This has been driving me nuts: Avast, an Anti-Virus product that I have in the past recommended, has been flagging JihadWatch.org as having malware, with warnings such as “Infection Blocked,” “Avast WebShield has blocked a harmful web page or file,” and “A threat has been detected.” Of course, this is not true. There is no virus.
I first got notification of the issue last week. As it happens, I’ve seen it a couple of times before; in fact, AVG, another anti-virus company, followed Avast and also started flagging JihadWatch.org, but a simple email asking them to look again was sufficient to get them to correct their signatures and apologise for getting it wrong.
McAfee has no issue with Jihad Watch:
http://www.siteadvisor.com/sites/www.jihadwatch.org?ref=safe&locale=en-US
Neither does Norton:
https://safeweb.norton.com/report/show?url=www.jihadwatch.org
Or WOT:
https://www.mywot.com/en/scorecard/www.jihadwatch.org
Or any of the other 63 malware scanning sites listed here.
Avast has been sent dozens of complaints. Most received a response, although I did not. They even admit that there is no malware in a few of the responses. Here is one:
Hello X,
Thank you for contacting Avast.
…Once they stop using useless obfuscation, it will not be blocked (it is the obfuscation that is being detected, not the actual deobfuscated code!) .
Thank you
Best regards
Richard Šrank
Avast Technical Support Specialist
That “obfuscation” he is talking about is the Counter DDoS prevention code that JihadWatch.org uses. It’s essential to keep the site available, as we are literally seeing tens of millions of attacks every day. Obviously we need to stay one step ahead. Yet Avast is saying that we should remove that protective code, and then they will stop saying we have malware, even though they know we don’t have malware in the first place. Apart from the sheer lunacy of this demand, one has to question their honesty and competence in checking anything: if they can say something is unsafe when they know it isn’t and admit that they know, how can anyone be sure that when they say something is safe that it really is?
Now about this code. I won’t post it here as text, as we know they will flag that also, but any competent developer can tell there is nothing malicious there. It’s no secret. It’s simple base64 encoding, easily decoded, not that it will mean much. The point is, it’s easy to see it’s not malicious. It’s easy for Avast to add a signature to their scanners even if they did see this scary “obfuscation.” Their choice of words is interesting: when script is “encoded” for good reason, as this is, we just call it “encoded,” not obfuscation, as developers can easily decode it to see the real code behind it, using any number of tools.
So is this sheer incompetence on Avast’s part or another method to disrupt free speech? I can’t tell, but in the meantime, please report these false positives to Avast at avast.com, choosing report false virus alert, and let any of your friends know that JihadWatch.org is not infected in any way. Those who encounter Avast’s virus alert should click ignore, which is sometimes an option, or switch to a more reliable Anti-Virus solution (it should be noted that although AVG got it wrong initially, they were quick to correct their mistake).
Westman says
“Once they stop using useless obfuscation…”?? I remember when Pamela Geller’s site was down due to a DDoS attack the redirection ecoding kept Spencer’s site from the same demise and Pamela got her info out through Jihad Watch.
Maybe its time do find out WhoIs behind the Avast curtain?
Huck Folder says
Thank God! I thought I was the only one, because I hadn’t seen anyone else say anything.
I have that EXACT same message | HTTP:IFrame-IY [Trj] | Running numerous scans of anti-virus or anti-malware said that there was no problem. There is virtually NOTHING in 6 billion pages of Google on this, just a few links about a similar item with different letters from IY, and nerdy removal procedures.
I could reach notifications of new postings or comments via GMail to Bare Baked Islam, but similar links to Jihad Watch seemed to trigger a vast conspiracy. Later, I reached JW via Firefox directly, not through my GMail.
If it IS a problem with Avast, cannot Marc Louis or Robert make a more powerful ‘presentation’ to Avast than us mortals, for them to address that?
I have a PAID FOR Avast Pro version (and they keep wanting me to add some ‘Grime Buster’ to ‘make my system even faster’).
If this is actually THEIR problem, I’m prepared to uninstall it, and say Fuck You Avast.
Any nerdy types hear could ‘ventilate’ this on the appropriate techy blogs (I don’t even know which they are), and get Avast some well earned flak, and a few million people switching to a less obnoxious system.
Just A Concerned Citizen says
Thanks for the warning that I may no longer be able to visit the site on an official DoD computer. Terrific.
For anyone who might be interested, not too long ago I was out with the Brits, and I discovered that Jihad Watch was a site Her Majesty’s government had blocked. Couldn’t say I was exactly shocked, though (in response, one of my guys would send me a daily e-mail with the copy/pasted headlines, and the entire story with links if something really caught my attention).
Lookmann says
I removed Avast a year ago owing to its bloated size, occupying 600 mb disk space. Normally Avira is accused of too many false positives. Both these are relics of the past.
Those having legit Windows OS 8 or above do not need any Anti-Virus,if they regularly update their Windows defender too .Because Microsoft Security Essentials is now integrated with Defender.
With WOT in your browser/s, one need not lose sleep on PC security.
Michael V. Wilson says
There’s nothing “new” about it. Leftists have been using one variant or another of this method for years. Sometimes it’s as simple as an email “warning” people about a so-called “malicious” site; other times it’s anti-virus software being encoded by a left-wing programmer to present false warnings when a user tries to access Christian or conservative (or truth telling) web sites. This is old as the hills and twice as dusty.
Mirren10 says
Hi, Marc, very interesting.
We use Norton, and I’ve never had the problem you describe.
What I have had, is this. I have no idea if this is an attempt at disrupting free speech, or simply some technical hitch I don’t understand (being a computer Luddite).
Using Internet Explorer, when I type in Jihad Watch, the site comes up, but as soon as I click on the articles, or the comments, Explorer tells me there is a problem, and they will close down and notify me if there is a solution.
This happened constantly, so I’ve switched to Google Chrome. The only problem now is that loading a comment is often very slow, and the little box above the tool bar always says ”you are being redirected”, and then the article comes up.
When I use my tablet, what *frequently* happens, is that when I go on the Internet to access JW, after about five minutes, the site goes off, and I’m told the page is down.
When I then go to my laptop, I find this is not the case !
As I say, I don’t know whether these issues have a sinister connotation, or whether they are the result of something technological.
marc says
That’s unconnected, and is caused by the DDoS prevention, your browser has some bad behaviour stuck in it’s cache, you can read more and how to clear it here http://freespeechdefense.net/2015/05/browser-issues-with-javascript-ddos-protection/ Chrome and Firefox are far more reliable, in fact Microsoft have ditched IE from future releases.
Mirren10 says
Thanks, marc.
KrazyKafir says
Just saw this now. So I wasn’t the only one. I also suspect that perhaps Microsoft hasn’t been giving Explorer the full attention it needed since Spartan is so close to being released.
Peggy says
When I use IE to access JW I find that after a short while of going through articles and especially if I comment I need to clear my browsing hisotry because the page becomes unstable. The latest stories won’t display but after clearing my browsing history it’s back to normal. I never have that problem with Firefox.
Joseph says
@ Mirren 10
(being a computer Luddite).
____________________
I’m happy you didn’t say #1 computer Luddite.
Hope all is well, take care Mirren.
Mark A says
I was experiencing problems accessing JW and Pamela Geller’s site with IE. IE would shut down and put out an onscreen message that IE is experiencing a problem and needs to shut down.
I’ve started using Google Chrome to access JW, Pamela Geller and other sites with similar viewpoints. So far no problem with Google Chrome.
But it does make me wonder whether IE is censoring certain viewpoints. Any one else had similar problems?
Susan says
I have Google Chrome and Avast and have been having the problem of false positives as well. I notice if I wait a day or so it goes away and I can access the email again. I do know my Avast is coming up for renewal and will mention that unless they fix this problem I will go to a more reliable virus protection software.
Peggy says
Try using Firefox as a browser. I find it good and I also use Comodo AV which I am happy with. Just a thought.
KrazyKafir says
Hmmm, I wonder if it was the prevention code that what was causing my Explorer 11 to frequently lock up with an error message while viewing JW? It got so bad I finally switched to Chrome, and I haven’t had a problem since.
marc says
Yes, thats it, details on fixing here http://freespeechdefense.net/2015/05/browser-issues-with-javascript-ddos-protection/
KrazyKafir says
Thank you, marc
Marken says
Our initial problem with Avast was when I clicked on the Jihad Watch link from my email,I was re-routed to an HXXP protocol, I should have to taken a screen shot. After contacting Marc, whatever he did with his contact with Avast, the problem stopped. Since this has never happened with any other website I visit and the large number of daily attacks on this blog, I suspect one of Allah’s insider mischief makers is involved. I understand (very limited) that the HXXP is inserted into KNOWN malicious links to keep the user from opening the link. Speculating, since JW is not a malicious link, this should not be happening, unless of course exposing Islam and Mohammad is perceived as ‘malicious’ by an insider
Dave G says
I have had trouble over the past few weeks with “connection reset” errors when trying to access jihad watch. This happens with Firefox, Chrome, and Explorer so I suspect Avast may be the problem.
Tequila not Taqiyya says
Yes that is A-ass, I mean Avast. I had the exact same problem and I disabled avast and magically the problem disappeared.
I am going to switch from Avast. They have gotten horrible over the past couple of years in terms of false positives. And in this case, something smells fishy.
Carrie Singer says
Avast is in the Czech Republic. I just fired them and installed Bitdefender, and here I am.
KelZat says
Avast is a POS. It blocks my bank, some pop ups for live streams of media, tons of web pages. It also causes issues with the good functioning of some plug ins for Microsoft Office programs.
I dumped it shortly after installing it.
underbed cat says
I use Google chrome….that has Avast….I also received the message and was “redirected.”…when the website page would appear it would not “operate”, so I clicked on “About Robert” on the frozen page and would be able to pull up some stories. I could read for a while then is seemed to freeze up. I thought at first I wrote something that was offensive to J. w. and booted off, then I thought maybe some ‘techie” didn’t like the website. I also went to other websites and clicked on Robert Spencer” and the would work…for awhile… then I just gave up. So I am happy that you are back up.
I took a DOS class years ago, I didn’t have a computer at home and was so lost I cried. I can operate a light switch and get on google and reboot…that’s about it.
Thanks to Robert Spencer for posting the articles and news…there is a screen that always asks for name and email….I avoid it. I use a system and an internet I don’t fully get….but know it can be pesky.
Carrie Singer says
Well, as I say, as long as a guy is good in bed, I can deal with a light switch myself. After all, a computer is just alight switch–you just have to know which switch turns which light on.
Brian says
A woman also needs to be good in bed, plus be able to change a light bulb and general electronics around the home.
Rufus Carswell Sr. says
I use Avast and go to your website every day with no problem. Just reporting in.
marc says
seems to be only Windows with IE or Chrome, what are you using, I don’t see the warning either on Linux any browser.
Carrie Singer says
With Windows. you can’t get rid of IE, but I use Chrome with Avast and it didn’t work. Now, with Chrome and Bitdefender, I’m back in business.
underbed cat says
Rufus..my computer consists of old equipment, second hand, updated…but it works. So if you have newer system, I am sure most people do, maybe that was my problem. My screen has faded vertical lines and one of these days (gone), temper mental, on/off connection.
miriamrove says
Hi all! I am in the 1950’s technology!! I am trying to make sense of the post by Robert and I am not able to. I never have/had any problems logging on JW. But every now and then when I log in it says: You are being re directed….” but then it goes to the site. So if anyone here has minutes would you be kind enough to let me know what all of this means? And should I be doing something that i am not doing now? I hate not to be able to go to JW. Thanks. M
somehistory says
From what you have stated, I think you’re fine. I too get the message along the bottom of my screen, but it takes me to the page I am seeking. I think they put that in after some attack took down the site. I could be wrong about the last part, but since I don’t have a problem, but get the same message, I’m pretty sure you’re okay.
Norton has a product…free sometimes….to warn of unsafe sites. I have never been warned about this site.
citycat says
I used to have that on this mobile. Click back immediately when “you are being redirected” appears, and then immediately click on what you clicked on before the redirect thing appeared. Sometimes i had to do that operation three times quickly, it has gone now i think because the Chrome on the phone is constantly updated. I’m no boffin either, ok
citycat says
Also, just on the off-chance, if it applies to non-mobiles, go into settings, then into connectivitivy, then mobile data, and select “always on line” as opposed to “when needed”
which makes the whole thing work better,
at one point i could not see the comments and could not comment, just recently, it’s getting there.
somehistory says
For every computer safeguard, there are hundreds of products produced, new ones regularly, to overcome the security.
This is yet another “tool” to disrupt your service to the public, to the regular readers, to all who come to find out what is happening that may not be readily available elsewhere.
It itself, is malware…another tool to prevent Jihad Watch from being available to all who wish to read it.
Like the spam one gets in their inbox which attempts to get the user to go to a certain webpage for nefarious purposes.
So the answer: Yes! it is an attempt to inhibit free speech and the many (and seems to be growing in number) readers rights to view and read what Jihad Watch has to say.
duh_swami says
On this computer there is no protection at all. No malware, no virus protection, no firewall, no problems that I can see.
Windows 8 comes with a program where you can install a brand new operating system that’s just like new. I did that once, and have had no problems for 2 years of zero protection. If things do get weird, I can just start over…
Angemon says
I skipped Windows 8, but Windows 7 + Microsoft Security Essentials never gave me any trouble.
Brian says
I use Norton and Chrome browser…Sometimes I have to refresh the jihadwatch.org page to get it to show fully, but that I can live with.
underbed cat says
With so many tech savvy people.that love to mess with computers, websites, the hackers out to “mess”, it could be an attempt to stop information or free speech or as I prefer to say information based on facts or investigation.
Just read a news post from Wall Street Journal , june25,2015, that Jack Ma (Alibaba) purchased 23 million dolllars of land 28,100 acres, nature preserve. I am still stunned that someone from China, a somewhat different government can purchase that much land here and that is not a citizen…but I guess Saudi Arabia buys land, Russia , how is that smart? Well if they never find the escape prisoners…in upstate NY, maybe ask the Red Guard. I guess China operates the tollways in the state of Illinois. This has got me a little shook….Is this a free country laws protecting or what? I would still like a country to call home. Taking away a Confederate Flag,(blacks fought too.), but seeing photo’s of isis flags in NY…I wonder about the American Flag. Just thought I would mention article….interesting news in WSJ.
Brian says
How can a Chinese citizen buy up so much land in the United States? I also know that many other Chinese have bought up huge amounts of land and businesses in Europe, Africa and Russia. A foreigner cannot buy Chinese land in China like that…there are stringent restrictions in China against foreigners owning land or businesses in China.
Here in Ireland, many plots of land have been bought by Chinese and even the biggest wildlife park in Europe here has been bought by a Chinese man. London property on the other hand is being bought up by wealthy Arabs and a few Russians (mostly to escape taxes).
I have no doubt the collective West will rue the laxity of allowing this in the future when it is too late.
the Oracle says
That’s why nationalization is so handy.
Brian says
“That’s why nationalization is so handy.”
Yes, if under communism.
Brian says
BTW, 23 million dollars was dirt cheap (excuse the pun)
Here is a link to the article:
http://www.wsj.com/articles/alibabas-jack-ma-buys-23-million-property-in-new-yorks-adirondacks-1435155612
Peggy says
Chinese are buying a lot of good agricultural land here in Australia as well as many hourses and apartments in major cities. In my opinion foreigners should be allowed to lease land but never buy it. Next thing you know we’ll need passports to cross from one end of the country to the other, (not really but it’s good to throw that in).
underbed cat says
Brian…interesting yes but not likin it.. U.S, property laws that are written should be under a little more scrutiny.. The one good thing is that they (Chinese land owners) cannot pack it up and take it home..but their control could increase with some bad consequences and then like you said, it is too late. Not that we don’t have enough to worry about..but it’s like having a home with no walls. Wonder if ownership includes the right to pay real estate tax? Interesting guy with money to control.how did America start to sell itself off.Thanks for posting link.
Aaron Jay Lev says
I had a similar situation where aaronjay.com was blacklisted for having “malware”. The website itself was hand coded (no WordPress or another platform that could be hacked). After checking the files, there was nothing harmful or even suspicious of looking harmful. Just my website where I posted my resume and listing my PHP / Android / iOS Development projects.
My opinion is that Avast made an honest mistake or automatically flagged the website due to some people flagging the website (because they disagreed with the content). I’m glad you were able to be unblocked with little effort. It took 4 weeks to get my website out of avast jail.
Buraq says
A vast bunch of clowns! The virus is Islam.
somehistory says
This is much like the pop-ups that, at one time, came up every day, and flash big messages of *Warning* Your computer is infected with a virus.” Clink here now to remove it.” Scare tactics to get those who are unacquainted with the tactic to actually infect their computer.
No Fear says
I use a Mac. No problems ever.
Brian says
I just sent a message to Avast using their web form asking why they are false flagging a website on the say so of Islamofascists who want to stifle criticism and the exposure of Islamic atrocities. Their false falling is being complicit with these Islamofascists.
Brian says
BTW, I will be leaving a review with Norton recommending jihadwatch.org soon.
Rob says
My home IT guy has recommended I let my avast sub expire which it will do in a couple of months and I’m using malwarebytes as a replacement.
Agreed RS it has been frustrating!
gravenimage says
Are fake virus warnings a new method to disrupt free speech?
……………………………..
Just another form of “Jihad of the Keyboard”.
Good luck with the orwellian situation with Avast, Marc. I’m glad you keep things up and running at Jihad Watch—I know this is *much* more difficult than your average IT gig. JW is lucky to have you.
Sarah says
It appears more and more that the people at Avast are pro-jihad and pro-terror.
gravenimage says
Probably not as such—I doubt they understand much about it—but they also are willing to do nothing to accommodate a site under constant cyberattack—which means they will do little to defend freedom of speech.
Jèsus says
Asghar Bukhari Spencer
gravenimage says
What rot. Frequent Jihad cyber attacks are a very real thing at Jihad Watch, as both Robert and Marc will tell you.
The idea that a legitimate concern over cyber attack is the same as believing “Zionists” have sneaked into your house in order to move your slippers is utterly absurd.
abad says
Good to know that I am not the only one who has been getting those periodically when I try to access this site. But yes it is a concern – I am sure Mr Spencer will check into it. Keep free speech alive!
Wellington says
Many here have more technical computer knowledge than I do, and I have benefited by reading many of the posts on this thread for this very reason, but I would just like to make a philosophical point, that being that all kinds of people hate the truth or are afraid of it. Such antipathy and fear is virtually always rooted in some kind of ignorance. The two kinds of ignorance which come foremost to mind, and with particular relevance to Jihad Watch and the never-ending attempt to disrupt it, are those of the Islamic and Far Left varieties. Yes, there are other types of ignorant people out there, but the world minus Muslims and dedicated leftists would be a world where truth (computers too) would have a much easier time of it.
Porkistan says
AVG gave me this warning a few weeks a ago and I took the time to look it up.
1. Firstly JW had a 100% clean rating for the last YEAR so I knew it was a false positive.
2. The problem is the use of HEURISTICS in anti-virus programs. Heuristics is looking for virus LIKE behavior and it gives false positives all the time. But heuristics also helps protect you from viruses that are still unknown by looking for their tell tell characteristics.
3. When I looked up “code obfuscation” the only LEGITIMATE reasons (listed) for using it are to save on bandwidth and/or to keep people from stealing your web code. Big companies use it to save bandwidth and naive web developers use it to keep even more naive web developers from stealing their web layouts and page effects.
4. I didn’t realize that “code obfuscation” can help against DDoS attacks. I guess that’s a rare niche application not commonly talked about. I thought that most DDoS protection happened at higher levels than the page code itself (in the servers, gateways, and layers)
5. AVG (and others) are not out to ‘get’ (or silence) you. They are just erring on the safe side with a WARNING, about something that seems a tad ‘fishy’ to them.
6. After that ONE time last month I’ve never had another warning. So either they added your specific code (or your website) to the exceptions list.
!!! IMPORTANT !!!
7. Worrying about viruses and hacking on JW (and other Counter-Jihad websites) is a REAL concern. Especially for Europeans. I’m reminded of an incident in Sweden last year where some left wing thugs hacked DISQUS and then PUBLISHED the names and addresses of people who’s only ‘crime’ was opposing islamic immigration. These peoples lives were RUINED. Many of them lost their jobs and government positions for simply questioning why Sweden should commit cultural suicide to accommodate a bunch of savages.
The left wing “brown shirts” play tough in suicidal multikulti Europe. If you are going to post comments you should ALWAYS use a fake email and name (use http://www.mailinator.com). And if you’re in Europe you should probably use a proxy server to hide your IP as well.
Remember that DISQUS will use cookies to link your various accounts. So if you think you are safe by having a ‘real’ account and an ‘anonymous’ account YOU ARE NOT SAFE. NEVER tell DISQUS anything true about yourself.
-Stay safe my fellow Counter-Jihadists. 😉
marc says
We block the lvl3 and lvl4 attacks on switches, lvl7 attacks have to be blocked at that level, thus the code, i think far more palatable than cloudflares ddos code, which is very similar.
DISQUS wasn’t really hacked, they are wide open by default, which is why despite a lot of pressure from some commentators here, Jihadwatch does not use it, if they had come clean about what had happened at the first opportunity, after those commentators were attacked in their homes and their livelihoods, i would feel differently. Also check the T&Cs, who owns the comments made in their system?
Jim says
I have Avast, and have had this problem for quite some time here, now that the problem has been identified, I am going to switch anti-virus programs.
Emjay See says
ME TOO, Avast go avast!
RalphB says
I normally use Firefox but found that with it, at least on my setup, I cannot access Jihad Watch. I get a “you are being redirected message” on the browser tag with a blank screen and then some kind of endless loop — no 404 message or other failure message. This happens even though I unchecked “block attack sites” and “block web forgeries” in security options. I can’t find any reason for it. I regularly scan for viruses and malware but do not have “real time” protection except that of Microsoft Security Essentials but even when I disable “real-time protection” Firefox behaves the same way for Jihad Watch. Seems weird.
So I view Jihad Watch by using Internet Explorer, instead, which has no problem even with real-time protection on. If anyone knows where my problem might be please say so. Thanks.
Larry A. Singleton says
I have problems in the extreme when linking to Jihad Watch. It’ll take forever to load up and then I’ll get some kind of “failure” message. It’ll sometimes take me an hour to finally get back on the website. This happens All The Time. I’m pretty sure I’ve gotten stopped with the warning of JW and some “virus” but off the top of my head I can’t remember specifically. Did I send something to JW about a week ago….? Man, I hate getting old.
yohananw says
I dont use AVAST, but queried their contact with the URL of this post. From answer (see below) it seems that the definition problem has been fixed in their virus definition update… If so the article could be updated with that current Resolved status…
ps thanks for keeping jihadwatch secure, up and running.
Appended reply from AVAST
>Prokop Kalivoda
Staff
Quote
Posted on: 15 September 2015 12:48
Hello Yohanan,
Thank you for contacting AVAST Software s.r.o. with your concerns.
Website http://www.jihadwatch.org/ isn’t detected by Avast with latest Virus Definitions.
Please update your Virus Definitions by following these steps:
Open Avast program and go to > Settings > Update > VIRUS DEFINITIONS > Update.
If the problem would be persisting after that, please send me a screenshot of the detection message. On the following page you can learn how to take a screenshot: http://take-a-screenshot.org/
Best regards,
Prokop Kalivoda
Avast Technical Support Specialist<