AV false-positives in 2019: PB vs VB

Everything else that doesn't fall into one of the other PB categories.
BarryG
Addict
Addict
Posts: 3294
Joined: Thu Apr 18, 2019 8:17 am

AV false-positives in 2019: PB vs VB

Post by BarryG »

It's official: these anti-virus false-positives with PureBasic have gone beserk. I decided to make a small test exe in both PureBasic 5.71 and Visual Basic 5 Pro to see how AV companies view them at the end of 2019, and these are the VirusTotal results. I know it's just a small "hello, world" message box test, but still... this disappoints me greatly.

BTW, the Visual Basic 5 exe wasn't digitally signed either, so signing your exes to "reduce false positives" is simply not true in the real world.

PureBasic v5.71 (32-bit):

Code: Select all

If OpenWindow(0, 400, 200, 200, 100, "Form1", #PB_Window_SystemMenu)
  ButtonGadget(0, 10, 10, 150, 35, "Command1")
  Repeat
    Event = WaitWindowEvent()
    If Event = #PB_Event_Gadget
      MessageRequester("Project1","hello")
    EndIf
  Until Event = #PB_Event_CloseWindow
EndIf
Image


Visual Basic 5 Pro:

Code: Select all

VERSION 5.00
Begin VB.Form Form1 
   Caption         =   "Form1"
   ClientHeight    =   3015
   ClientLeft      =   120
   ClientTop       =   465
   ClientWidth     =   4560
   LinkTopic       =   "Form1"
   ScaleHeight     =   3015
   ScaleWidth      =   4560
   StartUpPosition =   3  'Windows Default
   Begin VB.CommandButton Command1 
      Caption         =   "Command1"
      Height          =   615
      Left            =   600
      TabIndex        =   0
      Top             =   480
      Width           =   1935
   End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Private Sub Command1_Click()
MsgBox ("hello")
End Sub
Image
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: AV false-positives in 2019: PB vs VB

Post by Mijikai »

This doesnt mean anything.
Just because some crap/nonsense AV/s (most of them) detect/s something.

Its not PB fault its the AV/s fault!
BarryG
Addict
Addict
Posts: 3294
Joined: Thu Apr 18, 2019 8:17 am

Re: AV false-positives in 2019: PB vs VB

Post by BarryG »

I know it's the AV's fault - that's the entire point of my post. And it depresses me, because we're fighting a losing battle.
drgolf
User
User
Posts: 90
Joined: Tue Mar 03, 2009 3:40 pm
Location: france

Re: AV false-positives in 2019: PB vs VB

Post by drgolf »

Hello,
The same code on pb 5.71 with options : thread and DPi in compiler and with version infos fill is 5 detections.

If the exe is signed with personal free certificat : 2 detections.

here : https://www.virustotal.com/gui/file/607 ... /detection

Changing compiler option can change the result.

On lazarus with the option WR : no detection.
With Delphi no detection. But the minimum exe size is 4 megas.
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: AV false-positives in 2019: PB vs VB

Post by Mijikai »

BarryG wrote:I know it's the AV's fault - that's the entire point of my post. And it depresses me, because we're fighting a losing battle.
Most of those AVs are not even relevant and with the very few big/halfway sane ones u can usually communicate.
BarryG
Addict
Addict
Posts: 3294
Joined: Thu Apr 18, 2019 8:17 am

Re: AV false-positives in 2019: PB vs VB

Post by BarryG »

drgolf wrote:If the exe is signed with personal free certificat : 2 detections.
Wait - you can get free certs? Please tell me more. How?
Fred
Administrator
Administrator
Posts: 16623
Joined: Fri May 17, 2002 4:39 pm
Location: France
Contact:

Re: AV false-positives in 2019: PB vs VB

Post by Fred »

All these antivirus are not mainstream, it's not an issue.
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: AV false-positives in 2019: PB vs VB

Post by Kwai chang caine »

FRED wrote:All these antivirus are not mainstream
It's not always the case :|
Me in my job, i receive a letter of administrator of the network enterprise, and he forcing me to never use PB on machine of the enterprise. :|
All that because NORTON see one virus in nearly all exe PB, and mainly with the IDE if i activate the debugger, and i not understand why :shock:
I writing to SYMANTEC, he adding the soft sending to him to the white list, and all the others continue to create virus alarm , and i have so much PB EXE, i can't send all of them, and mainly all the new temporary "PureBasic_Compilation0.exe, PureBasic_Compilation1.exe, etc..." :evil:
And like i have no right on my job machine, now, for continue to use PB, because nobody can force me to not use my PB LOVE, i use my personal PC for my job.... :oops:
But i feel so alone with this problem, me against SYMANTEC and my direction :|
ImageThe happiness is a road...
Not a destination
User avatar
ChrisR
Addict
Addict
Posts: 1127
Joined: Sun Jan 08, 2017 10:27 pm
Location: France

Re: AV false-positives in 2019: PB vs VB

Post by ChrisR »

Unfortunately it's not New, the AVs keep pissing us off :evil:

The developers were already complaining in 2009 and before.
See this blog from Mai 2009, written by Nir Sofer, author of a great collection of small and useful freeware utilities

Antivirus companies cause a big headache to small developers
User avatar
Tenaja
Addict
Addict
Posts: 1948
Joined: Tue Nov 09, 2010 10:15 pm

Re: AV false-positives in 2019: PB vs VB

Post by Tenaja »

One way to get them to quit falsely accusing good programs of viruses is for the small developers to join together in a class action lawsuit. (Defamation?)
Unfortunately, they'd probably counter with the excuse they have a system in place to white list your program...

I've actually used that whitelist submission. We had an av a few years ago that flagged nearly 100 percent of my code, so I started submitting every exe. Finally, it became less needed, so I went back to whitelisting my folders.
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: AV false-positives in 2019: PB vs VB

Post by Kwai chang caine »

ChrisR wrote:author of a great collection of small and useful freeware utilities
I did not know the famous Sysinternal have the same type of problem :shock: before be MICROSOFT :?
So.....the only one solution is to get us hired, at microsoft :mrgreen:
Thanks for your interesting link :wink:
Tenaja wrote:Unfortunately, they'd probably counter with the excuse they have a system in place to white list your program...
Yes ...for resolve the "FALSE Positive"... the AV create a "FALSE solution" :mrgreen: :?
ImageThe happiness is a road...
Not a destination
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: AV false-positives in 2019: PB vs VB

Post by Dude »

One line of code, a comment; modern theme support off; compiled as an exe:

Code: Select all

; Nothing
VirusTotal result: 18 false positives :(

https://www.virustotal.com/gui/file/aa6 ... /detection

Come on, this is crap. What can we do? I can't release my app like this. :| I know this is a do-nothing app, but the AV detection is obviously picking up something in those exe bytes/header that also matches my real-world app, because it's also getting around 20 false-positives.
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: AV false-positives in 2019: PB vs VB

Post by skywalk »

Did you fill out the version and description fields or use a resource file?
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
marc_256
Enthusiast
Enthusiast
Posts: 743
Joined: Thu May 06, 2010 10:16 am
Location: Belgium
Contact:

Re: AV false-positives in 2019: PB vs VB

Post by marc_256 »

ChrisR wrote:Unfortunately it's not New, the AVs keep pissing us off :evil:
I have also this problem with my PB developed programs.
I don't understand how AV programs works and also how .exe files are composed,
but how can these AV programs see that a .exe file is created / compiled with PB ??
Is PB compiler put some PB data in our .exe file ?
Can someone help me here.

thanks,
marc
- every professional was once an amateur - greetings from Pajottenland - Belgium -
PS: sorry for my english I speak flemish ...
Marc56us
Addict
Addict
Posts: 1477
Joined: Sat Feb 08, 2014 3:26 pm

Re: AV false-positives in 2019: PB vs VB

Post by Marc56us »

One line of code, a comment; modern theme support off; compiled as an exe:
VirusTotal result: 18 false positives
Yes, but have you tried doing the same code in other languages (ie: C) ?
It is well known that poor AVs consider a small file size to be necessarily a virus.


For your test, now you know that you can tell people that these 18 """Antivirus""" must be exlued from test.

In many case, if the next 4 scanners say OK for a program, there is no need to go any further.
(alphabetical order)
- Avira
- BitDefender
- ESET-NOD32
- Kaspersky

It is therefore also necessary to stop taking this site for a reference: it does not make its selection work by quality.
:arrow: Lack of quality cannot be replaced by an excess of quantity.

All the programs I do in PB have always gone to 100%. I don't know why, but here's how I do it:
- I code in pure basic syntax and PB function only (very few, if any, direct API calls).
- No direct modification of the registry
- Almost never pointers
- Entries are almost always made in standard Windows locations (ie: %AppData%).
- Large programs are packaged with InnoSetup and also use standard paths (ie: %ProgramFiles%, %ProgramData%).

Basic, Pure Basic, PureBasic

:wink:
Post Reply