Jump to content
ATX Community

AV "protection" vent


Medlin Software, Dennis

Recommended Posts

Another case of wasted time.  A certain AV vendor's daily updates was marking one of my downloads as nefarious.  Of course, this is another "false positive', or "income generator" issue.  (False positives are a known issue, which no one addresses, as it makes the AV vendor multiples of income compared to actually being correct...).

To resolve the issue, I tried the "basics" (which show how bad the AV "security" really is, since all they are doing is making wild guesses).

Change the case of a few letters in the program code, more a few code blocks around, and so on.  No good.  I then individually tested each file, no problems.  Thus, the only problem is when compiled into a setup exe.  OK, I have seen this before... think.  So I tried something new, not using compression in the setup creation.  TA DA.  The AV vendor has forgotten how to unzip files, as the files not zipped are fine, but when zipped, are reported as nefarious.

So for today, my download has to be 4x as large as normal, because of an accidental or on purpose mistake bu a major AV vendor.

Anyone paying separately for AV is paying too much...

  • Like 3
Link to comment
Share on other sites

Just now, cbslee said:

Are referring to Avast ?

Not today, but all have had issues, and will continue to.  Any AV software which guesses (most call it heuristics, as few would pay for "guesses") will have false positives.

If I can figure out how easy it is to fool AV software, it is reasonable to believe those who spend their full time on the issue (the baddies) can easily fool AV software long enough to make their money.

While it falls mostly on deaf ears, relying on AV software is a fools gambit.  At least some experts in the field say using AV software is less safe, as it encourages users to be less vigilant about practicing safe hex.

  • Like 1
Link to comment
Share on other sites

1 minute ago, FDNY said:

So what is an innocent tax preparer to do?  Or anyone for that matter.

Obtain knowledge.

Once you understand the limitations of AV "protection", and the motivation of the paid AV providers, you will understand why so many installation processes include a suggestion to disable your AV software during the installation.

The only real protection is good backups, and making sure your fingers remain under control (safe hex).  No software can control your fingers, so no software can protect you 100%.

Paid AV offers no extra safety than free AV, and by paying for AV, we are perpetuating the "medicine show" business.  At least the old medicine show hawkers products (which did not kill you) would give you a buzz...  Personally, I say those who rely on AV products are at more risk, since they incorrectly believe their AV software allows them to not worry about what they click or open.

  • Like 2
  • Thanks 1
Link to comment
Share on other sites

1 hour ago, Abby Normal said:

The only problem I've had in 25 years of using Eset AV is it blocking successful downloads of QB installers. I know now to temporarily disable it whenever I have to download QB.

And that is acceptable?  What point is there using AV if you have to turn it off?

In your example, I doubt many would believe Intuit was spreading anything nefarious.  Unfortunately, not everyone is Intuit, and as every minute goes by, computer users become less expert or interested in understanding what happens "behind the hood".  If the AV company was doing what it is selling or saying, they would test against the big software (at least).  Which reminds me, there are AV companies who simply white list certain software, which really is no protection at all since at any time a wayward employee could insert something nefarious into a white listed program...

The only semi good thing to come down the pike in the last decade is the "virus total" system.  Anyone can very quickly test and desired program or wen site against 60+- current virus signatures from different vendors.  In THEORY, the AV vendors have access to the results, and can use the results to keep their offerings from having false positives.

In my case today, out of the 68 (IIRC) testing in virus total today, only the one is saying my offering is suspect.  1 hit out of all tested is 99.9999999% odds of a false positive (which in this case, it is a false positive).

The BIGGER deal is I did not have to change anything in my setup file, other than to not zip (compress) the files in the setup.  This shows how foolish it is to rely on the AV programs (and at least in my opinion, PAY for any such program) as such a simple thing can make something they "thought" was bad magically be good.

  • Like 1
Link to comment
Share on other sites

13 hours ago, Pacun said:

Why don't you use another zip application?  It seems that it is the combination of code and zip is causing the confusion.

I should not have to do ANYTHING different. The FACT that I can EASILY work around what the AV vendor says is nefarious, points out how useless this AV software really is. I am not spending all my time working around detection, which extrapolates to the pros (the baddies) having no issue beating AV software...

BTW, I tried 5 different compression methods, with many different compression sub sets of each.  This is something I have had to deal with since the birth of AV software selling WAG's (snake oil).

  • Like 1
Link to comment
Share on other sites

2 minutes ago, ILLMAS said:

Don’t these free AV program cause more damage, then a paid version?

The first improvement is a free version has not taken your money for nothing...

My personal definition of "damage" during AV issues is when an AV software removes or blocks a program the end user trusts (and in fact, may actually be good) without the end user having any practical way to stop this.  Most AV programs have settings to give a user a way to ignore the warnings, but the default settings - the ones most will use - do not make this clear. 

The result is messages like these: "Your software stopped working", "Your software disappeared", "Your software is dangerous", etc.  The first call is always to the software vendor harmed by the AV mistake.  Imagine if you are at deadline day any your AV program stopped ATX (or whatever you are using) from working!  it could happen.

We (computer users) have been conditioned to accept these mistakes (such as the earlier comment about knowing to disable the AV system when installing certain programs - which is a crock of you know what), but I say why accept bad guesses?

Not that I always favor the big guys, but think about this.  There is no company in the world who needs or has more financial incentive to protect your computer than Microsoft.  (Plainly, so you do not contact MS for support for any reason at all.)  Thus, it makes sense, and also is a reality, that the AV system provided by MS is an ideal one to use for live protection from stupid actions.  (I still maintain, as do others, that self control and diligence makes AV protection not needed.)  For cases where you have concerns, there are free online test tools you can use as a second opinion (virustotal is currently scanning with nearly 70 AV vendor's daily updates).

Yesterday, only one vendor of about 70 thought I was a baddie, and today, using the same file, I am magically good again.  I was also magically good yesterday by simply not compressing my files - this is the real lesson, how easy the AV guessers can be fooled!!!

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...