Avast and AVG Are Causing Firefox Users To Lose Saved Passwords (betanews.com) 90
An anonymous reader shares a report: Firefox users are reporting that their saved passwords have been lost, with the problem seemingly caused by antivirus software rather than being an issue with Firefox itself. Antivirus software such as Avast and AVG appear to be corrupting the file in which Firefox stores passwords, rendering it unreadable. Thankfully, passwords can be recovered, but -- for the time being --- they will be corrupted again when you restart your computer.
Re: (Score:2)
Well Free isn't free.
Why aren't Chrome or Edge or Opera or Brave affect (Score:1)
Why is it only Firefox that's affected?
Why not the numerous other web browsers out there with similar functionality?
And this happens with two separate antivirus programs?
All of that makes me suspect it's really a problem with Firefox and whatever file format is being used.
Maybe it's like in the past when Firefox's performance problems were blamed on "user error" or "bad extensions" instead of the real cause: Firefox just being slow! Despite Firefox supposedly being "fast" already, the developers then did th
Re:Why aren't Chrome or Edge or Opera or Brave aff (Score:5, Interesting)
They're not separate. Avast acquired AVG in 2016.
They've got so much in common that the AVG uninstaller was identifying itself as Avast Uninstaller for a while. They've since corrected that.
I wouldn't touch either of them with a barge pole any more. They come bundled with so much crap it's ridiculous.
Re: Why aren't Chrome or Edge or Opera or Brave a (Score:1)
Firefox isn't that widely used. It has a market share of 2% to 3%. Chrome is much more widely used, by around 75% of the market.
If the law of large numbers were at play, then we'd expect to see Chrome affected. But it doesn't appear to be. So this should cause us to be suspicious of Firefox and why a little-used browser experiences these problems while more popular browsers apparently don't.
Re: (Score:1)
Not sure where you're getting your numbers from. Pretty much every source out there states Firefox to be between 5%-10% and Chrome 60%-70%. Mobile drives FF down somewhat (hence the 5% from some sources), though none of those take user agent spoofing into account, which is needed on an increasing number of sites.
On either account, your numbers for FF are way lower than research shows and for Chrome, really rather inflated.
Re: (Score:1)
I wouldn't touch either of them with a barge pole any more. They come bundled with so much crap it's ridiculous.
Serious question, what does Avast come bundled with? The only thing I ever see is the "install Chrome" and make it your default option when Avast updates. I always uncheck it and havn't seen anything else bundled with it. TIA.
Re: (Score:2)
Their secure browser, their VPN thing, off the top of my head that's all I can think of. Not prepared to boot into Windows to find out any more.
TBF AVG is infinitely worse. Drive updater, system cleaner, secure browser and so on... Again, not prepared to boot into Windows to find out any more!
Re: (Score:1)
Their secure browser, their VPN thing, off the top of my head that's all I can think of. Not prepared to boot into Windows to find out any more.
I'm pretty sure those are options that you don't have to install. I'll pay attention the next time I update, but I typically just uncheck stuff and only let it install what I want. But I could be wrong.
Re: (Score:3)
True, you don't have to, you're not their target audience though. They're counting on the clueless users who don't look before they install.
IMO, if you're going to use a free AV, stick to Windows Defender/MS Security Essentials. At least it's not going to nag you to pay for something and chew up resources.
Re: (Score:2)
When I am forced to use Windows for whatever reason, this is my antivirus:
https://docs.microsoft.com/en-... [microsoft.com] Second party kind of but recommended by Microsoft.
There's a setting where you can make it submit hashes to VirusTotal for their score (0 is best/undetected, 1 might be a false positive, anything higher you should scan manually), and be able to watch processes doing their thing including sorting by disk usage, GPU usage and CPU usage, thereby making it an indirect antivirus.
https://www.virustotal.com/ [virustotal.com]
Another reason to go Linux (Score:3, Insightful)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
I'll give you marks on printers, but I've never had problems with mice, keyboards and scanners on any flavor of linux.
My printer use case was unusual, though. I was wanting to print directly on optical media using a Canon Pixma and could not get things to line up closer than about 5mm without CUPS generating something that would crash the printer. I had to keep Windows around in a VM so I could use the Canon software in Windows to print on discs (whose software didn't work in Wine, either).
Re: (Score:1)
Re: (Score:2)
Having an anti-virus program doesn't make you safe when browsing the internet and whilst there are more viruses for windows that doesn't mean that Linux isn't targeted from time to time.
Real Linux malware:
https://www.theinquirer.net/in... [theinquirer.net]
&
https://arstechnica.com/inform... [arstechnica.com]
Running your browser with low privilege won't necessarily protect you:
https://shenaniganslabs.io/201... [shenaniganslabs.io]
Having said that I don't run the pointless junk that is modern AV because it slows the system, messes with the system and application
Doesn't sound like anti-virus to me (Score:4, Funny)
Avast and AVG appear to be corrupting the file in which Firefox stores passwords...they will be corrupted again when you restart your computer.
Software installed deeply into your system that silently modifies files on your system every time you boot is not anti-virus. That is very PRO-virus.
Re: (Score:1)
recover from reasonable amounts of unexpected data corruption
Windows-user Stockholm Syndrome?
Re: (Score:3)
Yeah what exactly is the supposed justification for anti-virus files having modify access to a creds store?
(Not that I think keeping all your creds in one well known place protected by a single password is a great idea in the first place.)
Re: (Score:3)
Yeah what exactly is the supposed justification for anti-virus files having modify access to a creds store?
(Not that I think keeping all your creds in one well known place protected by a single password is a great idea in the first place.)
It doesn't. It has a 'password protection' feature that blocks access to the store except to trusted programs. For some reason to do with the certificate chain, the new Firefox isn't trusted.
It was trying to mitigate the risk of having the creds in one place that you mentioned.
Ref: 1558765 on b.m.o
Re:Doesn't sound like anti-virus to me (Score:5, Informative)
AVG didn't modify shit. If anything, it worked as it was supposed to, which is to prevent any process other than the signed Firefox binary from reading the file. The problem arose because in a recent update, Firefox signed their binaries with new cert that AVG didn't recognize and so thought the updated Firefox was an unauthorized process trying to access logins.json.
On Firefox's end, when it couldn't read logins.json, it assumed it was corrupt and renamed it to logins.json.corrupt-1 while creating a new, blank logins.json. However, everytime Firefox started, AVG would lock the new logins file again, and Firefox would dutifully rename it again - this time as logins.json.corrupt-2 and this process would continue until AVG pushed the fix via a virus db update. Firefox users will need to rename the logins.json.corrupted-1 in their profile directory back to logins.json to get their passwords back.
Re: (Score:2)
Sticking with Windows Defender (Score:3, Interesting)
Since those (unless users are paying for those software ! why ??) are offering free versions I rather use the Windows defender that comes with Windows 10. It offers basically almost the same protection as noted here [av-test.org]. Just click on Windows defender and look at the numbers and stats. On top of that no annoying ads ruining everything or just the app doing some crazy thing on the computer like in this article here.
Besides, the best protection is the one 18' from the monitor hehe, not the antivirus software. I mean it should be obvious, don't go on porn sites without an ad blocker, a script blocker or just don't go there at all if you don't want to get crap on your PC.
Re: (Score:3, Insightful)
When you go overboard with virus protection, you end up protecting an unusable computer.
Windows Defender is really good enough, combined with safe browsing habits you are rather good with it.
I do find that Windows Defender has a fit if on the Linux Subsystem for Windows I install nmap though.
Mozilla is slacking off (Score:1)
Why Firefox and Not SeaMonkey or Thunderbird? (Score:3)
Much of SeaMonkey and Thunderbird contain software components from Firefox. I use SeaMonkey 2.49.4 (the latest official release) as a browser but prefer the user interface of Thunderbird 52.9.1 (an older release because the latest breaks several extensions) for E-mail and newsgroups. I also have AVG Anti-Virus Free 19.5.3093.
My password files for SeaMonkey and Thunderbird are NOT being corrupted by AVG Anti-Virus Free. That is proven in part by the fact that I used SeaMonkey's password manager to logon to Slashdot to post this comment.
Use Avast Whitelist or Exceptoions (Score:1)