by Paul Arnote (parnote)
During the month of October, both the PCLinuxOS Magazine website and the main page of the PCLinuxOS site were marked as containing malware by Avast! antivirus software. As a result, many visits to both sites were blocked (we'll never know exactly how many), and Avast! users were left with a misleading impression that PCLinuxOS and The PCLinuxOS Magazine contains malware and viruses. The damage is unmeasurable, and the reputation of both sites is at peril, thanks to the erroneous label.
Let's start off with this simple, yet accurate, statement: There are NO viable viruses "in the wild" for Linux. Certainly, there have been reports of theoretical concept viruses, which exist only in the lab. Yet, when it comes to implementing them in the wild, they have all failed miserably. Most Linux users who have been around for a while already know this. Linux newbies may not realize this, however, since they may still be operating their Linux computers under a "Windows mentality."
As for Windows users ... well, part of their daily existence involves running around scared of viruses, malware, spyware, crapware and every other kind of "ware" that infests that so-called operating system. It has become such a huge problem under Windows that an entire segment of the Windows software market has become a multi-billion dollar industry (in U.S. dollars). That one segment is devoted to just creating and marketing software to defend against and protect against the onslaught of malicious software.
Sometime over the first weekend of October 2013, an "updated" Avast! antivirus database flagged the image of the September 2013 issue of The PCLinuxOS Magazine as malware. What was even more odd is that that very same image had been posted to the magazine website for well over a month, without any issues.
The original report came from PCLinuxOS forum member Crow, on October 6, 2013. Meemaw, assistant editor of The PCLinuxOS Magazine, confirmed the problem happened to her on October 4, 2013, when she attempted to bring up the magazine website from her place of employment (as she always does), on a computer running Windows 7, "protected" with -- you guessed it -- Avast! antivirus. She originally thought it was only her computer and connection that was at fault, until Crow made his report the a few days later. Meemaw subsequently changed to the recently discontinued Microsoft Security Essentials virus scanner, which reported the magazine site as clean and free of malicious software.
Subsequent scanning of all of the files on the magazine website by YouCanToo, using ClamAV (in the PCLinuxOS repository), showed no virus or malware signatures, whatsoever. Additional scanning of the magazine's web page by other PCLinuxOS users, using different virus scanners, also showed that the files in use were, in fact, clean and free of malicious software and signatures.
This is what is known as a "false positive" in the antivirus software world. This is where an otherwise innocent and un-infected file or site is marked as malicious, when it isn't. As a precaution, I (as the website maintainer, one of the duties of the magazine's Chief Editor) took a suggestion from Texstar and opened and resaved the image in Gimp to reset the JPG Exif data with a different filename, re-uploaded the image to the magazine web server, and edited the HTML code to point to the new image.
Meanwhile, PCLinuxOS forum member Tony, returned to one of his old "haunts" in an attempt to help clear up the false positive. Tony, as it turns out, used to be very involved in the Avast! forums, where he seems to still have quite a very good reputation. Tony's post got other Avast! forum members checking out the magazine's web page, and they all gave it an excellent "bill of health" as well. That made the magazine's web page twice vindicated, at least in my eyes.
While there is no certainty or evidence that the Avast! "engineers" actually visit or listen to what's posted on the Avast! forum, it was nonetheless reassuring that the magazine site was found to be free of malicious software -- which is something that all of us who work on the magazine and the magazine's website already know with a high level of surety.
Battling Hydra From Ancient Greek Mythology
Just as we thought we were getting a handle on this issue, it raised its ugly head again six days later. PCLinuxOS forum member BryanC1968 reported on October 12, 2013 that Avast! had flagged the magazine cover image for the October 2013 issue as malware, blocking access to the main PCLinuxOS page where it was displayed. Just as when Hercules battled Hydra in ancient Greek mythology, cutting off one of Hydra's nine heads and two grew back, the Avast! problem resurrected itself in a similar manner.
Once again, YouCanToo and Tony jumped into action to reassure PCLinuxOS users that all was safe, sound and secure.
Then, as if a repeat performance wasn't enough, Avast! flagged all of the websites hosted on YouCanToo's servers as blocked, due to spamming. YouCanToo has taken the necessary steps to remove his server address, along with all of the sites he hosts, from this list, pointing out that none of the sites or the server itself even hosts a mail server.
See? Hydra grew more heads.
How You Can Help
Regardless if you are an Avast! user or not, you can help by filing a "false positive" report on the Avast! site. Simply visit the Avast! form, at least twice. Each time you visit, report a false positive on the pclosmag.com and pclinuxos.com websites (hence, the reason for visiting the form twice). If every member of the PCLinuxOS forum and every reader of The PCLinuxOS Magazine does this, the overwhelming response will force Avast! to act quickly to remove both websites from their blocked sites list. It will also help to quickly restore the reputation of both sites to their rightful status.
Virus Scanner Ratings
If you search for "ratings of windows antivirus software" in Google, you'll get nearly 21,000,000 (yes, million) hits. So, it seems that nearly everyone has an opinion. But, in no instance that I found does Avast! rank in the top five antivirus packages. Even when I was able to find Avast! ranked in the top 10, Avast! ranked low, and even then it was only the paid Avast! Pro version that achieved that status -- not the lowly free version that most users tend to use. Even at toptenreviews.com, Avast only ranked ninth out of the top ten. AVG, another popular choice among those feeling the need for antivirus software, was ranked four places higher.
It's a sad commentary on the computing industry that the most prevalent operating system is the one that is most vulnerable to viruses and other malicious software. What makes the situation even worse is that safer, more stable operating systems exist, such as Linux -- and particularly PCLinuxOS. Broader adoption of Linux would literally put the antivirus software vendors out of business, en masse and overnight. Yet, with reality being what it is, we'll be plagued with antivirus software vendors having their programs running wild and rogue, providing false positives at every turn while missing legitimate security concerns. I suspect we'll see more and more of this type of failure for as long as Windows continues to exist.
I remember dual booting my computer with PCLinuxOS and Windows XP. It seems like it was a lifetime ago since I was a participant in that circus. It wasn't very long before I realized that I never booted into my WinXP partition. PCLinuxOS met all of my computing needs. I found Linux software to replace my trusty old Windows programs. Most of the time, the Linux software performed better and did more than the Windows counterparts. Sometimes, all it took was to look at the task or problem differently. But I had to take the time to look for alternatives.
The past seven plus years with Linux -- over six of them with PCLinuxOS -- may have colored my views some. For seven years, I've not found even the smallest need to run antivirus software under Linux. I don't even run antivirus software on my VirtualBox installations of Windows any more (I used to). Instead, I rely (quite aptly) on backups and snapshots of my virtual machine installations. If one of them gets "infected," all I have to do is roll my installation back to an uninfected state.
So, I do have a hard time understanding why users still rely on running software on the most insecure operating system to ever disgrace the computing industry when they are in possession of one of the most secure operating systems ever -- Linux. With the Steam client coming to Linux, and thus bringing gaming on Linux to the forefront, there is no longer any reason to have a full blown, bare metal installation of Windows.
For those other "can't live without" programs (these will vary for every user; I personally cannot think of any, except income tax software -- and that is the fault of the software vendors, not the lack of a market), a virtual installation of Windows in VirtualBox or VMWare makes a lot more sense than dual booting, with the virtualized copy of Windows running on a Linux host. It places access of those programs at your fingertips, within the virtual machine, providing access to them without the need to reboot your computer.