Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Bug Programming

Are AV False Positives Hurting You? 97

Posted by Cliff from the this-code-is-not-a-virus dept.
Gerald asks: "After the most recent Wireshark release a certain AV vendor's product started warning users that the installer contained adware. Since then, I've spent several hours verifying this isn't the case, trying to get the AV vendor to fix their stuff, and reassuring affected users that we do not ship adware with our product. Unfortunately, this isn't an isolated case. I've had to do this several times over the past few years, and each incident uses up time that could have been better spent elsewhere. It's even worse for other projects. If you produce software, have you ever suffered collateral damage from AV false positives?"
This discussion has been archived. No new comments can be posted.

Are AV False Positives Hurting You? More

Are AV False Positives Hurting You?

Comments Filter:

  • Nope, Running Linux... (Score:2, Informative)

    by DaGoodBoy ( 8080 )
    Had to say it... ;)

    D
    • I worked at a company that was shipping software on a CD also including 3rd-party demoware and free software. And AV programs would flag a component for >>>Linux Servers as having a windows virus. (It was the Linux version of an OODB, IIRC.)

      There was no virus. It was just a false positive.

      So no, Linux is not exempt from collateral damage. Potential customers may be needlessly scared away when the AV software scans your CD!

  • yup (Score:5, Informative)

    by TheSHAD0W ( 258774 ) on Monday February 12, 2007 @05:19PM (#17988274) Homepage
    I've had false positives from AV software before thanks to my use of NSIS [sf.net] as an installer. Apparently it's also a favorite of malware creators. I don't blame Nullsoft, but instead lazy AV makers who should know about NSIS by now and should test their signatures against it before publishing them.

    • Re: (Score:2, Informative)

      by _xeno_ ( 155264 )

      Yep - I've had an overzealous config of Norton delete every NSIS installer I had created. (Which was a number, used for installing various components of an in-house software system.) Specifically Norton had decided that every installer created by NSIS 2.17 was a virus, and someone had configured the file server where I had the installers to delete infected files (instead of just quarantining them).

      • Re: (Score:3, Funny)

        by qwijibo ( 101731 )
        Having files deleted is a minor inconvenience. Norton broke my arm when I plugged my USB drive in. Talk about a false positive hurting someone. =)

  • Yes and no. (Score:5, Interesting)

    by c0l0 ( 826165 ) on Monday February 12, 2007 @05:19PM (#17988280) Homepage
    The virus scanner installed at the secretary's machine at the company I worked for fell for a false positive in december last year (that glitch even received some coverage by meainstream media in Europe, as Trend Micro - or whatever, personally I don't know any anti virus software package good enough to tell them apart from each other ;) - identified some Windows-specific and viable system file as a malicious stub of bits), and our CTO immediately erased the installation.
    If I had come to work a few hours earlier, I probably would already have propagated the info about the false alarm I got from colleagues on irc, and we'd be running Windows XP on her box, still.

    This way though, it's running Ubuntu 6.10, and everyone's happy with that. So I find i hard to say that this false positive actually hurt us. Somehow, I'm glad it happened - another system that's easy to admin and use added to our network, one of the few giving me headaches removed. Win-win.

    • Re:Yes and no. (Score:4, Funny)

      by rvw ( 755107 ) on Monday February 12, 2007 @05:41PM (#17988588)

      This way though, it's running Ubuntu 6.10,
      ................
      Win-win.
      Please don't contradict yourself!

    • I don't know any anti virus software package good enough to tell them apart from each other

      AVG. It has won awards, including the VB100, which, from the VB100 site:

      In order to display the VB100 logo, an anti-virus product must have demonstrated in our tests that:

      * It detects all In the Wild viruses during both on-demand and on-access scanning.
      * It generates no false positives when scanning a set of clean files.

      The product must fulfil these critera in its default state.

      In addition, AVG is effic

      • Re: (Score:2)

        by Ksempac ( 934247 )
        I ve seen multiple tests (they are in French so no point in giving you a link) where the free version of AVG failed badly (not sure about the professional one). Its the poorest free AV. You should use Antivir or Avast.
      • I personally use the free version at home on 4 computers and have purchased the professional AVG for my Windows server *ducks* and I have no complaints about either. I've actually had AVG catch some old zip files and rars that had a virus in them that Norton missed since I switched.
    • If only every virus scanner would identify the malware that is Windows.

  • Moo (Score:1, Funny)

    by Anonymous Coward
    have you ever suffered collateral damage from AV false positives?"

    Just before, i had this totally awesome reply, but it was *falsely* identified by the Slashdot junk filter and i couldn't post it.

    • Re: (Score:1)

      by tepples ( 727027 )

      Just before, i had this totally awesome reply, but it was *falsely* identified by the Slashdot junk filter and i couldn't post it.
      If you're serious (that is, not just making a margin joke after Fermat [wikipedia.org]), then you're free to post the reply to your blog, summarize it to a paragraph that doesn't trip the lameness filter, and post the summary along with a link to your blog post.

  • Yes, with Avira AntiVir (Score:3, Insightful)

    by Lonewolf666 ( 259450 ) on Monday February 12, 2007 @05:27PM (#17988380)
    Avira AntiVir complains about one of our old DOS tools. Not a serious problem, as we don't release this particular executable, but annoying.
    Avira AntiVir also complains about some other files I'm pretty sure are harmless... maybe I need another scanner :-(
    • Avira AntiVir also reported a virus in my windows-based installer, and a couple of others reported it as suspicious. I reported it to Avira, and they came back fairly quickly with a confirmation that it was a false positive, and that it would be fixed in a future definition update (they didn't say when).

      I was using UPS to compress the executable header on an NSIS installer, which seemed to be a combination likely to freak out the "smart" detection of many scanners. Avoiding the use of UPX on the installer

  • Plan to give up on AV (Score:1, Interesting)

    by Anonymous Coward
    In general I plan to give up on AV in the near future because (for the most part) it doesn't work well enough ...

    My plan is to buy a system that is fast enough that everything (except for games) will be run on a virtual machine

    • Re: (Score:3, Interesting)

      by 99BottlesOfBeerInMyF ( 813746 )

      In general I plan to give up on AV in the near future because (for the most part) it doesn't work well enough ...

      I have ClamAV installed. It never comes up with false positives, or negatives, or really anything at all.

      My plan is to buy a system that is fast enough that everything (except for games) will be run on a virtual machine

      I run Windows and Linux in VMs right now, on top of OS X. Most of my applications are native OS X ones, but the VMs are plenty fast for InkScape and OpenOffice and XPDF unde

      • I have ClamAV installed. It never comes up with false positives, or negatives, or really anything at all.

        I can vouch for that. Then again, the same is true for the AV system from MS. It doesn't find jack either.

        Though I wouldn't call that a sign of high quality.

      • Also, right now you can install a dual boot setup for Windows gaming and use the same partition for your VM when you don't feel like or need to reboot.

        Of course, doing this actually violates the brain-dead Windows licensing, because it looks like different hardware to the license manager (or whatever they call it.) There is probably a way to fool it, but I have better things to do with my time, so I only run Windows under Vmware Server with a SUSE host O/S on my laptop.

        Maybe Microsoft will eventuall

    • what does that solve? Virusses run perfectly well on a VM too.

      • what does that solve? Virusses run perfectly well on a VM too.

        Viruses have a lot harder time of it when they have to re-infect your machine every time you quit and restart your Windows apps/VM. I use a VM for several Windows applications and they can read and write files to one directory shared with the rest of my OS. Aside from that, all changes are wiped every time I use those applications and it goes back to a known good copy. Occasionally, I'll boot the saved, known good copy and install the updates

  • Yes, this has been a problem for Nmap too (Score:5, Interesting)

    by fv ( 95460 ) * <fyodor@insecure.org> on Monday February 12, 2007 @05:34PM (#17988448) Homepage

    This has been enough of a problem for the Nmap Security Scanner [insecure.org] that we warn about McAfee specifically and suggest better alternatives on the Nmap Download Page [insecure.org] (See the Windows section). More details about the problems we've encountered are posted here [seclists.org]. I've spoken with McAfee executives at conferences and they say they want to fix the problem, but then it just gets lost in their bureaucracy. Sigh.

    Also, it is annoying when free software gets wrongly listed on spyware databases. For example, check out the "Spyware Encyclopedia" entry on Nmap [spywaredb.com], which says "NMap belongs to the Port Scanner spyware category. It's[SIC] presense[SIC] means that your computer is infected with malicious software and is insecure." WTF? Similarly, Nmap has an entry [ca.com] in the "CA Spyware Information Center". If they want to warn about Nmap because it can be used for network discovery, fine. But it shouldn't be called spyware, adware, or anything like that.

    -Fyodor
    Insecure.Org [insecure.org]

    • Re: (Score:2, Informative)

      by Twon ( 46168 )
      I'm pretty sure they hate netcat as well; I had to convince my IT guys to whitelist it after it kept getting quarantined/deleted from my machine. Apparently it's a "hacker tool." I wonder when they'll come for tcpip.sys...

  • No (Score:1, Funny)

    by Anonymous Coward
    It's the HIV false positives that are really bothering the hell out of me!

  • Danger Approaches (Score:5, Insightful)

    by 99BottlesOfBeerInMyF ( 813746 ) on Monday February 12, 2007 @05:38PM (#17988550)

    Right now, an antivirus company may list your software as adware because it matches some other software's behavior too closely or because your software was mistakenly classified as adware. Other malware detection systems may even start to classify your software incorrectly, taking their cue from their peer. So what can you do? You can write to the antivirus company(s) and ask them to fix their signatures. You can complain on forums and the like, especially informing your users that the antivirus is defective, hurting the reputation of that company and possibly driving users to better coded alternatives. This is far from ideal, but it could be worse.

    MS has included and antivirus solution (defender) with Windows Vista. Since it is bundled with Vista and everyone who buys a new computer will find Vista pre-installed and with it Defender and they will have already paid for it by the time they find out about it, Defender will almost certainly become the most widespread solution, possibly completely taking over the home market, regardless of how good it is (failed to be certified due to too many incorrect classifications). This means within the next few years, it may be only one company you have to go to to get the signature fixed. That's the good news. The bad news is that they won't have any reason to respond quickly and won't have any motivation to not have false positive and negatives since they get paid when Windows is purchased and even if users abandon it and buy something else, they don't lose any money.

    Now I'm not entirely opposed to MS providing a free anti-virus solution, but to comply with the law they have to bend over backwards to provide other companies the same access so as not to destroy the competitive market and create another situation like IE where the worst solution on the market is paid for and used by 80% of the populace and the state of technology advances only at a snail's pace.

    From what I've seen, MS has not done that, so you can look forward to more false positives in the future with less chance of those classifications ever being corrected.

    • Re: (Score:2)

      by cdrguru ( 88047 )
      The problem is rule #1. Spammers lie.

      This exists in the anti-malware world. All people distributing malware lie. Therefore, if your software is identified as malware and you say it isn't, you are lying. Neat, huh?

      If you have not experienced this yet, just try getting off some anti-malware program's list. Try. Then try several more times. Go have a few drinks. Come back tomorrow and realize it is fruitless. Be prepared to answer a lot of phone calls and email saying "But it says it is spyware!!!"

      Onc

      • If you have not experienced this yet, just try getting off some anti-malware program's list. Try. Then try several more times. Go have a few drinks. Come back tomorrow and realize it is fruitless. Be prepared to answer a lot of phone calls and email saying "But it says it is spyware!!!"

        Right, so your main tool for solving this is the court of public opinion. People can and do currently choose antivirus software from quite a few different options. Thus, even if they are not 100% convinced that their antiv

    • MS has included and antivirus solution (defender) with Windows Vista. Since it is bundled with Vista and everyone who buys a new computer will find Vista pre-installed and with it Defender and they will have already paid for it by the time they find out about it, Defender will almost certainly become the most widespread solution, possibly completely taking over the home market, regardless of how good it is (failed to be certified due to too many incorrect classifications). This means within the next few years, it may be only one company you have to go to to get the signature fixed. That's the good news. The bad news is that they won't have any reason to respond quickly and won't have any motivation to not have false positive and negatives since they get paid when Windows is purchased and even if users abandon it and buy something else, they don't lose any money.

      No they haven't. Windows Defender is Anti-Spyware ONLY. It will not find viruses. OneCare will, but OneCare is NOT free, and NOT bundled.

  • No, but the potential is there! (Score:5, Funny)

    by LibertineR ( 591918 ) on Monday February 12, 2007 @05:39PM (#17988558)
    If you have ever been privileged to hear the high-pitched squeal from Kaspersky Internet Security when it encounters a virus and been knocked out of your Aeron into mid-air, you know your life has just been shortened.

    I know they want to get your attention, but DAMN that noise is obnoxious!

  • We've had multiple clients configure their database servers to virus scan all file changes. If you're ever looking for a way to tank your database performance, try this one.

  • Is lack of adequate testing hurting you? (Score:1, Interesting)

    by Anonymous Coward
    Subject line is what the article should have been called. Can't you do some pre-release testing in a few likely scenarios, such as that your program might be getting installed on systems equipped with various AV products? Then you have the chance to spot and fix problems, either on your side or working with the AV vendor BEFORE you let your repuation get ruined.

    • Re: (Score:2, Interesting)

      by Gerald ( 9696 )
      Samir: Hmm... well why don't you just go by Mike instead of Michael?
      Michael Bolton: No way. Why should I change? He's the one who sucks.

      More seriously, false positives are usually due to a definition file that comes out well _after_ the software has been released. Testing beforehand won't accomplish anything at the expense of paying N dollars per year to multiple antivirus vendors.

      In this particular case, it looks like WinPcap is being flagged. It came out on Jan 29th, and we started getting reports about
  • 'am working on a Web project fixing glitches in one of the crappiest Webapps I've ever seen. A obscure PHP Framework (SmartMVC) so crappy it's unbelievable.
    Aparently the guy who built it told the customer that 'it's a CMS' - which is total BS. It happend today. This proves once again that technical stuff that's so close to the enduser and yet so obscure as software and anything IT have that problem of 'opinion monopoly' or 'short-term opinion overhand'.
    People think Windows is a good OS - which it isn't - an

  • One drove me crazy... (Score:1, Interesting)

    by Anonymous Coward
    I used to use an mIRC script religiously... McAfee labelled it as a Trojan, and wouldn't let you run it, PERIOD, no way to get around it, no way to whitelist it, NOTHING. Had to go pay for something else over McAfee's inability to compromise.

    Of note, if you attempt to contact McAfee, they won't re-test individual software. I was screwed out of my money.

    • Re: (Score:1)

      by Magada ( 741361 )
      You paid to get a mIRC script. Wish I had mod points so I could push this up to +5 hilarious. Then again, maybe not. mIRC is so bad in terms of UI and so full of holes it's not even funny.

  • Not a false positive, but AV winds up costing $$. (Score:3, Interesting)

    by Vellmont ( 569020 ) on Monday February 12, 2007 @06:28PM (#17989240) Homepage
    I do IT consulting for small businesses, and I can tell you that bad AV software has cost the companies I work for thousands of dollars in lost productivity, and in troubleshooting costs.

    One particular product that got installed by another consultant was BitDefender. It caused at least 3 distinct un-related problems at two different sights that I fixed by choosing a different AV product. I don't blame the other consultant, since it's difficult to know which AV software is going to break something. I DO blame the AV vendors for producing buggy software that winds up costing companies a lot of money.
    • I couldn't agree more. I tell my family that I won't deal with their computer questions if they have anything from Norton or McAffee installed on their machines. It's a shame. Back in the DOS days, they were both really good. Now I consider both of those programs malware. (I use Avira AntiVir in my business, and I've been pretty happy with it.)

  • Here [blogspot.com] is an example from someone's blog about the ridiculous lengths people have to go to in order to work around their own AV software. As another example, my mother's Windows machine refuses to run Firefox, and it seems to be because of an AV issue.

    The whole thing is nuts. AV software is a total scam. It's inaccurate, it costs money, it uses resources, and it stops people from getting their work done. Many home users also don't seem to keep their definitions up to date, which is like using a condom that

    • One of my wife's friends from work was having a horrible time with her system. The lady's son gave her his old system for Christmas, complete with the contents of her old, non-functioning system's hard drive. Perfect, right?

      Well, he also wanted to make sure his mom had bells and whistles, and was protected. So he installed some additional software including a copy of the AV software he used. He even made a nice bootable restore CD set with all the installed software ready to go. He then went out of state ba

  • I'll never forget... (Score:4, Insightful)

    by spywhere ( 824072 ) on Monday February 12, 2007 @06:55PM (#17989562)
    On or about October 16, 2004, while I was driving home, the Help Desk where I was alpha geek received a virus report. The senior tech had to delete a bunch of files, including Excel.exe, before the machine would stop reporting infections. By the time she finished, it barely ran (and was later re-imaged).
    I went in early the next day, and more reports started trickling in right away. I went to one of the first computers, and found that McAfee was reporting Excel.exe and other key files were infected even on the CD. By the time I got back to the desk, they were swamped with calls. As yet, there was no information on the McAfee site about the new virus.

    I went into a room with the CIO and other execs, where they started making plans to shut down the WAN and unplug the local switches... and I spoke up: "I don't think this is a virus."
    They looked at me like I was crazy, and shooed me out of the room.
    I refreshed the page on the McAfee site, and they had just posted information about a "false positive caused by new definitions combined with the outdated, no-longer-supported engine version 4.xxx." I printed that page, and burst back into the emergency meeting. The planning changed to updating the McAfee clients in bulk and fixing the PCs.

    Later that evening, after a grueling day of remote Office reinstallations, the CIO came to me and said, "Do you have any idea what a huge disaster this would have been if you hadn't figured this out?"
    I calmly replied, "You're not paying me to fail."

    A few months later, I got a $500 bonus (less taxes) in my check.

    • Re:I'll never forget... (Score:4, Insightful)

      by /dev/trash ( 182850 ) on Monday February 12, 2007 @09:55PM (#17991680) Homepage Journal
      500 bucks? A lousy 500 bucks?
      • 500 bucks? A lousy 500 bucks?

        Yeah. I must have saved them tens of thousands of dollars...
        However, I lived to tell the story on Slashdot, so I guess I won in the end!
    • I calmly replied, "You're not paying me to fail."

      A few months later, I got a $500 bonus (less taxes) in my check.

      While I don't believe in bonuses for doing one's ordinary jobs, I believe in exceptional circumstances, bonuses should be commensurate with the associated level of appreciation. It sounds like it barely covered the extra hours you put in, seeing that you were first notified on the way home.

      I think a few times your amount would be a nice gesture, especially considering a few hours wasted for
    • Gee, you must've been in the biz for ages. The last time I heard the phrase "alpha geek" was like a decade ago.

      And you can rest assured that your boss got a bonus of at least 5k, mostly for not interfering with your work. Welcome to the corporate world.
  • I installed Antivir on my mother's computer because I didn't see the point in installing a costly antivirus product when she is only online occasionally. I should have known better. My company uses NetworkStreaming's remote helpdesk server and at one point I wanted to help her with a small thing and had her download the client app - which rendered her computer completely unusable until she finally allowed Antivir, which claimed it was a malware program designed to spy on her, to quarantine the file. We boug
  • If you are looking for a good, freely available antivirus application for Windows, check out Avaste [avast.com]. I have been using Avast for almost two years without a false positive and it has a much smaller memory foot-print than McAfee or Symantec. By far, it is the best antivirus application I have ever seen. Plus, it is free for home use and does not install any kind of ad or spyware. It is honest to god free.
    • I was wondering when someone was going to mention avast. I switched to it from AVG for FOUR reasons:
      1: Virus got past AVG and stopped it detecting any more viruses. Was a PITA to disinfect.
      2: AVG Free's annoying inability to disinfect a file when it first detects the infection, forcing you to run the main program.
      3: A false positive in Multimedia Fusion created programs (and another AVG false positive was reported on the MMF forums two years after I stopped using AVG)
      4: No free 64-bit Windows support

      Since i
    • I've used Avast for a lot longer than two years. More like since 1999 when Norton finally crossed the line and I spent eight plus hours removing it line by line from my registry. AVAST has never had and infection. Never had a false positive. Never had an issue period. It plays well with just about all open source and I've experimented a lot. No problem with WireShark, SysInternals etc. It also uninstalls and installs cleanly and doesn't junk up the registry. I recommend it constantly. It is light we
  • I suppose that pskill (a tool from Systernals that kills processes, like PS in *nix) can be used by malware authors, so it might deserve a warning flag. However, the stupid whitelist doesn't work properly, so AVG bugs me about it daily. Annoying. Fortunately, it's pretty rare that I use that tool these days.
  • ... As several times over the last couple of years we've had AntiVir flag the odd .DLL as being infected. The upshot is that every time we've had this issue, we've e-mailed them and they've fixed their def files within a day or two. But the downside is that we spend the next week to 10 days telling customers that anything that AntiVir finds in our products is a false alarm.
  • I've run into this kind of thing. Norton Antivirus doesn't like Google Spreadsheets, and when I try to open one it gets picked it up as a "virus threat". Not a virus; a virus threat. Of course, this means I can't balance my checkbook in the office over lunch or using any other computer running Norton. I'm glad I use a Mac at home. (Valiantly attempts to stifle Mac smugness..)
  • "have you ever suffered collateral damage from AV false positives?"

    Yes indeed - two of my freeware apps have been mis-diagnosed as trojan-bearers in the past. I contacted the AV vendors (who demanded the usual proof, mother's maiden name, left nut) and they eventually sorted the problem out. In the meantime I had to deal with angry emails from users accusing me of corrupting their machines, raping their bank accounts and stealing their wives. Or something along those lines ... I didn't read all the threa
  • My "anti-virus" package warned me about that nasty virus-laden installer for Adobe Acrobat Reader 8, which I had downloaded - or tried to - to fix a vulnerability. There was another security patch for which I had to disable the scanner in order to download. This was in about the same time period. (I'm sorry, I've forgotten which product or patch.)

    On the other hand, one of my email providers was running a virus scanner that seemed to let almost through. (It's been fixed.)

    At least with the fail-safe scann

  • I've gotten repeated false positives from Avast! on the 1.0.74 updater for Arcanum. I've reported it, but I don't think it's fixed.

    This is one of the reasons I'm dropping Windows as a host platform for gaming.
  • I had a nightmare experience with Norton. I had an incoming message in Thunderbird that it felt was infected (I never got the chance to confirm/deny). The end result was my Inbox of 2500+ messages being hijacked by Norton. Since Thunderbird was running, my poor laptop started thrashing during the quarantine procedure. After fighting with Norton for hours, I could not recover my Inbox. It was the corporate edition, which, when configured properly (?) prevents the end user from turning it off! Thankfull

    • Same thing happened to me with Norton and Thunderbird. Some spam is always getting through the filters, and most of the time it's annoying but not debilitating. But one day Norton freaked out over one spam email and quarantined my entire inbox. Nothing I was allowed to do would release the inbox. Norton also sent out an email to the sys admin, who came running about a minute later, just as I was about to fire up Knoppix to deal with the prob, as I hadn't been given admin access on my own box. (They bel

      • To protect yourself from losing the entire inbox I'd recommend turning on the option under options -> privacy -> anti-virus to allow individual messages to be quarantined by the anti virus program. That way one positive hit (false or not) won't make the entire inbox get deleted.
  • On a project I was doing between 2 and 5 years ago, while still using the corporate install of MacAfee (sp?) AV, the curst thing ALWAYS flagged TAR archives as virus-laden. Now, these were built on and for a Solaris system (and combined with documents generated on Windows, for those inclined to wonder how Solaris comes into this), and usually contained NO binary executables, just Perl scripts and text data files. Customer "support" was nonexistent.

    I've since had other problems with Norton AV, which bogs my
  • False positives are an issue. Sure, AV manufacturers test against standard programs (though I can remember a case well where a rather big one identified MS-Excel (rightfully, if you ask me) as malware and deleted it without even asking), but you simply can't cover every single benign program there is out there somewhere.

    Heuristics are another source of headaches, espeically for programs that share a few properties with malware (like runtime packers or trying to gain access to low level parts of the system,
  • F-Secure at my company has been a royal pain. It's one of those that has to keep in sync with a central database within the company, and we've got processing servers that just can't seem to go an hour without getting 50 alerts that the local F-Secure can't connect to the central database.

    But the worst problem is that, from time to time, the AV running on one of the processing servers, or even on one of our workstations, will just decide, apparently at random, that one of our in-house DLLs or EXEs must be da
  • I've had problems with antivirus at work, but not with false positives. The problems the AV gave me were correctly identifying hacking tools as such, and then treating them as viruses (erasing them).

    The situation would be pretty awful in normal circumstances, and in my case (network administrator) it would be so intolerable that the RTAV would have to be disabled (at least for me).

    I wouldn't be suprised that wiseshark (AKA ethereal) would fall in that category, although it never happened with ethereal (in m
    • I've yet to find a virus scanner that doesn't detect VNC as a remote access trojan. Yes, I know it allows people who know the password and are on the LAN to access my computer remotely. That's why I installed it.
  • We've had several antivirus apps detect my project (Multi Theft Auto) as a virus.. alot of heuristic based detectors are set off by our mod. DLL Injection, Hooking, and memory patching are all things that a lot of virus authors use. In our case, generally an email will get a response (even Symantec updated theirs when we were getting a false positive from their AV software) Kent
  • I was working on cell phone games, and some of the older J2ME titles had their image data - several PNG files - concatenated into a single data block, to be unpacked later using index information in a different file.

    One day, the publisher calls in a panic, because their AV scan keeps reporting our games as being infected with a virus. We tried assuring them otherwise; we'd had trouble fitting the games in the limited download package, so we'd certainly know if there was something we didn't want or need in t

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close