22

Everytime I browse Lemmy, my Bitdefender always pops up

Should I just ignore and/or whitelist this? Gotta admit it's a bit c/MildlyInfuriating tho...

top 21 comments
sorted by: hot top controversial new old
[-] Syrc@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

My Avast doesn't say anything when visiting those instances, although it blocks connections to derp.foo even when it's just pictures browsing from lemmy.world. It says it's being infected by "URL:Botnet".

[-] isVeryLoud@lemmy.ca 5 points 1 year ago
[-] Syrc@lemmy.world 1 points 1 year ago

Eh, it's kinda annoying but it does its job. Plus I hate subscriptions and the best free option I've found (I don't think they do one-time payment AVs anymore?) is Avast + Malwarebytes. What do you suggest?

[-] dragnet@lemmy.fmhy.ml 4 points 1 year ago

Just uninstall all of it and let Windows take care of itself. You don't need antivirus. Do avoid obviously suspicious files, and you should be fine.

[-] Syrc@lemmy.world 2 points 1 year ago

That's the thing, I'm really paranoid and I don't trust my brain alone to judge what is an "obviously suspicious file". I might be exaggerating, but better safe than sorry.

[-] dragnet@lemmy.fmhy.ml 1 points 1 year ago

Sure, but Windows Defender is built in and doesn't suck. I have even heard security professionals make the argument that anti viruses may increase attack surface as much or more than they defend you (not necessarily asserting that is the case).

[-] anonymoose@lemmy.ca 1 points 1 year ago

Windows Defender is great, and MS has been adding really advanced protection including machine learning heuristics, etc. that make it really competitive. It is not 100% foolproof though, there's a lot of old and new viruses it will not detect.

Check out some of the virus gauntlets this channel runs Windows Defender (and other AVs) through: https://youtu.be/1DG3y3q8_9M. Even the latest Defender will often fail to detect a lot of threats. Of course, this channel is running known bad infected executables, and the best line of defense is just not to run executables from unknown sources. It's possible to just visit a malicious URL and get infected through JS though, so it gets a bit trickier.

I'm not familiar with the argument that antivirus software will increase your attack surface. That sounds interesting, do you have any links I could read up on?

[-] PipedLinkBot@feddit.rocks 1 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/1DG3y3q8_9M

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[-] dragnet@lemmy.fmhy.ml 1 points 1 year ago

I wish I could give you links! I think I heard it on a security focused podcast? It has been quite some time since I tried to stay current on this sort of thing in more than a casual way.

[-] anonymoose@lemmy.ca 2 points 1 year ago

No worries, I am intrigued and will go looking for more information about this. It seems like the security space is ever evolving!

[-] isVeryLoud@lemmy.ca 1 points 1 year ago

I'm on Linux, you're asking the wrong person :P

[-] trouser_mouse@lemmy.world 3 points 1 year ago

Here is a log when browsing Lemmy over the last week or so, as of 10th July.

Believe the derp.foo and .today are both federated instances. Don't know what the other rows are.

[-] anonymoose@lemmy.ca 1 points 1 year ago* (last edited 1 year ago)

I had that popup too. I found the actual URL it was triggering on, and submitted a false positive to BitDefender. I would recommend you do the same. BitDefender should then release an updated database that whitelist it.

Link: https://www.bitdefender.com/consumer/support/answer/29358/

[-] trouser_mouse@lemmy.world 2 points 1 year ago

When something like these pop up, what steps can someone take to determine whether they are false positive and actually safe or a valid alert?

[-] anonymoose@lemmy.ca 3 points 1 year ago

BitDefender is actually really bad about giving you useful information to go off. Ideally it should tell you exactly what malicious action or malware it's detecting. If your AV does this, you can see if the particular type of detection makes sense.

For example, if it's an executable file with a clearly displayed malware name "Trojan.BadTimes.X" or something, that's really bad news. Same for URLs. However, sometimes AVs will flag "malicious behaviour", which gets trickier. They will often flag qBittorrent or other legit apps that are used to download pirated software, etc.

What you can do is to submit the file or URL that was flagged to VirusTotal. This shows you a comprehensive list of whether any other antivirus software is also marking the file/URL as infected.

Generally though, I'd play it safe. I'd get in touch with the page owner or google around to see if this is a known issue, and unless I can be completely sure it's actually safe, I wouldn't use it.

[-] trouser_mouse@lemmy.world 2 points 1 year ago

Thanks so much! You'll see in my post there were also alerts from Malwarebytes, so good to know the above steps thanks!

[-] anonymoose@lemmy.ca 2 points 1 year ago

You're welcome!

I think you can just white-list them

[-] SheeEttin@lemmy.world -4 points 1 year ago

This has nothing to do with lemmy.world.

[-] Syrc@lemmy.world 8 points 1 year ago* (last edited 1 year ago)

Well, those are federated communities so looking into whether the threat is real or not could be useful I guess.

[-] ulu_mulu@lemmy.world 2 points 1 year ago

Lemmy.world is not an island, it's part of the fediverse as every other instance is, this case is most probably a false alarm but it doesn't hurt to investigate anyway.

load more comments
view more: next โ€บ
this post was submitted on 12 Jul 2023
22 points (92.3% liked)

Lemmy.world Support

3212 readers
1 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world



founded 1 year ago
MODERATORS