Kaspersky blocks access to certain topics on Bitcointalk.org

[mikeywith]

It happened when I tried to post something in the mining board



Identfied as RiskTool https://threats.kaspersky.com/en/class/RiskTool/.

Anyone else experienced such an issue?

[1714692281]

1714692281

[1714692281]

1714692281

[jackg]

What browser are you using and do you have any other relevant/active plugins? Based on what the site says it could be an autoredirection tool from cloudflare (but I'm not sure if that'd be considered a risk).

[DaveF]

Never had an issue with Norton & Malwarebytes both of which I find give the most false positives.
I *have* at times been blocked on certain topics here by a SonicWall or Barracuda Web Filter.
Could also be a transient thing, if you update your AV definitions to the latest ones does it still do it?

-Dave

[mikeywith]

What browser are you using and do you have any other relevant/active plugins? Based on what the site says it could be an autoredirection tool from cloudflare (but I'm not sure if that'd be considered a risk).

No plugins whatsoever, the issue only appeared a few moments ago, nothing has been updated/changed, I am using Chrome.

I think I know how the problem happens, I just don't how Kaspersky is considering it a risk.

I was trying to reply to this https://bitcointalk.org/index.php?topic=5237323.msg55438812#msg55438812

I quoted the part which contains URLs from Artemis3's post, and the block-message appeared, when I posted this topic it went through without an issue, so I figured out it had to be something with the content of my post, I removed the URLs quotation and it worked

Never had an issue with Norton & Malwarebytes both of which I find give the most false positives.

Dave can you try to quote Artemis3's post and see if your security software will block you.

Edit:

It's actually the "stratum+tcp" part that sets the alarm off, basically, I had to turn off Kaspersky to be able to post the following line.

stratum+tcp://Kaspersky.sucks

[mprep]

Considering that it's a heuristic detection (a.k.a. well informed guessing), the threat was marked as "BitMiner" and you were trying to post in the Mining board, my guess it's a false positive. It even says that it's "not-a-virus" and a "RiskTool", which many cryptocurrency miners get marked as since they are often embedded into actual malware that intends to profit off of the victim computer's processing power by mining crypto at a low intensity and / or when the computer is left idle for a while.

Windows 10 already ships with a pretty decent antivirus solution nowadays (case in point: link 1, link 2 and link 3) that's not only able to use OS features off-limits to external developers but can leverage the massive install-base (a.k.a. pretty much anyone that installed Windows 10 with the automatic sample submission turned on) to detect threats much more quickly. The "automatic sample submission" feature is obviously pretty detrimental to privacy but it's pretty easy to turn off and (I assume) equivalent functionality exists in pretty much every modern external antivirus suite.

Add in the fact that modern browsers sandbox the environment a website's JavaScript runs in (yes, there have been vulnerabilities that allowed said code to escape the sandbox but I highly doubt your antivirus software would be able to detect sophisticated sandbox escape 0days) and nowadays for anyone even a bit more experienced with computers (as in who understands that downloading and running random executables is a bad idea) external antivirus suites provide very little security benefit at best and are a snake-oil-ish mix of bloatware and spyware-lite at worst. Antivirus software in general provides very limited protection from any attacker with even the smallest amount of sophistication and its main benefit comes as one layer of a "defense in depth" strategy for larger businesses (especially ones that employ a lot of non-tech savvy people).

To compensate, a lot of these companies started including more redundant or useless functionality (e.g. VPNs, registry cleaners) to their offerings and / or started getting more paranoid (like I suspect in this case) by scanning all browser traffic (by, I assume, installing a custom plugin / add-on to your browser) and flagging "threats" that can't even be seriously considered as malware (and that's putting aside the really spyware-y behavior of a proprietary piece of software that often phones home (potentially with data you wouldn't particularly like sharing if they actually asked you for it) injecting plugins into your browser to intercept and scan every little bit of browser traffic).

[notblox1]

It happened when I tried to post something in the mining board

Mining board is a very dangerous place 

Most antiviruses have so many false detection that you should always take everything they report with some reserve.
Maybe your Kaspersky detected some bitcointalk ads script as dangerous adware, but I would just whitelist bitcointalk in antivirus and don't worry about this.

[DaveF]

Never had an issue with Norton & Malwarebytes both of which I find give the most false positives.

Dave can you try to quote Artemis3's post and see if your security software will block you.

Edit:

It's actually the "stratum+tcp" part that sets the alarm off, basically, I had to turn off Kaspersky to be able to post the following line.

stratum+tcp://Kaspersky.sucks

On my work laptop with Norton & Malwarebytes behind a sonicwall it works.
No idea when Kaspersky started blocking the s t r a t u m + t c p stuff I know it used to be fine.
I have a client that is using them, I'll remote in later and see if I can get to that post from something on their network.
Probably should not be using clients as test subjects but....

-Dave

[malevolent]

Add in the fact that modern browsers sandbox the environment a website's JavaScript runs in (yes, there have been vulnerabilities that allowed said code to escape the sandbox but I highly doubt your antivirus software would be able to detect sophisticated sandbox escape 0days) and nowadays for anyone even a bit more experienced with computers (as in who understands that downloading and running random executables is a bad idea) external antivirus suites provide very little security benefit at best and are a snake-oil-ish mix of bloatware and spyware-lite at worst.

Worse even, antivirus programs are complex enough to have many bugs and since they usually run at highest privilege levels their bugs can often be leveraged into exploiting the machine.

[mikeywith]

Mining board is a very dangerous place 

Why is that?  was someone kidnapped there?  .

Jokes aside, this has nothing to do with "where" you try to post s-t-r-a--t-u-m-+-t-c-p, Kaspersky will still flag it, even if you send it through a PM,  mprep has explained the issue in a perfect manner, please refer to his post

[notblox1]

Why is that?  was someone kidnapped there?  .

There is one overzealous moderator there and I won't name him, but he is editing every freaking post in that board. 

Jokes aside, this has nothing to do with "where" you try to post s-t-r-a--t-u-m-+-t-c-p, Kaspersky will still flag it

I would just stop using Kaspersky, and replace it with Malwarebytes or default AV

[NotATether]

Jokes aside, this has nothing to do with "where" you try to post s-t-r-a--t-u-m-+-t-c-p, Kaspersky will still flag it

I would just stop using Kaspersky, and replace it with Malwarebytes or default AV

Changing antiviruses won't eliminate the problem completely, because each of their traffic scanners flags different strings of text. An AV that doesn't flag stratum+tcp might flag a github repository of mining software or anything looking like a bitcoin address.

What good is flagging text anyway? I don't see the point in having a traffic scanner mark bits of text as dangerous, and if it wants to mark a URL as dangerous it can just use its internal firewall.

@mikeywith If Kaspersky blocked this thread too because it contained that stratum text in it, that would be ironic considering it's blocking a topic called "Kaspersky blocks access to certain topics on Bitcointalk.org"  

Antivirus software in general provides very limited protection from any attacker with even the smallest amount of sophistication and it's main benefit comes as one layer of a "defense in depth" strategy for larger businesses (especially ones that employ a lot of non-tech savvy people).

A good example is Sophos is still running ads about their AV that none of their clients got any ransomware attacks, when just three years ago, one of them, the NHS, was hit by WannaCry. I think they have come to realize there is little they can do about destructive malware and their revenue is drying up as people realize that AVs are of little help, so they resorted to becoming deceptive and misleading people to think that their AV protects you completely. Not to mention the entire security market profits off of the existence of malware, and if all malware suddenly disappears overnight (hopefully...), all these security companies will become redundant and out of business.

That's why you hear a lot of clamor on the news about non-destructive what they call "threats" like cryptominers and cracked software because it's easy for them to block access to those. As for news about viruses and ransomware then they have more of a gloomy tone to them.