Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Firefox Security IT Technology

Avast and AVG Are Causing Firefox Users To Lose Saved Passwords (betanews.com) 90

An anonymous reader shares a report: Firefox users are reporting that their saved passwords have been lost, with the problem seemingly caused by antivirus software rather than being an issue with Firefox itself. Antivirus software such as Avast and AVG appear to be corrupting the file in which Firefox stores passwords, rendering it unreadable. Thankfully, passwords can be recovered, but -- for the time being --- they will be corrupted again when you restart your computer.
This discussion has been archived. No new comments can be posted.

Avast and AVG Are Causing Firefox Users To Lose Saved Passwords

Comments Filter:
  • by slash2019 ( 6030504 ) on Friday June 14, 2019 @01:57PM (#58762838)
    One of the benefits of using a Linux is you won't need Avast nor AVG to browse the internet.
    • by MrL0G1C ( 867445 )

      Having an anti-virus program doesn't make you safe when browsing the internet and whilst there are more viruses for windows that doesn't mean that Linux isn't targeted from time to time.

      Real Linux malware:
      https://www.theinquirer.net/in... [theinquirer.net]
      &
      https://arstechnica.com/inform... [arstechnica.com]

      Running your browser with low privilege won't necessarily protect you:
      https://shenaniganslabs.io/201... [shenaniganslabs.io]

      Having said that I don't run the pointless junk that is modern AV because it slows the system, messes with the system and application

  • by SuperKendall ( 25149 ) on Friday June 14, 2019 @02:03PM (#58762886)

    Avast and AVG appear to be corrupting the file in which Firefox stores passwords...they will be corrupted again when you restart your computer.

    Software installed deeply into your system that silently modifies files on your system every time you boot is not anti-virus. That is very PRO-virus.

    • by skids ( 119237 )

      Yeah what exactly is the supposed justification for anti-virus files having modify access to a creds store?

      (Not that I think keeping all your creds in one well known place protected by a single password is a great idea in the first place.)

      • by Shimbo ( 100005 )

        Yeah what exactly is the supposed justification for anti-virus files having modify access to a creds store?

        (Not that I think keeping all your creds in one well known place protected by a single password is a great idea in the first place.)

        It doesn't. It has a 'password protection' feature that blocks access to the store except to trusted programs. For some reason to do with the certificate chain, the new Firefox isn't trusted.

        It was trying to mitigate the risk of having the creds in one place that you mentioned.

        Ref: 1558765 on b.m.o

    • by Anonymous Coward on Friday June 14, 2019 @03:27PM (#58763618)

      AVG didn't modify shit. If anything, it worked as it was supposed to, which is to prevent any process other than the signed Firefox binary from reading the file. The problem arose because in a recent update, Firefox signed their binaries with new cert that AVG didn't recognize and so thought the updated Firefox was an unauthorized process trying to access logins.json.

      On Firefox's end, when it couldn't read logins.json, it assumed it was corrupt and renamed it to logins.json.corrupt-1 while creating a new, blank logins.json. However, everytime Firefox started, AVG would lock the new logins file again, and Firefox would dutifully rename it again - this time as logins.json.corrupt-2 and this process would continue until AVG pushed the fix via a virus db update. Firefox users will need to rename the logins.json.corrupted-1 in their profile directory back to logins.json to get their passwords back.

    • by qubezz ( 520511 )
      Along with popping up ads demanding money, and sending your browsing history to a third party, while occasionally rendering your computer unbootable. They are a virus.
  • by Anonymous Coward on Friday June 14, 2019 @02:09PM (#58762930)

    Since those (unless users are paying for those software ! why ??) are offering free versions I rather use the Windows defender that comes with Windows 10. It offers basically almost the same protection as noted here [av-test.org]. Just click on Windows defender and look at the numbers and stats. On top of that no annoying ads ruining everything or just the app doing some crazy thing on the computer like in this article here.

    Besides, the best protection is the one 18' from the monitor hehe, not the antivirus software. I mean it should be obvious, don't go on porn sites without an ad blocker, a script blocker or just don't go there at all if you don't want to get crap on your PC.

    • Re: (Score:3, Insightful)

      by jellomizer ( 103300 )

      When you go overboard with virus protection, you end up protecting an unusable computer.
      Windows Defender is really good enough, combined with safe browsing habits you are rather good with it.
      I do find that Windows Defender has a fit if on the Linux Subsystem for Windows I install nmap though.

  • Good thing I don't have those anymore. It's been years, but I suppose I'll get an update notice from Firefox since it's been two days since the last one. Where's the update? You're slacking Mozilla! Fuckers.
  • by DERoss ( 1919496 ) on Friday June 14, 2019 @06:11PM (#58764600)

    Much of SeaMonkey and Thunderbird contain software components from Firefox. I use SeaMonkey 2.49.4 (the latest official release) as a browser but prefer the user interface of Thunderbird 52.9.1 (an older release because the latest breaks several extensions) for E-mail and newsgroups. I also have AVG Anti-Virus Free 19.5.3093.

    My password files for SeaMonkey and Thunderbird are NOT being corrupted by AVG Anti-Virus Free. That is proven in part by the fact that I used SeaMonkey's password manager to logon to Slashdot to post this comment.

  • There is a way by which you can eliminate the problems. All is need to be done is, enable avast exceptions and create a list of Avast White list websites that are your favorite. Refer the article below to would suggest you read about https://cybergeeksoftware.com/... [cybergeeksoftware.com]

Whoever dies with the most toys wins.

Working...