On Sun, Dec 19, 2004 at 08:37:41AM -0700, Eugene Armstead wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Here's an issue... > > I have AVG Anti-Virus System running on my machine and it just recently > did a scheduled scan of my hard drive. It is telling me today that > tor-009pre4.exe is a virus of the name "Trojan horse Proxy.12.AL. I > have had this version of tor on my machine for some time and AVG scans > my machine daily. Okay, I've download the latest AVG 7.0 Free[*] edition, and tried it out. I tried it with Tor running, and not running. It flagged 0.0.9pre4 as a trojan, as you say. It didn't flag Tor-0.0.9.1 as a Trojan, or any other windows version I could find, and I tried a lot. Here's what I think the possibilities are. Given that the complaint is that Tor is a "trojan horse proxy", my guess is that one of the following is true: 1. Maybe, by default, AVG detects some SOCKS proxies, thinks that all SOCKS proxies are evil, and needs to whitelist specific SOCKS proxies one by one. For some reason, they detect 0.0.9pre4, but not other versions. (Not so likely.) 2. Maybe AVG blacklists versions of Tor deliberately, thinking that Tor itself is a SOCKS proxy, and all SOCKS proxies are evil. They blacklisted pre4, or something that looks very like it. (Confusing, but possible.) 3. Maybe I was infected with a virus of some kind between the release of pre3 and pre4, but it went away by itself before I released pre5. (Just barely possible; not too likely.) 4. Maybe I have in fact been infected by a virus that no virus scanner can detect on my computer, but which can only be detected in tor-0.0.9pre4. (Not likely either.) I'm going to insestigate more to find out what happened. If anybody is using the commercial version of AVG, I'd appreciate your asking them for tech support: their web pages says they won't help people who haven't paid. I'll send a request anyway, but my hopes aren't too high. [*] Free as in beer. -- Nick Mathewson
Attachment:
pgpGQqaeVwK66.pgp
Description: PGP signature