Текущее время: 28 мар 2024, 14:22

Правила форума


Посмотреть правила форума



Ответить на тему  [ 1 сообщение ] 
Unfair behavior of anti-virus programs. 
Автор Сообщение
Лейтенант

Зарегистрирован: 12 янв 2012, 05:22
Сообщений: 2268
Откуда: МВО
Сообщение Unfair behavior of anti-virus programs.
During the preparation (testing) of our new service complaints began to come about the presence of threats (infections) of some of our software - I was very surprised.
Spent a little research. I will not torment you with the details, we will go straight to the problem:
As it turned out, the creators of anti-virus programs have not bothered recently with detailed research, or behavioral analysis, or various heuristics, but they have acted much easier: any file that has Packer/Protector/Cryptor traces of work is automatically declared a virus carrier. :shock:

Check it out is very simple!
You can take absolutely ANY program and check it (making sure that it does not have any extraneous “attachments.” Pack it. Then check again - the file will be “infected”!
The saddest thing is that the creators of anti-virus software actively collaborate with each other and exchange databases. When you check the same packed file again after some time (for example, after a week), you will be surprised to learn that the signs of “infection” in it are no longer detected by 2-5 anti-viruses, but already 10-20! And this despite the fact that the file has not changed!
Then it becomes very sad: according to various indirect signs, an “unpacked” version of your program is also declared “infected”!

You can see for yourself by taking the classic packer as an example.
upx

pack any program with them and check Before and AFTER packaging.
Personally, I have tested a lot of different packers in this way - they all give a similar result (differing only in the list and the number of imaginary threats detected).
In fairness, it should be noted that Kaspersky VirusDesk and Dr.Web distinguished themselves by the most appropriate behavior (do not consider it for advertising).

It may seem that these are trifles. But this is not so - the problem is very serious! You cannot explain to everyone that "not a camel." In addition, as I wrote above, even a refusal from packers no longer gives a guarantee if you are "lit up" in the databases.

There is no solution yet. :(
Please keep this in mind for everyone who is working on mods in one way or another.

_________________
Изображение

Приумножая познания, приумножаешь и скорбь.....(с)


13 авг 2019, 20:05
Профиль ICQ
Показать сообщения за:  Сортировать по:  
Ответить на тему   [ 1 сообщение ] 

Кто сейчас на форуме

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 2


Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Перейти:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.
Русская поддержка phpBB