then i tried the page again and this time when the bar appeared in clicked on the "Allow" button to allow the page to automatically redirect to another page. This way around the download also started. I guess i should really download Avira and try the whole thing again to see if Avira complains on that Xp machine. If you don't trust your antivirus then why use it? You really have to take notice if it grumbles about something otherwise what is the point in having it? All antivirus programs have problems with false-positives but when the program grumbles you have to consider that it really might have found something. I typically try to run 2 antivirus programs on Windows but i would be stuck if one grumbled and the other didn't. Which one would i trust? Of course having any active program running all the time in the background is going to impact on performance and having 2 (that also might conflict with each other) is going to hurt even more. [shrugs] But then if people cared about the speed of their machine they wouldn't be using Windows in the first place. Regards from Tom :) > > From: V Stuart Foote >To: users@global.libreoffice.org >Sent: Saturday, 13 July 2013, 18:40 >Subject: [libreoffice-users] Re: LibreOffice website security > > >Petre, > >As has been pointed out to you several times since last month. This is not >a problem of the LibreOffice download web servers. > >http://nabble.documentfoundation.org/Security-Issue-td4061840.html > >It is likely a FALSE Positive reported by your AVIRA anti-virus packages >heuristic detection routines. > >http://www.avira.com/en/support-threats-description/tid/4142/tlang/en > >Your system is probably fine, please stop spreading FUD and it would be most >productive if you were to properly submit a report to AVIRA so they can >verify a the TDF site is clean and correct their detection >routines--especially necessary with heuristic methods. > >Also, as AVIRA publishes frequent updated definitions and detection >routines, having raised the specter of a Malware issue it is only good >etiquette to test issue is resolved and to report its resolution back to >this forum. > >Everyone else, please let's abandon this thread pending substantive >reporting back from Petre regards what AVIRA finds--and move attention to >more productive discussions actually related to LibreOffice. > >Stuart > > > >-- >View this message in context: >http://nabble.documentfoundation.org/LibreOffice-website-security-tp4061786p4065309.html >Sent from the Users mailing list archive at Nabble.com. > >-- >To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org >Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ >Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette >List archive: http://listarchives.libreoffice.org/global/users/ >All messages sent to this list will be publicly archived and cannot be deleted > > > > -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[libreoffice-users] Re: LibreOffice website security
Petre, As has been pointed out to you several times since last month. This is not a problem of the LibreOffice download web servers. http://nabble.documentfoundation.org/Security-Issue-td4061840.html It is likely a FALSE Positive reported by your AVIRA anti-virus packages heuristic detection routines. http://www.avira.com/en/support-threats-description/tid/4142/tlang/en Your system is probably fine, please stop spreading FUD and it would be most productive if you were to properly submit a report to AVIRA so they can verify a the TDF site is clean and correct their detection routines--especially necessary with heuristic methods. Also, as AVIRA publishes frequent updated definitions and detection routines, having raised the specter of a Malware issue it is only good etiquette to test issue is resolved and to report its resolution back to this forum. Everyone else, please let's abandon this thread pending substantive reporting back from Petre regards what AVIRA finds--and move attention to more productive discussions actually related to LibreOffice. Stuart -- View this message in context: http://nabble.documentfoundation.org/LibreOffice-website-security-tp4061786p4065309.html Sent from the Users mailing list archive at Nabble.com. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[OT] Re: [libreoffice-users] Re: LibreOffice website security
On Sat, 13 Jul 2013, Paul wrote: Well, to be technical, it should be "viruses" in English, although "virii" or "viri" is (or used to be) common in computer and early internet circles. "Virae", "virusen", "viru... viri... vi... nasty things" and other forms are used, either in jest or self-recognition of one's lack of complete linguistic knowledge. While the word has no plural in Classical Latin, Neo-Latin defines "vira", "viris" and "virorum". 'vira' and 'viris' are just forms of 'virus' the way "he", "his" and "him" are forms of masculine singular pronoun. of course one doesn't find 'vira' in actual Latin texts but one doesn't find the plural of 'slime' in actual English texts either. computer people misunderstand how Latin works so some know the plural for many words ending in '-us' is '-i' or '-ii' so they assume this is true of 'virus' -- though they don't think the plural of 'status' is 'stati'! but I agree 100% - in _standard_ English the plural is 'viruses' (there is no 'virusses' or 'virae') but now in computer circles it can be 'virii' or whatever they want. It can also be regarded as having no plural, although that doesn't seem to be common in English. Programmers are, however, known to have a somewhat humorous take on English, so sticking to "viruses" is probably a little boring... :) yep. sounds 'different' and edgy. F. http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us http://www.ofb.net/~jlm/virus.html Paul On Sat, 13 Jul 2013 11:13:09 +0200 Luuk wrote: On 12-07-2013 11:56, Luuk wrote: virusses (or virae) it should be: virus thanks, -- Felmon Davis Words must be weighed, not counted. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Re: LibreOffice website security
Well, to be technical, it should be "viruses" in English, although "virii" or "viri" is (or used to be) common in computer and early internet circles. "Virae", "virusen", "viru... viri... vi... nasty things" and other forms are used, either in jest or self-recognition of one's lack of complete linguistic knowledge. While the word has no plural in Classical Latin, Neo-Latin defines "vira", "viris" and "virorum". It can also be regarded as having no plural, although that doesn't seem to be common in English. Programmers are, however, known to have a somewhat humorous take on English, so sticking to "viruses" is probably a little boring... :) http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us http://www.ofb.net/~jlm/virus.html Paul On Sat, 13 Jul 2013 11:13:09 +0200 Luuk wrote: > On 12-07-2013 11:56, Luuk wrote: > > virusses (or virae) > > it should be: > virus > > thanks, > > -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[libreoffice-users] Re: LibreOffice website security
On 12-07-2013 11:56, Luuk wrote: virusses (or virae) it should be: virus thanks, -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Re: LibreOffice website security
Hi :) Sure, a Windows virus could theoretically sit on a Gnu&Linux platform just as it could sit on any other platform. The difference is that it can't knock-out the anti-malware defences of the Gnu&Linux system. Also it can't run or replicate itself or infect other files on the system. So at best all it can do is sit&hope. Even fairly rubbishy security with infrequent updates is likely to wipe it out faster than it can grow because it can't grow. The link doesn't mention security but one of the fundamental and top priorities of Unix was to ensure that no single user could take down the whole system or affect any other user. Unix machines typically had hundreds of workers all logged in at the same time and often running processes that might take a long time to complete. Imagine if one user was running the equivalent of a defrag or disk check when another user just quickly rebooted the system. Too much potential to trash the system or lose data or hours worth of work. So, programs had to be able to run without elevating privileges and without affecting other users on the same system. Windows aimed at tiny, cheap machines with just 1 user per machine. The aim was to get a personal computer into every home and onto every desk. if a single user took down their own system it only affected the 1 person. Since then they have bolted on a few thing on top of that, such as allowing multiple users (but not at the same time), network and internet access and some attempt at dealing with some security issues as an (optional) after-thought. Wrt the thread, the reported issue did get forwarded to the websites team and they dealt with the situation really rather quickly. Thanks to the person reporting the issue the situation was resolved several hours faster than it might have been otherwise. Regards from Tom :) > > From: Luuk >To: users@global.libreoffice.org >Sent: Friday, 12 July 2013, 10:56 >Subject: [libreoffice-users] Re: LibreOffice website security > > >On 17-06-2013 07:31, Tom Davies wrote: >> Hi :) >> It is unlikely the LibreOffice website is infected because it runs on >> unix-based platforms such as Gnu&Linux. I don't think any of the >> internet-facing servers run on Windows. Also i suspect that uploads get >> scanned and stuff on the servers gets scanned fairly regularly. However it >> might be wise if we let the websites team know there might be an issue. >> > >Sorry, but this is not true, so i want to add some things > >1) A unix (or linux) system CAN spread (windows) virusses (or virae) > (a virus is nothing more that a piece of (binary) code, which is not >aware of any OS) > >2) GNU (GNU's Not Unix) has nothing to do with that. > (http://en.wikipedia.org/wiki/GNU) > > > -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[libreoffice-users] Re: LibreOffice website security
On 17-06-2013 07:31, Tom Davies wrote: Hi :) It is unlikely the LibreOffice website is infected because it runs on unix-based platforms such as Gnu&Linux. I don't think any of the internet-facing servers run on Windows. Also i suspect that uploads get scanned and stuff on the servers gets scanned fairly regularly. However it might be wise if we let the websites team know there might be an issue. Sorry, but this is not true, so i want to add some things 1) A unix (or linux) system CAN spread (windows) virusses (or virae) (a virus is nothing more that a piece of (binary) code, which is not aware of any OS) 2) GNU (GNU's Not Unix) has nothing to do with that. (http://en.wikipedia.org/wiki/GNU) -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Re: LibreOffice website security
Hi :) Of course there are some types of attacks and things that all systems have trouble with. Somewhere i saw a report that Windows has around 800,000 known viruses and other malware compared to Gnu&Linux's 300. So, yes all systems have problems but it's several orders of magnitude less for unix-based systems. Anyway, i forgot to keep this thread appraised of developments. I posted a query to the Websites Team and got this response " From: Christian Lohmaier To: Tom Cc: "LibreOffice, website" Sent: Monday, 17 June 2013, 12:44 Subject: Re: [libreoffice-website] Security Issue? Hi Tom, *, On Mon, Jun 17, 2013 at 12:58 PM, Tom wrote: > > Someone notified the Users Mailing List that "The Document Foundation" > website appeared to have been compromised. Here's a screen-shot; > > Malware-Screen-Documentfoundation-2013-06-17.jpg > <http://nabble.documentfoundation.org/file/n4061840/Malware-Screen-Documentfoundation-2013-06-17.jpg> > > Note that it's not the LibreOffice.org website. Presumably it is a false > positive but if it is how do we get Avira to stop mis-reporting it? Probably only by using the "as an Expert link" - as the message doesn't tell what triggers the heuristics, it is hard to fix from our part, as we don't use any "dirty tricks" on the website. > Is there really a problem? Not here. Of course there is the possibility of a malicious proxy (trying https and checking the certificate would help in that case. The sha-1 fingerprint of the certificate is: 0B 8B E9 ED 5F 2A 6F CD 8A AC 07 75 F3 5C 41 F2 EE 9A 48 CB) - So please check whether the page also shows the warning via https (and when the browser says the certificate is valid and matches the fingerprint). The only thing that I could think of that might trigger a warning is the included javascript - but that is nothing special. It contains form-validation javascript, that is unnecessary on the frontpage, but nothing malicious/not compromised. ciao Christian " >________________ > From: Urmas >To: users@global.libreoffice.org >Sent: Tuesday, 18 June 2013, 11:10 >Subject: [libreoffice-users] Re: LibreOffice website security > > >"Tom Davies" : > >> It is unlikely the LibreOffice website is infected because it runs on >> unix-based platforms such as Gnu&Linux. > >Linux is getting malware regularly mostly targeting Web-servers for serving >other kinds of malware via IFRAMEs and similar methods. > > -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[libreoffice-users] Re: LibreOffice website security
"Tom Davies" : It is unlikely the LibreOffice website is infected because it runs on unix-based platforms such as Gnu&Linux. Linux is getting malware regularly mostly targeting Web-servers for serving other kinds of malware via IFRAMEs and similar methods. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
