Quick Heal AntiVirus 2010 32-bit - Free download and software Quick Heal Total Security Latest Version (3PC/1 Year) - Buy Quick Computer Softwares - Buy Antivirus, Operating Systems, MS Office Quick Heal Antivirus Pro 2013 (10 PC/1 Year) - Buy Quick Heal
- Sebastian Nielsen Says:
I can tell you the reason that AV programs are getting False positives:
Antivirus software does not ONLY scan for known viruses. It does also try to scan for unknown viruses by detecting "viral behaviour".
Viral behaviour is defined by the AV company in the antivirus software, but often viral behaviour is to try reading passwords from the system (as much malware tries to steal passwords), or taking screenshots, reading keyboard in unusual ways, controlling mouse/keyboard (can be a sign of a Remote Access Trojan, RAT) and such.
And then, the antivirus software detects the function in your software that reads passwords, and then it thinks it is some sort of evil password-stealer software, and then it classifies it as a generic trojan or something like that.
About Christophers case, it can be some code in either the installation packager, which tries to modify a vital system file (to install game drivers or something like that) that the AV survelliances on, or it can be code which detect keypresses in game via hooks, which the AV thinks is a keylogger.
A good idea is to write software WELL, do not use suspicious functions/APIs/Hooks. Instead try to do it via the built-in safe functions, like DirectX and such. This will not cause antiviruses to complain, since such built-in safe functions does have safeguards which prevents malware to use the functions in a feasible way, both in AVs and in the functions itself. For example a function will only allow to run while a fullscreen app is loaded. And AV software could have exceptions that for example a game is allowed to hook keyboard via DirectX while its running fullscreen or has focus.
When focus are removed or game exited, it must remove the hooks.
Trying to do things the "wrong" way, will cause AVs to complain.
And when you report a False positive, what AV companies has to do is to either create a whitelist-signature which excepts the software from detection, rewrite the detecting signature (not always easy to do) or add the hash of the false positive to a exception list.
And here comes a security problem too: The problem is that a AV developer cannot whitelist too much, since then virus developer can write their virus in a way so it will fit a whitelist signature and skip detection.
And the AV developer cannot put too much whitelists, since it will be huge for users to download, especially if the user comes home from a long holyday and should apply a update while their last update is 1 month old.
Another problem with whitelisting your software, is that your software might not protect itself enough, so a virus/trojan could then piggyback on your software, for example shell():ing your software and then hooks into it to read of passwords and send it to some server.
This means AV developer has to priority what to put in whitelist and not put in whitelist. Of course they select to whitelist software from larger companies (with a larger user base) than from small developers/companies.
So the conclusion is that, this with false positives is something you have to live with when you develop software which are "security sensitive" in one or more ways, which your software is. Like you have to deal with the police if you engage in suspect activities (even if the activities are legal).
- Morgan Says:
I am a small shareware developer of different utilities. One of my utilities is a monitoring tool for parents. While 99% of my users are perfectly legitimate - for years I am getting hurt by the antivirus companies, which not only call EVERY file of my app a trojan or virus, but they also call my other tools (which are not even monitoring software) VIRUSES and TROJANS. My website had a problem of constantly being added to a different black lists just because of false positives, so I was forced to REMOVE all downloads from the website and move them to another domain just to prevent my website from being blacklisted. It's interesting that the same tools uploaded to download.com are NOT being blocked.
The idea of contacting the AV vendors regarding the false detection is not very good, cause:
1) Sometimes you need to fill a RIDICULOUSLY long web form asking all possible and impossible questions (like MCafee offers), and they don't even promise to serve your request. They even write that "if the request looks suspicious, we won't serve it". Moreover, MCAfee has up to 6 MONTHS response time listed!!!
2) Even after removal of your tool from their bases it will be certainly added after some months.
So these tools destroy my reputation and frustrate my customers, also the download sites are flooded with a comments that my software contain trojans. I repeat, even the absolutely safe software like a developer's IE plugin is getting marked as malware just because I have ONE tool which is a monitoring software.
MOREOVER, even after I removed all tools downloads from my website, I have placed a "dummy" files in place, which just shows warning that the download location is obsolete. Symantec CONTINUES to mark those downloads as VIRUSES!!!!
That's just ridiculous, and there are NO LAWS which could make AV companies responsible for this reputation and business damage. I even think to go aways from windows utilities development and go to Mac, since Mac is not that populated with antivirus crap yet.
Recently I did read an article, where Kaspersky prepared a harmless file, marked it as a virus in their database and uploaded to VirusTotal.com
After some time, more than a half of other antiviruses on virustotal started to call that file A VIRUS, although it was initially clean!!!!
The things are getting worse every year, cause antivirus companies are using more and more aggressive ways of detection and obviosuly become more virus and spyware-like themselves!
Most 2011 antiviruses ARE SENDING INFO FROM YOUR COMPUTER TO THEIR HOME by default - for "better protection". Including websites visited and apps opened.
What is this, if not a spyware??
Some apps like Kaspersky Pure are so bloated and integrated into every hole of your system, that it looks like your PC is designed to run ONLY this antivirus software and nothing more.
After getting the antivirus installed, a user is being constantly scared by different "threats" and messages that he is "not protected" and SHOULD PAY for protection. But actually antivirus DO NOT DETECT a new and really dangerous threats, especially rootkits, but detect lots of legitimate apps as viruses. It's really reminds a Mafia world where you should pay to bandits to stay "protected".
And of course, many antiviruses consume more than half of your computer resources, and many real-life Windows PCs I saw with antivirus installed are so slow that they're almost unusable. Yet the antivirus companies claim the malware makes it slow, not their apps.
I believe a shareware authors should create an association which will fight with these issues until we'll be defeated by so called "security" companies! The association should be monied up with donation, so we can SUE the AV vendors and get paid for the reputation and money loss! They should become RESPONSIBLE - and before this they will be worse and worse.
Antivirus companies SHOULD PAY for the damage they make!
- boing Says:
@Morgan, "I even think to go aways from windows utilities development and go to Mac, since Mac is not that populated with antivirus crap yet. "
I feel your pain since I too am a developer, and have worked on multiple platforms, including Mac, Windows, Atari, Xbox, gameboy, etc. However, that kind of thinking only leads more people to use Macs, which most of, have the false belief that the machines are impervious or nearly impervious, when the are basically a ticking time bomb with horrible security despite unix lovers believing in fantasies sprinkled around the web about how they can't be hacked. Point is, once a way is found (and it has been), they continue to hack away. If people believe in the silly idea that somehow apple programmers are better and "magic" than programmers at other companies, then it has already been proven a fallacy. Iphone is also created by apple and it's programmers, and it's mega popular now. If it were something to do with apples "wonderful" programmers (Who are only human and many who have worked at Microsoft and vice versa), you wouldn't read about so many security breeches on the phone. Britney Spears, and many other celebrities personal photos were passed around the web from her iphone due to this. And guess why she bought an iphone. It's not because she has a doctorate in computer science. It's because it's the most popular fad, and people basically told her. The GPS, tracking each person, stored in an unprotected file, and then sent back to apple 2X a day, location hack is another.. I could go on..
Point is your last word, "yet", is the problem. Hey, let's go here because it's not ruined with malware yet! It's kind of like saying, " We are running out of gas, so Step on it. Drive faster to that gas station before we run out of gas!" It DOES NOT WORK. Making apple popular has always been a waste of time. True scientific minds and true techies understand what I'm talking about. The big hoopla and praise for apple has been the fantasy that it's going to be malware free. But it never has, never been and getting worse as popularity rises. The next big thing is it is supposedly cutting edge technology. How can that be when I bought an i7 based PC that renders video editing projects (something a mac should be great at), nearly TWO YEARS before apple introduced the i7 to it's lineup? And then they charged 00 more for it at 99, just for apple fans to get away from lousy core2duo tech. Apples phones are not ahead of all the other either. Counting apps doesn't cut it. Sorry. Beyond 30,000 great apps, that's enough. And historically apple fans have always said that just because windows had more apps it didn't matter to them, so they shot their own foot with that logic. The over heating ipad2 isn't that great. Let me break it down. A tablet IS nothing more than a LAPTOP without a keyboard and touch screen added to the screen. It's pretty, but fragile and clumsy to operate on more complex programs that really need a keyboard. And there are lots of laptops out there where you can pull the screen out and they turn into tablets. So, this going to apple thing, is nonsensical as in the end, it will just be another place to distribute malware, as it's already happening..
As for AntiVirus and their false reports, and flagging dozens of objects as "Potentially harmful", and counting every last tracking cookie, they are IDIOTS for doing this! Why? Because it not only scares the user, confuses them, makes more work for them, but they do it because they want to look good.. As in, "See mommy! I found some more for you. Can I have a cookie now?". It also makes windows look far worse than it is by exaggerating the situation by counting all these false positives that aren't anything major. If you simply did this on a mac. That is counted all the tracking cookies and so on. It's report would come up with probably saying something like, "Infected with 58 infected objects!". I've found that most reports are not reports of real malware or viruses in windows, but instead a show-off scanner. I just click, "Yes, fix it" and watch it erase a few tracking cookies. Anyway. The entire issue with Antivirus companies competing with each other to show who can pee the furthest, or should I say, Who can count up the most object is a disgusting waste of time.
- an it department in Greece Says:
Out of appriciation for the work done by Nir Sofer, out of curiosity and who knows, maybe it is usefull somewhere, somehow, sometime, I decided to protocol what happened.
It is not an MSE tutorial (if you read this, you know your way in AntiVirus programs), nor criticism or endorsement of MSE (this is not the place for that).
Attempting to download IE PassView iepv.exe version 1.30.
Using a fully updated MS Security essentials (scheduled definition updates 3 times per day) and application/client/engine updates as offered by Windows update/WSUS
Security Essentials Version: 4.0.1526.0
Antimalware Client Version: 4.0.1526.0
Engine Version: 1.1.9402.0
Antivirus definition: 1.149.1718.0
Antispyware definition: 1.149.1718.0
(Note that there is a newer SE/AWC 4.2.223 downloadable, which, as far as I have seen has not been offered for automatic updates)
reports when trying to download with IE 8 from wxp sp3
'this download has been reported as unsafe'
1) clicked on 'report that this download is safe'
which redirects to 'https://feedback.smartscreen.microsoft.com/feedback.aspx'
where I selected 'I think this is a safe website'
will this help ?????????????
2) clicked on 'disregard and download unsafe (not recommended)'
after download, MSE popped up 'Security Essentials detected a potential threat and suspended it'
'Click Clean PC to remove this threat.
I clicked show details
Only option is to quarantaine
MSE shows 'your actions were applied successfully'
BUT in details :
Security Essentials encountered the following error: Error code 0x80070020. The process cannot access the file because it is being used by another process.
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
containerfile:\x\download on x\nirsoft.net\iepv130.zip
file:\x\download on x\nirsoft.net\iepv130.zip->iepv.exe
webfile:\x\download on x\nirsoft.net\iepv130.zip|http://www.nirsoft.net/utils/iepv.zip
click on details
Updated: Mar 12, 2013 | Published: Dec 18, 2007
Alert Level (?)
Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Released: May 11, 2013 Detection initially created:
Released: Oct 07, 2008
Note that between today 07:00 and 15:00 the definition file build version has gone from 1.149.1718.0
Now to the main MSE application to remove the file from quarantaine (history tab)
It is not there, the .zip file was downloaded in the selected place
Unzip, again an MSE popup
remove from quarantaine, again popup, etc etc until you exclude the file in this location or update an older version, in an already excluded location.
Signing off, good luck and thank you.