Symantec Programming Development Virus JavaScript and Uncategorized Shaun McCarthy 5:32 pm

The Skinny:

Anyone who has ever had to develop on a machine with a virus scanner than has “real time protection” knows the pain that it can cause. Have you ever had issues in Visual Studio where files are locked and don’t become unlocked till you restart your environment / iis / your machine? Well, in the majority of cases, it’s thanks to Symantec getting it’s grubby hands all over it.

Now Symantec are making things awkward from the other side – as a valentines day gift, Symantec have decided that they will now try to scan the content of javascript in an html document, with a badly implemented heuristic. This means that if anyone vists your website with Symantec installed, if you have a large chunk of javsacript it will pause for up to a minute while it tries to work out what the javascript is doing! This means a large portion of your client base could be seeing minute long delays as they are using your site.

Slightly more details:

It seems the key is the new statement. If your code has a lot (thousands) of new statements in a single block (e.g. pre loading rollover images / using your own custom objects to preload an array / drop down – typically done when you query a database in programming to populate some items for use by javascript) then Symantec will get it’s knickers in a twist.

e.g.

<script>

imgArr[0] = new Image(“Aniceimage.jpg”);

imgArr[1] = new Image(“anotherimage.jpg”);

…

imgArr[2000] = new Image(“TheLastImage.gif”);

</script>

To show how ignorant they are, if you break it up into script blocks it works fine.

e.g.

<script>imgArr[0] = new Image(“Aniceimage.jpg”);</script>

<script>imgArr[1] = new Image(“anotherimage.jpg”);</script>

…

<script>imgArr[2000] = new Image(“TheLastImage.gif”);</script>

I’ve filed a complaint with Symantec – lets hope they take it seriously!