Why I had to stop using PureBasic

[said]

I know a few people strongly opposed the notion of fixing something that is not broken. But PB is not Microsoft or any other big player therefore we have to play according to their rules. While it is possible to tell someone to uninstall completely or use a different AV it is a futile request. I don't expect someone to buy a new AV just because "my little utility written in PB" is quarantined. They'll just find another piece of software. In my case it would be nearly impossible to accommodate PB and request the corporation to change to another AV provider or get rid of it at all (which will not happen anytime soon since AVs usually come bundled with firewalls, networks threat prevention, safe web browsing etc). The answer would be simple, why are you using PB, just switch to something else that doesn't require any extra work. Sadly this doesn't help to promote PB outside bedroom and hobbyist coder scene.

TLDR;

If the mountain will not come to Muhammad, then Muhammad must go to the mountain. Therefore the best course of action in my opinion would be to try changing the binary code generated by PB compiler to something that will cause less false-positives by, perhaps, working together with AV developers such as Symantec.

Fully agree, hopefully Fred can find something that reverse this trend, it is just not normal that so many PB programs get flagged there must be something in those exe that upset those AV

We love PB and invested a lot of time in it, but by the end of day if it cant be used to sell/share programs then what's the point and we need to move into something else even if we have to restart from scratch What happened with marc_256 is really sad and the PB source code cannot be used anywhere else

To be honest, i am in the same boat as you and for the past 2 years i have been delaying this moment of truth, but seemingly things are not going to change any time soon ... so most likely i will have to walk away as well, probably others have already done it silently ?!

[Josh]

Has anybody experience how different AV react with other non-mainstream languages (like BlitzBasic or comparable)?

[mk-soft]

Same problem by Bitzbasic, Profan, XProfan, VB6, VB.Net, etc

[Olby]

Same problem by Bitzbasic, Profan, XProfan, VB6, VB.Net, etc

Never had problems with apps written in Delphi, VB6, VB.Net, C#, C++ etc. on my work computer. I haven't tried BlitzBasic tho.

[mk-soft]

Same problem by Bitzbasic, Profan, XProfan, VB6, VB.Net, etc

Never had problems with apps written in Delphi, VB6, VB.Net, C#, C++ etc. on my work computer. I haven't tried BlitzBasic tho.

Some people have problems with some virus scanner.

I have no problem with Avira-Professional or Windows X Pro Defender

[Bitblazer]

Symantecs product quality was a joke when i had a thorough look into it some years ago. afaik they did buy over some other company in between and basically replaced everything under the hood.

You really need to intergrate code signing into your business model (financially and technically) and i am not aware of code signing having a problem with PB. Find an affordable solution like Comodo's and the problem should be solved without having to abandon PB.

[Kukulkan]

I think it is not really a problem of the compiler/language used. It is the popularity of the software and also the handling by the developers/publishers.

We are commercially publishing several PB programs *) and yes, we have about two false alerts a year. So we report it to the AV vendor and it is solved in a week or two. You can see our false alerts listed on our wiki pages: http://wiki.regify.com/index.php?title= ... _positives

But we digitally sign most of the executables and the installer files. As mentioned before in this thread, it is not that expensive. Especially, if you compare this cost against the time and money you've spent in the past on development. We just paid 179,- EUR incl. VAT for a two year Comodo code signing certificate (German vendor: https://www.psw-group.de/code-signing/).

Yes, the AV thing is annoying and costs us time and sometimes even trustworthiness. But today, many users know about false alerts, too. They learn to handle it.

Kukulkan


*) Our products, mostly based on PB, are listed here: http://www.regify.com. Some of the executables I mention are the regify client programs (https://free.regify.com/phpDownloads.php). They are usable with the regify accounts that customers register. We release some of them for Windows, Linux and Mac and therefore, PB is great for us.

[Little John]

@Kukulkan:
I think what you wrote is a good summary of the current situation.

[Bisonte]

In my opinion, this scare tactic of virus scanners is another way to make money out of nothing. Who owns the parts these "register" companies? Manufacturer of virus scanner.
They urgently need sales arguments for their products. And with the second company their income will be increased.

[said]

@ Bitblazer, Kukulkan thanks for the info and the links, so by simply having code signing things can get that much better ... i think i have read something similar in these forums but never thought would be that critical

It certainly worth giving it a shot and see, that would be really great if that works out

In my opinion, this scare tactic of virus scanners is another way to make money out of nothing. Who owns the parts these "register" companies? Manufacturer of virus scanner.
They urgently need sales arguments for their products. And with the second company their income will be increased.

Ironic as it might look, i believe this sounds true, damn we are victims at both sides

[MarcNL]

Since Windows Vista, which introduced UAC and much stronger security, I permanently stopped using AV because they’re the real viruses. I never ever had any virus. Never.

Rule is of course that you use common sense and make use of the security options an OS provides you:

1) Keep UAC on. It helps you a lot. You must of course read what it says, before clicking Yes.
2) Work as a user, that is without the administrator role. This is also advisable for a developer, so you know what restrictions a user might have.
3) Obvious: keep away from illegal sources (....).

Nowadays, with threads becoming more and more advanced, AV aren’t of use anymore. Trusting your OS is a better choice.

Problem is of course: how to convince system administrators .... ;)

[MarcNL]

It’s true that some dumb AV software look at the size of an EXE, and assume that very small ones might be dangerous.

Maybe PB could add an option that PowerBasic has: “BLOAT”. It increases the exe size with dummy data.

[Fred]

Yes code signing makes a big difference, you should do it if you plan to sell your app (we are in the process to get a new cert as well for PB apps)

[Marc56us]

I never ever had any virus. Never.

Or you have one (sleeping) but you don't know you have one...

Maybe PB could add an option that PowerBasic has: “BLOAT”. It increases the exe size with dummy data.

Easy to do: IncludeBinay() with big image (used as splashscreen)
But this goes against the philosophy of PB (small fast exe)

we are in the process to get a new cert as well for PB apps

Good!

[MarcNL]

I never ever had any virus. Never.

Or you have one (sleeping) but you don't know you have one... :)

Maybe PB could add an option that PowerBasic has: “BLOAT”. It increases the exe size with dummy data.

Easy to do: IncludeBinay() with big image (used as splashscreen) 8)

we are in the process to get a new cert as well for PB apps

Good! 8)

I’m not that dumb ;). Of course I do a manual virus check once in a while, using different AV, but mostly Microsoft Defender. Seriously, a virus can only get in if you open the door. Since Vista you get enough help, if you let the OS help you. I remember that when Vista was introduced almost every PC magazine published tips to turn that “irritating” UAC off. They basically told you to unlock your door.