- VirusTotal reports about malware in setup.exe
- I use Opera for web development. There is a strange element inside which is not in my source code!
- I see plenty of ads. I am using Windows
- I found a clickjacking (UI redress) on opera.com!
- Credentials in URL can be used for a spoofing attack!
- “Log Out” button on forums doesn’t log me out; you have improper SSO implementation!
VirusTotal reports about malware in setup.exeVirusTotal is a service which scans selected files with multiple antivirus engines. Settings for these scanners can be much different than the settings used on typical computers, and sometimes they report what we believe are false-positives. This happens especially with Antiy-AVL, Baidu, Cylance, and Qihoo 360. Please don’t report this issue to us unless antivirus engines other than the ones listed find something suspicious.
I use Opera for web development. There is a strange element inside which is not in my source code!
You appear to have enabled Opera’s native ad blocker. The ad blocker inserts non-lethal elements in a page's code to restructure the layout after blocking ads.
Each of these solutions will help in the order we suggest most:
- Ignore this <style> tag in the <head> tag ?
- Download and use either Opera Developer, Beta, or Portable for development (with ad blocker disabled), and use Opera Stable for web browsing
- Create a separate profile with ad blocker disabled
- Disable Opera’s native ad blocker
We decided not to hide our <style> tag because it would result in inconsistencies between what you see in DevTools and in the page, making debugging much harder.
I see plenty of ads. I am using Windows
First of all, ensure that Opera’s native ad blocker is enabled and try enabling additional lists in Opera settings (Opera menu > Settings > Basic > Block ads > Manage lists…).
It sounds like there is malware or a virus on your computer which is opening unwanted pages in your browser.
Use reputable antivirus and antimalware products to scan and protect your computer. These will need to remove the original malware or virus for you. Without doing this, the other steps listed in this FAQ are essentially useless as the malware can run again and undo all of your fixes. Wikipedia has a good list here: http://en.wikipedia.org/wiki/Comparison_of_antivirus_software.
Note that if you have an existing antivirus product, it may have failed to detect this malware. Try some other products to see if they can detect it.
Once the malware has been removed, either reset your Opera settings (Opera menu > Settings > Browser > Reset Opera) or correct anything it had changed in your Opera settings. For example:
- Are there any unwanted extensions installed in Opera? Navigate to Opera menu > Extensions. Disable all extensions that are listed, and restart Opera to see if the problem has been fixed. You can now re-enable any extensions you want to keep.
- Has it changed your browser startup settings? Navigate to Opera menu > Settings > Browser > On startup. “Continue where I left off” is the default setting and should be selected, unless you decide to change it. Also check the “Set pages” link to see if any unwanted pages are listed there (the list is empty by default). Remove any unwanted pages from the list.
- Remove any bookmarks or Speed Dials it might have added.
- Check the properties of the Opera desktop icon which starts Opera. The malware may have added its own address to the end of the command that starts Opera. It may also have done this in your registry.
- Navigate to Opera menu > Settings > Browser > Search > Manage search engines… and remove any unwanted search engines from the Opera settings.
You will need to do this for any other browsers that you have installed as well. If you need assistance with any of this, please take your computer to a local computer servicing centre.
I found a clickjacking (UI redress) on opera.com!
While clickjacking is an effective attack in cases where only clicking or minimal key presses are required to perform a harmful action, typically in the context of a logged-in user’s account, we are not aware of any part of our site where a clickjack attack could have any significantly harmful consequences. We are aware that the site does not use clickjacking protection, but we are not able to see how a malicious attacker could use it against any parts of this site. (Parts of our other websites that need clickjacking protection will already use the header to prevent it. We only use the header on pages that actually need it.)
Therefore, we do not consider this to be an exploitable security issue, or even a bug. The lack of the X-Frame-Options header is intentional.
Credentials in URL can be used for a spoofing attack!
Opera and other Chromium-based browsers consider this as expected behaviour. Even though the user lands on another website than the one written before the @ sign, the address bar is still the ultimate UI element which provides security information showing the actual website and not the web address written in the address bar. Additionally, Opera hides the username and password information after navigation in the URL box, so users can clearly see which site they really visit. This way, the effectiveness of such spoofing attacks is minimized.
“Log Out” button on forums doesn’t log me out; you have improper SSO implementation!
Short answer: It is by design.
Long answer: This is not an SSO (single sign-on) solution, but our Forums uses your Opera Account as an OAuth2 identity provider.
To give an analogy: If you used your Facebook account to log in into Spotify, you can click "Log out" on Spotify.com and it may appear you are logged out of Spotify. But, if you open Facebook in a different tab you'll see that you are not logged out of Facebook. Next, if you click "Log in with Facebook" on Spotify.com again, you will be immediately logged in without entering any credentials.
This is the same mechanism that we use. Spotify and Facebook do not share a session just like Forums and Auth do not. Logging out of Forums does not terminate the session on the Opera Auth servers since they don't share session or cookie information. There is no "central SSO login." Logging in our out of Forums is a completely independent action from logging in or out of Opera Auth.