Why I had to stop using PureBasic

Everything else that doesn't fall into one of the other PB categories.
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Why I had to stop using PureBasic

Post by Bitblazer »

Update - the bitdefender support replied and got the sample again today plus more detailed infos. Lets hope things improve - on a sidenote, the food example in the database help also triggered bitdefender and it reacted quite excited :)

ps: kcc if you notice this, please feel free to add a mad man animation who is super alerted running in circles ;)
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Why I had to stop using PureBasic

Post by Dude »

blueznl wrote:Cyclaan and eGambit
They sound like stand-up, quality software. :lol:
IndigoFuzz

Re: Why I had to stop using PureBasic

Post by IndigoFuzz »

Just throwing a wild knife in the dark...

Do you get the same problem if you process the executable with UPX?
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Why I had to stop using PureBasic

Post by Dude »

IndigoFuzz wrote:Do you get the same problem if you process the executable with UPX?
Yes. Virus-scanners know about UPX (and other compressors) and decompress them before scanning.
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Why I had to stop using PureBasic

Post by Bitblazer »

Virusscanners try to access archives or packed executables and UPX is well known by now. A way to block them from access would be for example to use a password on an archive. They dont try dictionary attacks on archives yet ;)

Keep in mind that any UPX or archive compression happens after the compilation and an active virus scanner usually already erased your false positive executable before you are able to convert/disguise/archive/process it.

UPX compression => reading executable into memory - process its structure, compress elements - write out new binary stream including decompression header + compressed elements. For more info see :

https://de.wikipedia.org/wiki/UPX
https://en.wikipedia.org/wiki/Compariso ... le_formats
https://en.wikipedia.org/wiki/Portable_Executable

etc.

ps: that also makes selfwritten exe-compressors pointless, but we could probably use a replacement of the last stage of exe-creation to fool the antivirus software. But we aren't at that point yet, lets wait what happens.
ElementE
Enthusiast
Enthusiast
Posts: 139
Joined: Sun Feb 22, 2015 2:33 am

Re: Why I had to stop using PureBasic

Post by ElementE »

I just discovered this thread topic.

Earlier this year (2017) I downloaded the Purebasic installer to my work computer.
Symantec immediately tagged it as some sort of virus or malware and removed it.
Then I got an email from the IT department regarding my offense of downloading dangerous software.
So now I can't use Purebasic at work.

Can this problem between Purebasic and Symantec be resolved?
It would help Purebasic become a more popular programming language.
Think Unicode!
User avatar
Fig
Enthusiast
Enthusiast
Posts: 351
Joined: Thu Apr 30, 2009 5:23 pm
Location: Côtes d'Azur, France

Re: Why I had to stop using PureBasic

Post by Fig »

It would be easier to talk with your IT. Make them understand what is purebasic and why it's tag as a virus.
It guys are usually friendly nerds maybe they will add Pb to their exception list.

Long time ago i used Pb on a usb key. I dont' know if it still work neither if you can plug usb key at work....
There are 2 methods to program bugless.
But only the third works fine.

Win10, Pb x64 5.71 LTS
IdeasVacuum
Always Here
Always Here
Posts: 6425
Joined: Fri Oct 23, 2009 2:33 am
Location: Wales, UK
Contact:

Re: Why I had to stop using PureBasic

Post by IdeasVacuum »

Can this problem between Purebasic and Symantec be resolved?
It has been resolved before, but the poor quality control of almost all Anti-Virus software leads to false-positives springing-up again, for all sorts of applications, not only PB.

However, If you where working for me I would not be best pleased to hear that you had downloaded an executable independent of the IT department, who are there to run the company network and keep it as safe as possible.

What you should be doing is producing a (written) request for the IT guys to provide software that you need to do your work, with a brief on why your specific choices will be to the advantage of the company - given that all tech investment is ultimately governed by a budget. It's the IT department's responsibility to ensure safe installations.

This is not specifically a PB issue at all. No doubt the IT department have set Symantec up to prevent well-meaning Users from accidentally bringing the whole company network down by introducing a virus or opening a gateway to hackers.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Why I had to stop using PureBasic

Post by Bitblazer »

Thats probably the basic problem, the powerful ability to create anything including lowlevel system/network affecting software, makes PB potentially able to tear huge security holes into crucial company resources. Maybe its more realistic to tell the IT appartment what you try to achieve and ask them how they suggest you to do that.

Sadly their solution is unlikely to include the suggestion that you write a homebrew solutions with PB, but maybe they have a less potentially dangerous solution like a script language or maybe a mechanism to solve your problem with their own internally used company solution.

There is a tiny chance they see a huge use and you advance to the companies internal IT software development branch as CTO ;) ok its tiny but ...

Either way, work with them, not against them :)
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Why I had to stop using PureBasic

Post by Bitblazer »

My antivirus subscription was about to expire, so i had to look for a replacement. Checked the usual AV rankings and installed kaspersky internet suite - no problems with purebasic, messagerequesters or tiny executables. So far the false positive problem didnt show up with any of the tests i did and kaspersky just works. If a problems arises, i will post in this thread again, but i hope i dont have to :)

Looks like kaspersky is actually doing their job and they even have a 30 day trial time.
Last edited by Bitblazer on Tue Nov 14, 2017 10:21 am, edited 1 time in total.
davido
Addict
Addict
Posts: 1890
Joined: Fri Nov 09, 2012 11:04 pm
Location: Uttoxeter, UK

Re: Why I had to stop using PureBasic

Post by davido »

@Bitblazer,
I can concur.
Since installing Kaspersky, over 12 months ago, I've had no more issues with PureBasic.
DE AA EB
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Why I had to stop using PureBasic

Post by Bitblazer »

Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Why I had to stop using PureBasic

Post by Dude »

Bitblazer wrote:Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.
Here's a support email I got from a customer today, regarding BitDefender. :( Annoying as hell (the AV issue, not the customer).

Image
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Why I had to stop using PureBasic

Post by Dude »

Just noticed something important today... I created a blank exe with nothing in it. Here's the source:

Code: Select all

; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; DisableDebugger
VirusTotal reported 10/67 malware. :evil: An empty exe!

Then I changed the Compiler Options to make it compile as "Dynamic CPU" instead of "All CPU":

Code: Select all

; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; CPU = 1
; DisableDebugger
VirusTotal now reported only 3/67 malware! :shock: Can anyone else with false malware results try this test and report here how it went for you? Thanks.
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Why I had to stop using PureBasic

Post by skywalk »

Manual wrote:Cpu Optimisation (next to Executable format)
This setting allows to include Cpu optimised PB functions in your executable:
All CPU : The generic functions are included that run on all CPUs.
Dynamic CPU : The generic functions as well as any available CPU specific function are included. The function to execute is decided at runtime. This creates a bigger executable, but it will run as fast as possible on all CPUs.
All other options : Include only the functions for a specific CPU. The executable will not run on any Cpu that does not support this feature.

Note: No PB functions actually support this feature for now (it is ignored for them). However, some User Libraries include such optimisations.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Post Reply