On Sun, Dec 19, 2004 at 08:37:41AM -0700, Eugene Armstead wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Here's an issue...
>
> I have AVG Anti-Virus System running on my machine and it just recently
> did a scheduled scan of my hard drive. It is telling me today that
> tor-009pre4.exe is a virus of the name "Trojan horse Proxy.12.AL. I
> have had this version of tor on my machine for some time and AVG scans
> my machine daily.
Okay, I've download the latest AVG 7.0 Free[*] edition, and tried it
out. I tried it with Tor running, and not running. It flagged
0.0.9pre4 as a trojan, as you say. It didn't flag Tor-0.0.9.1 as a
Trojan, or any other windows version I could find, and I tried a lot.
Here's what I think the possibilities are.
Given that the complaint is that Tor is a "trojan horse proxy", my
guess is that one of the following is true:
1. Maybe, by default, AVG detects some SOCKS proxies, thinks that
all SOCKS proxies are evil, and needs to whitelist specific
SOCKS proxies one by one. For some reason, they detect
0.0.9pre4, but not other versions. (Not so likely.)
2. Maybe AVG blacklists versions of Tor deliberately, thinking
that Tor itself is a SOCKS proxy, and all SOCKS proxies are
evil. They blacklisted pre4, or something that looks very like
it. (Confusing, but possible.)
3. Maybe I was infected with a virus of some kind between the
release of pre3 and pre4, but it went away by itself before I
released pre5. (Just barely possible; not too likely.)
4. Maybe I have in fact been infected by a virus that no virus
scanner can detect on my computer, but which can only be
detected in tor-0.0.9pre4. (Not likely either.)
I'm going to insestigate more to find out what happened. If anybody
is using the commercial version of AVG, I'd appreciate your asking
them for tech support: their web pages says they won't help people who
haven't paid. I'll send a request anyway, but my hopes aren't too
high.
[*] Free as in beer.
--
Nick Mathewson
Attachment:
pgpGQqaeVwK66.pgp
Description: PGP signature