Most commerce sites (amazon, netflix, target, etc.) now show up with the "this website does not supply identity information" message.
This is in conjunction with random advertising pop-ups and redirects. It's a brand new laptop on which the only apps I've installed (beyond the ones that came with the laptop) are Mozilla 27.0.1, Adobe Reader, and Picasa - all from the official web sites. I've disabled all extensions/add-ons, cleared cache and cookies multiple times, disabled suspicious apps, totally uninstalled Firefox and reinstalled it, uninstalled both Adobe Reader and Picasa (and not reinstalled). I've started the operating system in safe mode and tried running it with and without various programs to no avail.
I use Kaspersky and it has found nothing. I'm at my wits end ... HELP!
Усі відповіді (7)
Your extension list shows "Quiknowledge" which apparently can display ads in the browser. It is disabled, but see whether you can remove it from the Windows Control Panel, Uninstall a Program. If you click the "Installed on" column header you may see unexpected software loaded by bundles.
Also try some supplemental malware scans using other tools, as they tend to have different lists of junk they go after. This article lists tools other Firefox users have found helpful: Troubleshoot Firefox issues caused by malware.
Any luck?
No luck - Quiknowledge was bundled with the PC software so I was assuming that wasn't the issue, but removing it didn't do any good. And the redirects appear to be coming from Firefox. Odd bit of new information, Facebook and other non-commerce sites come up ok (i.e. without the website not supplying info quirk) but if I leave them up it changes to the "this website does not supply identity information". I've tried several supplemental malware scans and even run in the Kaspersky Trusted Applications Mode to try to identify something.
In case you want to know the extra malware tools I've tried beyond my Kaspersky:
Microsoft Safety Scaner TDSS Killer Malwarebytes
Update - ran Malwarebytes again and this time it found some "mysearchdial" junk and removed it, which appears to have gotten rid of the redirects and pop-ups but still leaves me with the "This website does not supply any identity info" issue.
Just to decode the gray exclamation triangle, there are two different types of information mixed together in that icon:
(1) Not supplying identity information: this indicates that there is a valid security certificate, but it is an ordinary certificate and not an EVSSL (green lock) certificate. Same as a gray padlock, as far as the main page goes. So that part of the message is not worrisome unless the site used to show a green padlock before.
(2) Gray exclamation-triangle: this indicates that that the page contains "mixed" content. More specifically, although the page was retrieved through an encrypted connection (HTTPS) with a valid certificate, something in the page was retrieved over an open connection.
To discover the non-secure content, you can look in Firefox's Browser Console:
- Windows: Ctrl+Shift+j
- Mac: Command+Shift+j
- Menu Bar: Tools > Web Developer > Browser Console
- (Win) orange Firefox button > Web Developer > Browser Console
Once you have that open, you likely will see lots of stuff. To filter the list, type mix into the search/filter box at the upper right.
You might need to reload the page if other messages crowded out the mixed content message.
At this point, you can decide whether you are concerned about the non-secure content. For example, perhaps it's something from the same site that they mistakenly forgot to serve with an HTTPS URL. (Screen shot example attached.) But, you may discover that it's from a different site and then you can start to assess whether there might be something suspicious going on with the page. Maybe it's user-posted content that's hosted on a popular image hosting site. Or you may notice a pattern suggesting that one of your extensions is injecting advertising into the pages... or worse.
Note: You can keep the Browser Console window open (minimized) with the filter set to mix for quicker reference if you're seeing this often.
One of the features of the Kaspersky suite is that it can intercept your secure connections to filter them. On the plus side, this SSL Scan feature could remove some threats you would otherwise receive. On the minus side, if it isn't able to handle every bit of content in the page, it might be contributing to these mixed content warnings.
You could try turning off the SSL Scan feature to see whether that makes a difference. The way to do that seems different depending on your product, but here are some links I found in previous threads:
- How to scan encrypted connections in Kaspersky Anti-Virus 2012?
- How to scan encrypted connections in Kaspersky PURE 2.0? (except: turn it off instead of on)
Any difference?
What was/is most concerning to me is that the site will start out with a grey padlock and then, if I keep the site up it changes to either a grey globe or the triangle/exclamation point - both with the "This site does not ..." message. From your first paragraph it seems that I shouldn't be concerned about this?
As for opening the console and filtering using "mix" - nothing shows up in the console. I can keep the console open and see whether something will show up.
I haven't tried turning off the SSL scan feature but will try if the issue continues. Thanks much for your expertise and help.