01-26-2015, 10:29 AM | #31 | |
Grand Sorcerer
Posts: 27,605
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
Last edited by DiapDealer; 01-26-2015 at 10:45 AM. |
|
01-26-2015, 10:36 AM | #32 |
Ex-Helpdesk Junkie
Posts: 19,421
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Are you saying Google Chrome has a security vulnerability that allows an attacker to install software on your PC merely by browsing to a specific page?
... and that this is calibre's fault for using a common platform (Google Adsense I think) to deliver standardized ads which contain malware (delivered via Google no less)? Anyway, I cannot replicate your success with malware... Last edited by eschwartz; 01-26-2015 at 10:39 AM. |
Advert | |
|
01-26-2015, 10:40 AM | #33 | |
Wizard
Posts: 3,108
Karma: 60231510
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
|
Quote:
|
|
01-26-2015, 10:42 AM | #34 |
Ex-Helpdesk Junkie
Posts: 19,421
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
This part is confusing me.
I was not aware that you must set a security setting to prevent Google Chrome, or indeed any piece of non-malware software, from installing stuff on its own. What security settings are these? I haven't seen them, even though I use Chrome quite a bit. This sounds tremendously sketchy. But then, the whole thread does. Last edited by eschwartz; 01-26-2015 at 10:44 AM. |
01-26-2015, 11:19 AM | #35 |
Wizard
Posts: 3,720
Karma: 1759970
Join Date: Sep 2010
Device: none
|
if a site is serving up syndicated ads, i.e. if the site owner is letting a 3rd party choose & display the ads & does not know exactly what ad will be served at a specific time to a specific user, then yes there is a risk of rogue malware infested ads being delivered.
[ e.g. There's an on-going debate at virginmedia.com community forum about virginmedia.com ad-infested home pages servicing up rogue update flash ads & thus malware, to VM customers ( who have to visit that page when accessing webmail) VM are a reputable company, most would agree, but seem to have no knowledge or control over what gets served up on their home page, according to the critics. ] if google ad servers are involved then what they serve is related to whether google knows who is browsing and what it knows about that person, so the OP could be served ads that you & I are not served, all without Kovid or whoever runs the calibre download site begin any the wiser I am not quite curious/rash enough to go visit the calibre download page with all my adblockers and AV disabled, but if someone is, perhaps they can "view source" & report back. in the case we have here, we need to know what URL the OP is using, to check if that's the same one the rest of use use. then view source on that page will reveal exactly what goes on under the bonnet. As for "set a security setting in chrome" - installing the adblock extension does block much of the malware infestations within ads, by blocking the ads. without such an extension it is very likely that chrome will happily display a rogue you need to update flash advert which leads to the installation of all sorts of crap for anyone who clicks OK. |
Advert | |
|
01-26-2015, 11:23 AM | #36 | |
US Navy, Retired
Posts: 9,865
Karma: 13806776
Join Date: Feb 2009
Location: North Carolina
Device: Icarus Illumina XL HD, Nexus 7
|
Quote:
@cybmole good point. Knowing the adware would most likely give us insight into the possible nature of this adware. Until then the OP should simply bookmark one of the the alternate download pages and go there for updates. Last edited by DoctorOhh; 01-26-2015 at 11:30 AM. |
|
01-26-2015, 11:27 AM | #37 | |
Resident Curmudgeon
Posts: 74,622
Karma: 130140792
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
Quote:
But are you sure your Windows Chrome is not already infected and that infection is installing adware When you've removed the adware and then run Chrome? Last edited by JSWolf; 01-26-2015 at 11:30 AM. |
|
01-26-2015, 11:34 AM | #38 | |
Ex-Helpdesk Junkie
Posts: 19,421
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Quote:
Chrome is a good browser that is incidentally less extensible than Firefox, which means I prefer Firefox. Also, it makes several stupid policy choices that make it less attractive. Are you aware that the Chrome Webstore has a perfectly working port of AdblockPlus as well? It also has Ghostery. In short -- Chrome is just as safe as Firefox. The inferior Web Developer tools, restricted and artificially held back extensibility options (for "security") and simplifiedmoronified menubar, or lack thereof, makes it very much a casual-use browser IMHO. |
|
01-26-2015, 11:36 AM | #39 |
Loving life
Posts: 1,412
Karma: 7991496
Join Date: Mar 2009
Location: Hot Springs Village, Arkansas
Device: PaperWhite 5,iPhone 13, IPad, MacBook Air
|
Well I just removed chrome from a test box then installed calibre without an issue. This I know for sure it is chrome. I can install on a new box then install calibre and I will get the adware. But if I install calibre on a box using only IE I do not get the adware. So for now I am kissing chrome good bye.
|
01-26-2015, 11:38 AM | #40 |
Loving life
Posts: 1,412
Karma: 7991496
Join Date: Mar 2009
Location: Hot Springs Village, Arkansas
Device: PaperWhite 5,iPhone 13, IPad, MacBook Air
|
I believe that IE was crap too but I will live with IE on windows and chrome on my Linux boxes. At least with Linux adware is not going to install. And I am not sure how that the adware is installing while I have windows set to not install anything with out me accepting it. But I will be testing that too.
|
01-26-2015, 11:49 AM | #41 | |
Grand Sorcerer
Posts: 27,605
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
When, exactly, in that process are you "getting" adware? And how do you know you're getting adware? Is your anti-malware software complaining about adware? If so, what is it that your anti-malware software is saying is being installed? Be specific, not vague. |
|
01-26-2015, 12:11 PM | #42 | |
Ex-Helpdesk Junkie
Posts: 19,421
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Quote:
You seem to have a custom Chrome build that installs programs rather than merely being... a downloader. |
|
01-26-2015, 12:14 PM | #43 |
Guru
Posts: 771
Karma: 6528026
Join Date: Sep 2012
Device: Kobo Elipsa
|
IE lets you "Run" the installer without saving the installer package to disk first. That's how I install and update Calibre, and I've never had a problem with that method installing adware.
|
01-26-2015, 12:18 PM | #44 |
Ex-Helpdesk Junkie
Posts: 19,421
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Chrome and Firefox do the same thing.
They all have the ability to launch a download using the system default file handler. IE allows you to save to $TMP (windows equivalent, obviously ) to run it, Chrome not at all, and Firefox only if an app handles it, not for executables and MSIs... but you can always click on the downloaded file in the Downloads list and it is equivalent to double-clicking in Explorer. Last edited by eschwartz; 01-26-2015 at 12:22 PM. |
01-26-2015, 12:52 PM | #45 |
null operator (he/him)
Posts: 20,678
Karma: 26966376
Join Date: Mar 2012
Location: Sydney Australia
Device: none
|
@cvkemp - as others have said Chrome shouldn't be doing the install - msiexec.exe should do the install. Have a look at the file association for .msi files.
Here are the file sizes and checksums for the 32bit and 64bit msi files I have downloaded from the calibre downloads area. Code:
32bit 60.8 MB (63,836,160 bytes) CRC32 25893d5a MD5 80e2d2e15e130c4c759318f69d5a1c49 SHA-1 95fabe784521e9bd2b33fc7ce27fb8d79d7d0d08 64bit 66.2 MB (69,439,488 bytes) CRC32 76c0e56f MD5 3537394c9213ed57c7974855d8208c51 SHA-1 c98c0b69be7ff001433be11cf06b28262fe26d7d I double clicked C:\Downloads\From Chrome\calibre-2.17.0.msi to install it. Windows asked me if I trusted the source of the file - I clicked Yes and then Trusted Installer kicked in to do its job. I then did scans with malewarebytes and adwcleaner, no malware was reported. I also ran a very aggressive malware removal tool which also found nothing (I wont name it because it can create havoc if used indiscriminately). If the Windows install was done from a a third party slipstream then that is possibly the source of the problem. The safest way to reinstall Win7 is to download and install the official iso with the SP1 slipstream from MS, and then keep running Windows Update until it runs out of things to do - tedious to be sure, but safest for certain. 3rd party slipstream installs are notorious as vectors for malware. BR |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Calibre Update/Install App for OS X | faraz | Related Tools | 9 | 07-16-2015 05:28 PM |
Calibre Install/Update Script for OS X | faraz | Calibre | 2 | 11-11-2012 12:16 PM |
Unable to update Calibre as original install file is missing? | El_Splendido | Calibre | 1 | 08-24-2012 04:43 PM |
calibre update 0.8.1 to 0.8.2 custom install directory | Dopedangel | Calibre | 5 | 05-21-2011 01:15 PM |
warning about 2.9.5 update install | xyzzy | iRex | 3 | 04-26-2007 08:06 AM |