It is currently Tue Oct 24, 2017 1:34 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 91 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7  Next
Author Message
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 11:44 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jul 29, 2012 10:33 pm
Posts: 706
Location: United States
Dude wrote:
That's my point: the signed exe can "look" safe, but in reality it may not be. :(

I think your missing the point of signed executables, though. They aren't meant as a way to say the executable is 100% safe to use. They inform you that the executable hasn't been altered from when it was originally signed.
This way you could tell if an executable was altered when it was sitting on a server waiting to be downloaded by the end user.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 20, 2017 9:03 am 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 986
Samuel wrote:
[Certs] inform you that the executable hasn't been altered from when it was originally signed

So why can't the publishers just stick an SHA256 checksum on their download page that we can use to do the same thing, instead of forcing developers to pay for certs that so obviously are unreliable?


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 20, 2017 9:52 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat Feb 13, 2010 3:45 pm
Posts: 573
Dude wrote:
... to pay for certs that so obviously are unreliable?

Certificates are not unreliable. Please read the involved postings and links here again and try to understand.

_________________
sorry for my bad english


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 20, 2017 10:19 am 
Offline
User
User

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 17
Dude wrote:
Samuel wrote:
[Certs] inform you that the executable hasn't been altered from when it was originally signed

So why can't the publishers just stick an SHA256 checksum on their download page that we can use to do the same thing, instead of forcing developers to pay for certs that so obviously are unreliable?


Websites are vulnerable in a lot of different ways - manipulation of that SHA256 checksum on a download page would be a lot easier than manipulating a cert signature. The chain of trust would be a lot weaker as some bored kid manipulates a router firmware, an amazon webcache, an ISP's routing protocol or half a dozen other things just to manipulate that "SHA256 checksum" you "see on a webpage" and any of that ends up with the customer seeing a SHA256 checksum of a download which includes a trojan.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 26, 2017 9:05 pm 
Offline
New User
New User

Joined: Mon Jul 17, 2017 7:22 am
Posts: 4
I have had an issue with site Purebasic.fr and Symantec when the 5.61 update was available. Norton came up and said that the PureBasic site didn't have a Valid Digital Signature. However it did say the file was good and had a favourable rating, two bars from five. I haven't as yet downloaded the update as I've only recently installed 5.60.
One one PC I have Symantec, FireFox and also the Epic browser. On another PC I have McAfee and use again Firefox and Epic. With Symantec and Firefox I get warnings rarely. With Symantec and Epic I have never had a warning. Also, with McAfee, Epic and McAfee never any warnings. If I attempt to go to the site PureArea.net then Firefox and Symantec expressly warn against opening it. But it is not the case with Epic and Symantec. Also, Firefox or Epic and McAfee result in no warnings. However, due to Symantec and Firefox expressly stating do not open this site under any conditions I have declined to open it on any PC. Which is a pity as there appears to be some useful information there. Whilst ever Symantec and Firefox don't like it I'll stay away from Purearea.net. I certainly wouldn't download anything from purearea.net.
From my experience Firefox and Symantec produce the odd security errors with some parts of the main PureBasic site but hey ho, not to worry. They only require me to click to open or move to another page/screen, which I don't consider a serious issue. I have downloaded the odd thing from Purebasic without an issue to date.
(As an aside, before I settled on PureBasic I looked at PowerBasic......now that is a site with issues. The antivirus didn't flag them until I downloaded anything, even a zip file, it was a total nightmare. In the end I had to remove every single file associated with PowerBasic just to be sure. It seemed that so many bad zip files were uploaded onto that site)

Do have to say that having installed PureB etc Symantec hasn't thrown any issues and everything passes the daily and extra scans I run. The odd .EXE I have created and tested on a couple of different PCs without error, plus they run Ok on the Symantec/Firefox PC. (I do suspect that Epic isn't as strong and up to date on antivirus as Symantec. It does the prevention of data collection and prevents adblocking without you needing to adjust very much at all though but no idea what is being collected by Epic!!)

Regards, C87


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 27, 2017 11:22 am 
Offline
User
User

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 17
I got the official confirmation from bitdefender, that i should sign all "those" (unknown) executables or if that doesnt work, include each of them into the exclusion list (yes, each of them - i havent found a way to include a whole folder and obviously bitdefender needs them excluded for atd AND the AV module seperately. At least the AV module can add a folder ...)

ps: atd = advanced threat defence (also known as random deletion and blocking of tools which simply create form masks ... totally clever and "advanced"


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 27, 2017 11:16 pm 
Online
Addict
Addict
User avatar

Joined: Mon Oct 26, 2015 2:55 am
Posts: 856
Location: Ukraine
Dude wrote:
So why can't the publishers just stick an SHA256 checksum on their download page that we can use to do the same thing, instead of forcing developers to pay for certs that so obviously are unreliable?


Just because certificates are another way to make money from air. Or rather, from hashes and bytes ^^
Microsoft has whole huge infrastructure for this and earns a lot forcing developers to sign their products, which else surely would be made differently and most likely for free (or with very low costs) with same results on practice.

.. and because nowadays most users are stupid enough to need developers which forcibly taking care about their safety&privacy. Generally nothing new, this "hypercare" is really global trend which already fully covered mobiles and almost totally covered web (with that google & it's Chrome).
// btw some "useless philosophizing": that all nicely corresponds to most humans nature, like "let my chieftains control me and take care about, don't want to think once more about what I'm doing"

_________________
Enchanted Dreams

Copyleft notify: all the source code created by me and posted on Purebasic official forums is free to use and modification in all possible (and several impossible) ways for anyone, without asking my permission


Last edited by Lunasole on Wed Sep 27, 2017 11:22 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 27, 2017 11:22 pm 
Offline
PureBasic Team
PureBasic Team
User avatar

Joined: Fri Apr 25, 2003 6:14 pm
Posts: 1384
Location: Germany (Saxony, Deutscheinsiedel)
@C87: As the owner of PureArea.net I would like to comment your posting:

While I never had any issues with anti-virus software and PureBasic / PB-compiled executables yet (I'm using AntiVir on Win10) I got a notice from openbugbounty.org regarding PureArea.net -but I can't believe, that anything on this virus notifications is true!? :?

It's a shame, that I don't have the time to regularly update the PureArea.net contents. But on the other this is the reason, that didn't change anything on the download content for around 2 years now, and only made some smaller changes/additions at the html content of the webpage.
So I can't imagine, how a real virus should have found it's way into the PureArea.net content... :cry:

Can anyone confirm, if there is a real virus problem with the PureArea.net content?
(I hope, better I'm sure, not....)

_________________
Bye,
...André
(PureBasicTeam::Docs & Support - PureArea.net | Order:: PureBasic | PureVisionXP)


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Sep 27, 2017 11:52 pm 
Online
Addict
Addict
User avatar

Joined: Tue Mar 21, 2006 12:31 am
Posts: 1770
Location: Canada
Hi Andre.

Windows Defender flagged upon download attempt of CodeArchiv_v4-Beta.zip package. Force downloading, the following files that are flagged are all the PB compiled executables.

Trojan: Win32/Dynamer!Ac (Severe)
DeskSwitch.exe
browser_broker.exe


... as we know, PB compiled executables just isn't liked by different AVs.

I know you are trusted in the community, and I know your site is clean. However I've been around long enough to know better, but others joining our community and trying to download stuff off of your site might actually think someone is out to get them. :lol:


Edited...: Just quick test on that package on VirusTotal and you can see different ones having issues with it.. https://www.virustotal.com/#/file/ed7d2 ... /detection

_________________
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Fri Sep 29, 2017 7:57 am 
Offline
New User
New User

Joined: Mon Jul 17, 2017 7:22 am
Posts: 4
Hello Andre,
I don't think that you have any virus affected files on your site. It seems to be the combination of the Mozilla FireFox browser and Symantec that causes the error. If I use another browser, Epic I do not get the error. If I use Firefox and McAfee I do not get the error. I am unaware how Symantec arrive at the conclusion they do, however as soon as I try to open purearea.net, a popup screen shows with the following text.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dangerous Website Blocked
You attempted to access:
http://www.purearea.net
This is a known dangerous website. It is recommended that you do NOT visit this site. The detailed report explains the security risks on this site.
For your protection, this web page has been blocked. Visit Symantec to learn more about phishing and internet security.

Exit this site

[visit this web page anyway.]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Looking at the detailed report from the above gives the following information:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Norton Rating
Safeweb Share
Norton Safe Web has analyzed purearea.net for safety and security problems. Below is a sample of the threats that were found.
Summary
Computer Threats: 11
Identity Threats: 0
Annoyance factors: 0
Total threats on this site: 11
The Norton rating is a result of Symantec's automated analysis system. Learn more.
The opinions of our users are reflected separately in the community rating on the right.

Community Reviews (0)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beyond the above I cannot be of further help as to the cause but I haven't had an issue when I've been on the site with another browser & McAfee. I haven't as yet opened the site from the [visit this site anyway] button when using Firefox & Symantec

Regards, C87


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Fri Sep 29, 2017 8:17 am 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 986
Symantec wrote:
Dangerous Website Blocked
You attempted to access:
http://www.purearea.net
This is a known dangerous website.

Symantec are pathetic! For some balance, VirusTotal says that 0/64 scanners found NO malware on PureArea.net:

https://www.virustotal.com/#/url/813a06 ... /detection

Image


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Oct 11, 2017 9:31 am 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Dec 18, 2004 11:56 am
Posts: 430
Location: Vienna - Austria
Dude wrote:
As for PureBasic, I note with interest that 5.61 results in LESS false-positives with VirusTotal than 5.60! :shock: :D

An exe I made with 5.60 a couple of months ago (40/65 "malware"): https://i.imgur.com/JsHZOe2.png
The same exe compiled with 5.61 today (just 13/64 "malware" now): https://i.imgur.com/6BjdcQi.png

So that's looking good! I recommend everyone upgrade to 5.61 if they haven't, to see if that helps.

[Edit] I also tried embedding a large random binary of 10 MB to my exe, but VirusTotal still said 13/64 "malware", so size didn't help.


Some time ago I started a new thread (http://www.purebasic.fr/english/viewtopic.php?f=7&t=54315) to address this actual issue but, sad but true, the thread was hi-jacked by unnecessary dic*-size comparison discussions. My opinions is, and my gutfeeling is relatively strong on this, that Purebasic has been used by some malware authors and because of the fact that PB-PEs are pretty rare compared to other compilers the AV industry was fine with a imho very generous signature.

However, @Dude, I'm close to one of the AVs that detected the first executable you mentioned in your post. Can you drop me the according EXE in a ZIP with password "infected" or drop a download link and I fetch it? Please, also include the source code. I can then hand it over to my friend/colleague there and he should be able to tell me what the triggers are on that specific sample.

_________________
Go, tell it on the mountains.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Oct 11, 2017 6:55 pm 
Offline
Addict
Addict

Joined: Sat Oct 17, 2009 10:51 pm
Posts: 1240
Location: Nashville
Didelphodon wrote:
Dude wrote:
As for PureBasic, I note with interest that 5.61 results in LESS false-positives with VirusTotal than 5.60! :shock: :D


I tested PureB the other day with the latest version. Only flagged 3 AV programs. Retesting now... Now only two. Same exact file, simply the canvas example compiled and tested.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Oct 11, 2017 10:57 pm 
Offline
Always Here
Always Here

Joined: Fri Oct 23, 2009 2:33 am
Posts: 5672
Location: Wales, UK
Quote:
I have had an issue with site Purebasic.fr and Symantec when the 5.61 update was available. Norton came up and said that the PureBasic site didn't have a Valid Digital Signature.


I think at least part of that issue is that the only secure page on the PB website is the one where existing Users sign-in to access downloads. Fred can change that, https for the whole site.

_________________
IdeasVacuum
If it sounds simple, you have not grasped the complexity.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Thu Oct 12, 2017 12:26 am 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 986
Didelphodon wrote:
@Dude, I'm close to one of the AVs that detected the first executable you mentioned in your post. Can you drop me the according EXE in a ZIP with password "infected" or drop a download link and I fetch it? Please, also include the source code.

Thanks for the offer, but I can't do that (sorry) as the app was a paid product. I've been advised by a software publishing website that in their experience, system info tools always gets flagged as malware by AV companies, due to querying the specifics of the PC. Oh well. Doesn't matter.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 91 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye