This has been driving me nuts: Avast, an Anti-Virus product that I have in the past recommended, has been flagging JihadWatch.org as having malware, with warnings such as “Infection Blocked,” “Avast WebShield has blocked a harmful web page or file,” and “A threat has been detected.” Of course, this is not true. There is no virus.
I first got notification of the issue last week. As it happens, I’ve seen it a couple of times before; in fact, AVG, another anti-virus company, followed Avast and also started flagging JihadWatch.org, but a simple email asking them to look again was sufficient to get them to correct their signatures and apologise for getting it wrong.
McAfee has no issue with Jihad Watch:
Neither does Norton:
Or any of the other 63 malware scanning sites listed here.
Avast has been sent dozens of complaints. Most received a response, although I did not. They even admit that there is no malware in a few of the responses. Here is one:
Thank you for contacting Avast.
…Once they stop using useless obfuscation, it will not be blocked (it is the obfuscation that is being detected, not the actual deobfuscated code!) .
Avast Technical Support Specialist
That “obfuscation” he is talking about is the Counter DDoS prevention code that JihadWatch.org uses. It’s essential to keep the site available, as we are literally seeing tens of millions of attacks every day. Obviously we need to stay one step ahead. Yet Avast is saying that we should remove that protective code, and then they will stop saying we have malware, even though they know we don’t have malware in the first place. Apart from the sheer lunacy of this demand, one has to question their honesty and competence in checking anything: if they can say something is unsafe when they know it isn’t and admit that they know, how can anyone be sure that when they say something is safe that it really is?
Now about this code. I won’t post it here as text, as we know they will flag that also, but any competent developer can tell there is nothing malicious there. It’s no secret. It’s simple base64 encoding, easily decoded, not that it will mean much. The point is, it’s easy to see it’s not malicious. It’s easy for Avast to add a signature to their scanners even if they did see this scary “obfuscation.” Their choice of words is interesting: when script is “encoded” for good reason, as this is, we just call it “encoded,” not obfuscation, as developers can easily decode it to see the real code behind it, using any number of tools.
So is this sheer incompetence on Avast’s part or another method to disrupt free speech? I can’t tell, but in the meantime, please report these false positives to Avast at avast.com, choosing report false virus alert, and let any of your friends know that JihadWatch.org is not infected in any way. Those who encounter Avast’s virus alert should click ignore, which is sometimes an option, or switch to a more reliable Anti-Virus solution (it should be noted that although AVG got it wrong initially, they were quick to correct their mistake).