It is currently Sun Mar 07, 2021 11:14 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 173 posts ]  Go to page Previous  1 ... 8, 9, 10, 11, 12
Author Message
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Thu Oct 29, 2020 11:10 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Wed Aug 10, 2005 2:08 pm
Posts: 617
Location: Yorkshire, England
It seems like any man and his dog can release a shit AV that ends up on virus total and all you need is one or a handful of these shitty AV's with their bullshit generic heuristics flagging your product up as a virus, your reputation is tarnished

_________________
ProGUI - Professional Graphical User Interface Library - http://www.progui.co.uk


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Nov 27, 2020 4:14 am 
Offline
User
User

Joined: Thu Oct 22, 2020 7:01 am
Posts: 33
Hello, I was curious about what would be my results in virustotal with the app im developing, its 2000 lines, and i just got one hit from jiangmin antivirus (first time i saw this antivirus). Making some research it looks like it also hits with some programs like VLC player which is a very well known video player. Was this problem fixed at the end? Do you believe in the future if I use a certificate I would be able to remove even that antivirus false positive?

Thanks

It says TrojanSpy.carberp.eut

Ah i was using 64bit exe


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Nov 27, 2020 4:55 am 
Offline
Addict
Addict

Joined: Thu Apr 18, 2019 8:17 am
Posts: 1336
Josepho wrote:
Do you believe in the future if I use a certificate I would be able to remove even that antivirus false positive?

Some people say buying a cert helps, but I've seen malware false-positives by developers with certs too:

Example 1 -> https://stackoverflow.com/questions/52360025/how-to-stop-antivirus-false-positives-everytime-we-re-release-software ("We actually had our certificate revoked due to "malware distribution" as a result of these false positives. It seems there is no recourse other than to buy another one.").

Example 2 -> https://stackoverflow.com/questions/6773395/does-a-code-signing-certificate-help-with-false-positive-from-a-virus-scanner/6773525 ("We purchased a code-signing certificate and we still got flagged by Symantec so it's no guarantee.").

Some replies to Example 2:

"this certificate doesn't change the behavior of your software and that's what is analyzed by the anti virus software."

"If signing your code was all it took to get past antivirus software, then a few hundred bucks would be enough to make all antivirus software completely useless. A code signing certificate certifies that the code comes from you, not that it is not malicious."

So, whether you buy a code-signing cert or not is up to you. I haven't bothered as it seems to be like extortion and a waste of money to me. Someone else replied to Example 2 with this:

"I don't even need few hundred bucks [to buy a cert]. Whenever I send any app to some antivirus company, they whitelist the app without any questions."

That's what I do (get my exes whitelisted for free).


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Jan 15, 2021 1:54 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 93
Location: Adelaide, South Australia
Another new development...

Since the start of the year my users are reporting that some of my recent PB-recompiled programs are literally being deleted off their computer without warning. I tracked it down to Windows Security (formerly Defender). The folder or mapped drive has been excluded but the files are still being removed. It turns out that the Controlled Folder Access can override the exclusion. The program needs to be whitelisted into a safe list. Here is a link to the Microsoft article:

[url][/url]https://support.microsoft.com/en-us/windows/allow-a-blocked-app-in-windows-security-b5b6627a-b008-2ca2-7931-7e51e912b034

Notice the apology at the end!

I found out the hard way that certificates aren't worth it.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Jan 15, 2021 4:11 am 
Offline
Enthusiast
Enthusiast

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 417
Location: Germany
DeanH wrote:
I found out the hard way that certificates aren't worth it.


The really annoying thing to me is how end-users consider "big corp av warnings" to be always true and clever while actually if you look into the program flow, you find out that it was some kind of fall-back error that was just shown because the software really could not identify the binary content it analysed.

[*] is it whitelisted?
[*] is it blacklisted?
[*] is it calling api calls we dont like?
[*] do we actually have a clue what this is?
[*] throw generic vague warning because our lawyers said we need to do this, so we are on the safe side and avoid being liable in case it was something new

ps: i have actually seen code like that in a big AV product. If it cant be identified, it ended in a default warning. Thats why it was totally pointless trying to evade some vague AV warnings. The major change in this, seems to be an additional sandbox behaviour analysis step nowadays.

_________________
webpage


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Jan 15, 2021 9:46 am 
Offline
Addict
Addict

Joined: Thu Apr 18, 2019 8:17 am
Posts: 1336
DeanH wrote:
Notice the apology at the end

What apology? Or is that the joke? Hehe.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Jan 17, 2021 12:48 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 93
Location: Adelaide, South Australia
"Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked."

Not an apology, I guess, but it feels to be as if it is an admission that they can stuff you up. The words "class action lawsuit" keeps going through my demented mind, but I'm sure that would be fruitless. There have to be companies that are losing huge amounts or are completely threatened by the poor identification methods being used to identify malware.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Tue Feb 16, 2021 3:58 pm 
Offline
Always Here
Always Here

Joined: Fri Oct 23, 2009 2:33 am
Posts: 6332
Location: Wales, UK
It is the Indie Developers that suffer the most. A class action lawsuit is probably the only way to stop this nonsense. Or maybe we could send in the The Hoff to sort them out.

_________________
IdeasVacuum
If it sounds simple, you have not grasped the complexity.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 173 posts ]  Go to page Previous  1 ... 8, 9, 10, 11, 12

All times are UTC + 1 hour


Who is online

Users browsing this forum: Zach and 32 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye