+1
Answered

Handling detection of malware in URLs

Muntoo Meddler 11 years ago updated by Joel Thornton 11 years ago 4

I had a hibernated tab with the URL:

http://conceptart.org/forums/showthread.php?238167-Help!-Landscape-painting-color-theory-and-digital-painting-techniques


It had been sitting around for a few weeks before Chrome suddenly decided that there was malware on conceptart.org. No big deal. But then it decided to nuke Sidewise. The extension options/etc still worked -- it was only the sidebar that got the "MALWARE" warning.


Is there any way to prevent this from happening or to give the user a little hint on what they should do?

Answer

Answer
Answered

The code to handle this has been released in version 2013.4.18.0.

---

Oh that's bad. Good find :D The cause turns out to be the favicons shown in the sidebar -- if one of them is from a "malware site", we get the malware warning page in the sidebar too.


I've created a kludgy-but-functional mechanism to detect and correct this problem and it should be in the next release. 


The solution isn't pretty but it works. Basically, when Sidewise notices that the malware page is showing in the sidebar, it will ask the user if they want to fix the problem.


Sidewise then loads all the tree's favicons into a new "testing" tab. If that tab comes up with the malware-page, then we know that one of those favicons is causing the problem. Now we split the list of favicons in half and test each half separately in the same way, to figure out which half contains the bad favicon. We continue this process by repeatedly subdividing the "contains the malware favicon" list in half, then again testing each half ... until through the process of elimination we narrow the list down to a single favicon that causes the malware warning.


At that point, we have identified the offending favicon, and replace it in the tree with the default Chrome favicon. Fixed!

Answered

Oh that's bad. Good find :D The cause turns out to be the favicons shown in the sidebar -- if one of them is from a "malware site", we get the malware warning page in the sdiebar.


I've created a kludgy-but-functional mechanism to detect and correct this problem and it should be in the next release. 


The solution isn't pretty but it works. Basically, when Sidewise notices that the malware page is showing in the sidebar, it will ask the user if they want to fix the problem.


Sidewise then loads all the tree's favicons into a new "testing" tab. If that tab comes up with the malware-page, then we know that one of those favicons is causing the problem. Now we split the list of favicons in half and test each half separately in the same way, to figure out which half contains the bad favicon. We continue this process by repeatedly subdividing the "contains the malware favicon" list in half, then again testing each half ... until through the process of elimination we narrow the list down to a single favicon that causes the malware warning.


At that point, we have identified the offending favicon, and replace it in the tree with the default Chrome favicon. Fixed!

Answered

Oh that's bad. Good find :D The cause turns out to be the favicons shown in the sidebar -- if one of them is from a "malware site", we get the malware warning page in the sidebar too.


I've created a kludgy-but-functional mechanism to detect and correct this problem and it should be in the next release. 


The solution isn't pretty but it works. Basically, when Sidewise notices that the malware page is showing in the sidebar, it will ask the user if they want to fix the problem.


Sidewise then loads all the tree's favicons into a new "testing" tab. If that tab comes up with the malware-page, then we know that one of those favicons is causing the problem. Now we split the list of favicons in half and test each half separately in the same way, to figure out which half contains the bad favicon. We continue this process by repeatedly subdividing the "contains the malware favicon" list in half, then again testing each half ... until through the process of elimination we narrow the list down to a single favicon that causes the malware warning.


At that point, we have identified the offending favicon, and replace it in the tree with the default Chrome favicon. Fixed!

Clever solution. Does it work with multiple offender tabs?

+1

Yes, though it makes the process take longer, because it runs a "verify all clean" pass at the end of the first cleanup pass, and if there is another tab with an offending favicon, it goes through the same process-of-elimination routine again to find it ... repeat until a "verify" pass finds no more problems.


It could be more efficient than this, but given the probably very rare triggering of this 'feature' vs. multiple offender tabs, I'm OK with it as described for now.

when?

Cannot restore my tree


("solved": manually exported, edited, reimported)

The code to handle this has been released in version 2013.4.18.0.

Answer
Answered

The code to handle this has been released in version 2013.4.18.0.

---

Oh that's bad. Good find :D The cause turns out to be the favicons shown in the sidebar -- if one of them is from a "malware site", we get the malware warning page in the sidebar too.


I've created a kludgy-but-functional mechanism to detect and correct this problem and it should be in the next release. 


The solution isn't pretty but it works. Basically, when Sidewise notices that the malware page is showing in the sidebar, it will ask the user if they want to fix the problem.


Sidewise then loads all the tree's favicons into a new "testing" tab. If that tab comes up with the malware-page, then we know that one of those favicons is causing the problem. Now we split the list of favicons in half and test each half separately in the same way, to figure out which half contains the bad favicon. We continue this process by repeatedly subdividing the "contains the malware favicon" list in half, then again testing each half ... until through the process of elimination we narrow the list down to a single favicon that causes the malware warning.


At that point, we have identified the offending favicon, and replace it in the tree with the default Chrome favicon. Fixed!