Why I had to stop using PureBasic

[Fred]

Antivirus are like plague now, they are way more intrusive while the theats concerning .exe are less and less common

[Dude]

Fred, did you see my questions here:

http://www.purebasic.fr/english/viewtop ... 43#p511843

I really think this may help, as it doesn't make "bad" API keywords visible, nor does it use the same manifest tokens for all exes.

Or if someone else knows how to change the manifest file in a PureBasic exe?

[drgolf]

It is possible to use microsoft desktop bridge to distribute your windows apps.
And the apps are securized and signed and certified.

I have used with lazarus and delphi apps.

And soon with purebasic.
The fee is minimal for windows app store.

Sorry for bad english, i am french...

[IdeasVacuum]

Dude said:

My thoughts: looking at a PureBasic exe, at the end of the file is a whole bunch of plain-text and dangerous-looking API definitions, such as "DeleteFile" and "TerminateProcess", etc. Maybe the AV sees these and that's enough to trigger the false positive? So, FRED, can you perhaps encrypt those (like you already do for our custom strings) so they're not stored as plain text in the exe anymore, and thus not so obvious to the AV software?

I also noticed the exe has a manifest file embedded into it. Mine has a "publicKeyToken" of "6595b64144ccf1df" and "name" of "CompanyName.ProductName.YourApp" in there. Are these details the same for everyone else? If so, that could be triggering AV false positives too, because once an infected PureBasic exe is released with those details, then EVERYONE'S PureBasic exe will trigger it. So we need to be able to specify our own manifest details. Again, Fred, can that be made possible?

Fred - We need your reply concerning these specific things Dude has listed.

If you are making a commercial program, then you absolutely have to sign it, plus the installer, and the uninstaller and any dependant libs (DLLs). Use Inno to build your installer, it makes signing very easy.

For your environment at work Olby, signing is relatively cheap and certainly easy.

Concerning Symantec at your company Olby - who is responsible for the management of your network? They should be doing something about Symantec, at the very least writing to them (to management or the CEO Greg Clark, not the monkeys in Tech Support). There are many other measures that IT can apply. For example it is normal in the UK to make it difficult for Users to install any software - that's IT's job. Now, white lists for apps can be important too and again in a company environment they can automate this when they distribute apps and updates. Ironically, you could probably define an excellent app network distributor with PB.

For my customers (C/C++ and PB applications) I have a black list: Symantec (Norton) and McAfee, both AV's cause CAD-CAM to crash/slow down and I suspect that could be an issue with any "large" app that consists of several exe files and dozens of libs. My current advice to customers is to stick with MS Security Essentials, which is way better than before, on Win7. Win10 has fairly competent defences, installing 3rd party AV is probably not going to make a positive difference.

Edit: I forgot to mention - if you are having problems with AV on your own PC, even though everything is white-listed, uninstall the AV!! They often pop-up a small questionnaire in your browser where you can tell them their product is not fit for purpose.

[Josh]

Fred - We need your reply concerning these specific things Dude has listed.

I do not believe that we can blame Purebasic for all false messages.

In my larger project (exe about 850k, x32+x64), on VirusTotal I never have warnings (hope this will be so in future), although I use there pretty much everything (including ActiveScripting) which one can only imagine. The only thing VirusTotal here complains that the program is not signed.

In another smaller project (exe about 150k, x32), VirusTotal often shows me warnings of 3-4 smaller (unknown to me) AVs. But in this case, I do not care, because it is only a program for me. New here is a warning from McAfee-GW-Edition, but I don't know what this is.

[IdeasVacuum]

Hi Josh

PB cannot be blamed for any issue with Anti-Virus, it is the sloppy coding and misguided philosophy behind AV design that is at fault. That would be like blaming the Fire Brigade for the fires

However, poor quality AV is the norm, and looks like that will simply not change until some bright spark comes along with a quantum leap replacement. In the mean time, if there are easy changes that can be made to reduce issues with PB created exe files, then that is obviously desirable.

[Dude]

Ignore, I was wrong. See my post below.

[Josh]

Anyway, can anyone confirm if their "publickeytoken" in their exe is also 6595b64144ccf1df like mine? Check with a hex editor for your exe. I'd love to know.

Yes, its the same, in both, x32 + x64

[IdeasVacuum]

New here is a warning from McAfee-GW-Edition, but I don't know what this is

Guaranteed Worthless

[Dude]

Yes, its the same, in both, x32 + x64

So I did some Googling and apparently that "6595b64144ccf1df" token is a common thing, so I was wrong there. Sorry Fred!

But what about changing the default "CompanyName.ProductName.YourApp" part of the manifest text? That should surely be specific to each developer?

[IdeasVacuum]

But what about changing the default "CompanyName.ProductName.YourApp" part of the manifest text? That should surely be specific to each developer?

I think so too: https://msdn.microsoft.com/ja-jp/librar ... s.85).aspx

... it is all to do with the GUI style and Win8.1/Win10 seem to impose their style on your app anyway (My apps look way better in Win10 than they did in WinXP).

[Mijikai]

All AVs are crap when it comes to heuristic analysis...

Especially Symantec & Sophos are beyond repair - even Google announced
that they will not accept certificats from Symantec anymore (starting next year).

The best is to just ignore this AV nonsense and instruct/educate potential customers.

[VB6_to_PBx]

nobody's mentioning Kaspersky AntiVirus ??

on my Win10 and Win 8.0 computers , just have MS Defender
on the rest of my computers , Kaspersky or MS Security Essentials Anti Virus

never had any problems with Kaspersky with any VB6 or PureBasic EXE's i created
even when i created a self-extracting/installation EXE , did not showup as a Virus

when i upload self-extracting/installation EXE to MediaFire, they use Bit Defender
so far no Virus showed in uploads

maybe tell your Customers to use Kaspersky , MS Security Essentials, or MS Defender
instead of McAfee, Norton Symantec, etc

[Olby]

I know a few people strongly opposed the notion of fixing something that is not broken. But PB is not Microsoft or any other big player therefore we have to play according to their rules. While it is possible to tell someone to uninstall completely or use a different AV it is a futile request. I don't expect someone to buy a new AV just because "my little utility written in PB" is quarantined. They'll just find another piece of software. In my case it would be nearly impossible to accommodate PB and request the corporation to change to another AV provider or get rid of it at all (which will not happen anytime soon since AVs usually come bundled with firewalls, networks threat prevention, safe web browsing etc). The answer would be simple, why are you using PB, just switch to something else that doesn't require any extra work. Sadly this doesn't help to promote PB outside bedroom and hobbyist coder scene.

TLDR;

If the mountain will not come to Muhammad, then Muhammad must go to the mountain. Therefore the best course of action in my opinion would be to try changing the binary code generated by PB compiler to something that will cause less false-positives by, perhaps, working together with AV developers such as Symantec.

[mk-soft]

I have been using Avira-Professionel for years and have no major problems with this virus protection.
It is also used in the company Avira-Pro on PCs and servers.