Page 6 of 11

Re: Why I had to stop using PureBasic

Posted: Tue Sep 19, 2017 11:44 pm
by Samuel
Dude wrote: That's my point: the signed exe can "look" safe, but in reality it may not be. :(
I think your missing the point of signed executables, though. They aren't meant as a way to say the executable is 100% safe to use. They inform you that the executable hasn't been altered from when it was originally signed.
This way you could tell if an executable was altered when it was sitting on a server waiting to be downloaded by the end user.

Re: Why I had to stop using PureBasic

Posted: Wed Sep 20, 2017 9:03 am
by Dude
Samuel wrote:[Certs] inform you that the executable hasn't been altered from when it was originally signed
So why can't the publishers just stick an SHA256 checksum on their download page that we can use to do the same thing, instead of forcing developers to pay for certs that so obviously are unreliable?

Re: Why I had to stop using PureBasic

Posted: Wed Sep 20, 2017 9:52 am
by Josh
Dude wrote:... to pay for certs that so obviously are unreliable?
Certificates are not unreliable. Please read the involved postings and links here again and try to understand.

Re: Why I had to stop using PureBasic

Posted: Wed Sep 20, 2017 10:19 am
by Bitblazer
Dude wrote:
Samuel wrote:[Certs] inform you that the executable hasn't been altered from when it was originally signed
So why can't the publishers just stick an SHA256 checksum on their download page that we can use to do the same thing, instead of forcing developers to pay for certs that so obviously are unreliable?
Websites are vulnerable in a lot of different ways - manipulation of that SHA256 checksum on a download page would be a lot easier than manipulating a cert signature. The chain of trust would be a lot weaker as some bored kid manipulates a router firmware, an amazon webcache, an ISP's routing protocol or half a dozen other things just to manipulate that "SHA256 checksum" you "see on a webpage" and any of that ends up with the customer seeing a SHA256 checksum of a download which includes a trojan.

Re: Why I had to stop using PureBasic

Posted: Tue Sep 26, 2017 9:05 pm
by C87
I have had an issue with site Purebasic.fr and Symantec when the 5.61 update was available. Norton came up and said that the PureBasic site didn't have a Valid Digital Signature. However it did say the file was good and had a favourable rating, two bars from five. I haven't as yet downloaded the update as I've only recently installed 5.60.
One one PC I have Symantec, FireFox and also the Epic browser. On another PC I have McAfee and use again Firefox and Epic. With Symantec and Firefox I get warnings rarely. With Symantec and Epic I have never had a warning. Also, with McAfee, Epic and McAfee never any warnings. If I attempt to go to the site PureArea.net then Firefox and Symantec expressly warn against opening it. But it is not the case with Epic and Symantec. Also, Firefox or Epic and McAfee result in no warnings. However, due to Symantec and Firefox expressly stating do not open this site under any conditions I have declined to open it on any PC. Which is a pity as there appears to be some useful information there. Whilst ever Symantec and Firefox don't like it I'll stay away from Purearea.net. I certainly wouldn't download anything from purearea.net.
From my experience Firefox and Symantec produce the odd security errors with some parts of the main PureBasic site but hey ho, not to worry. They only require me to click to open or move to another page/screen, which I don't consider a serious issue. I have downloaded the odd thing from Purebasic without an issue to date.
(As an aside, before I settled on PureBasic I looked at PowerBasic......now that is a site with issues. The antivirus didn't flag them until I downloaded anything, even a zip file, it was a total nightmare. In the end I had to remove every single file associated with PowerBasic just to be sure. It seemed that so many bad zip files were uploaded onto that site)

Do have to say that having installed PureB etc Symantec hasn't thrown any issues and everything passes the daily and extra scans I run. The odd .EXE I have created and tested on a couple of different PCs without error, plus they run Ok on the Symantec/Firefox PC. (I do suspect that Epic isn't as strong and up to date on antivirus as Symantec. It does the prevention of data collection and prevents adblocking without you needing to adjust very much at all though but no idea what is being collected by Epic!!)

Regards, C87

Re: Why I had to stop using PureBasic

Posted: Wed Sep 27, 2017 11:22 am
by Bitblazer
I got the official confirmation from bitdefender, that i should sign all "those" (unknown) executables or if that doesnt work, include each of them into the exclusion list (yes, each of them - i havent found a way to include a whole folder and obviously bitdefender needs them excluded for atd AND the AV module seperately. At least the AV module can add a folder ...)

ps: atd = advanced threat defence (also known as random deletion and blocking of tools which simply create form masks ... totally clever and "advanced"

Re: Why I had to stop using PureBasic

Posted: Wed Sep 27, 2017 11:16 pm
by Lunasole
Dude wrote:So why can't the publishers just stick an SHA256 checksum on their download page that we can use to do the same thing, instead of forcing developers to pay for certs that so obviously are unreliable?
Just because certificates are another way to make money from air. Or rather, from hashes and bytes ^^
Microsoft has whole huge infrastructure for this and earns a lot forcing developers to sign their products, which else surely would be made differently and most likely for free (or with very low costs) with same results on practice.

.. and because nowadays most users are stupid enough to need developers which forcibly taking care about their safety&privacy. Generally nothing new, this "hypercare" is really global trend which already fully covered mobiles and almost totally covered web (with that google & it's Chrome).
// btw some "useless philosophizing": that all nicely corresponds to most humans nature, like "let my chieftains control me and take care about, don't want to think once more about what I'm doing"

Re: Why I had to stop using PureBasic

Posted: Wed Sep 27, 2017 11:22 pm
by Andre
@C87: As the owner of PureArea.net I would like to comment your posting:

While I never had any issues with anti-virus software and PureBasic / PB-compiled executables yet (I'm using AntiVir on Win10) I got a notice from openbugbounty.org regarding PureArea.net -but I can't believe, that anything on this virus notifications is true!? :?

It's a shame, that I don't have the time to regularly update the PureArea.net contents. But on the other this is the reason, that didn't change anything on the download content for around 2 years now, and only made some smaller changes/additions at the html content of the webpage.
So I can't imagine, how a real virus should have found it's way into the PureArea.net content... :cry:

Can anyone confirm, if there is a real virus problem with the PureArea.net content?
(I hope, better I'm sure, not....)

Re: Why I had to stop using PureBasic

Posted: Wed Sep 27, 2017 11:52 pm
by Thunder93
Hi Andre.

Windows Defender flagged upon download attempt of CodeArchiv_v4-Beta.zip package. Force downloading, the following files that are flagged are all the PB compiled executables.

Trojan: Win32/Dynamer!Ac (Severe)
DeskSwitch.exe
browser_broker.exe


... as we know, PB compiled executables just isn't liked by different AVs.

I know you are trusted in the community, and I know your site is clean. However I've been around long enough to know better, but others joining our community and trying to download stuff off of your site might actually think someone is out to get them. :lol:


Edited...: Just quick test on that package on VirusTotal and you can see different ones having issues with it.. https://www.virustotal.com/#/file/ed7d2 ... /detection

Re: Why I had to stop using PureBasic

Posted: Fri Sep 29, 2017 7:57 am
by C87
Hello Andre,
I don't think that you have any virus affected files on your site. It seems to be the combination of the Mozilla FireFox browser and Symantec that causes the error. If I use another browser, Epic I do not get the error. If I use Firefox and McAfee I do not get the error. I am unaware how Symantec arrive at the conclusion they do, however as soon as I try to open purearea.net, a popup screen shows with the following text.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dangerous Website Blocked
You attempted to access:
http://www.purearea.net
This is a known dangerous website. It is recommended that you do NOT visit this site. The detailed report explains the security risks on this site.
For your protection, this web page has been blocked. Visit Symantec to learn more about phishing and internet security.

Exit this site

[visit this web page anyway.]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Looking at the detailed report from the above gives the following information:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Norton Rating
Safeweb Share
Norton Safe Web has analyzed purearea.net for safety and security problems. Below is a sample of the threats that were found.
Summary
Computer Threats: 11
Identity Threats: 0
Annoyance factors: 0
Total threats on this site: 11
The Norton rating is a result of Symantec's automated analysis system. Learn more.
The opinions of our users are reflected separately in the community rating on the right.

Community Reviews (0)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beyond the above I cannot be of further help as to the cause but I haven't had an issue when I've been on the site with another browser & McAfee. I haven't as yet opened the site from the [visit this site anyway] button when using Firefox & Symantec

Regards, C87

Re: Why I had to stop using PureBasic

Posted: Fri Sep 29, 2017 8:17 am
by Dude
Symantec wrote:Dangerous Website Blocked
You attempted to access:
http://www.purearea.net
This is a known dangerous website.
Symantec are pathetic! For some balance, VirusTotal says that 0/64 scanners found NO malware on PureArea.net:

https://www.virustotal.com/#/url/813a06 ... /detection

Image

Re: Why I had to stop using PureBasic

Posted: Wed Oct 11, 2017 9:31 am
by Didelphodon
Dude wrote:As for PureBasic, I note with interest that 5.61 results in LESS false-positives with VirusTotal than 5.60! :shock: :D

An exe I made with 5.60 a couple of months ago (40/65 "malware"): https://i.imgur.com/JsHZOe2.png
The same exe compiled with 5.61 today (just 13/64 "malware" now): https://i.imgur.com/6BjdcQi.png

So that's looking good! I recommend everyone upgrade to 5.61 if they haven't, to see if that helps.

[Edit] I also tried embedding a large random binary of 10 MB to my exe, but VirusTotal still said 13/64 "malware", so size didn't help.
Some time ago I started a new thread (http://www.purebasic.fr/english/viewtop ... =7&t=54315) to address this actual issue but, sad but true, the thread was hi-jacked by unnecessary dic*-size comparison discussions. My opinions is, and my gutfeeling is relatively strong on this, that Purebasic has been used by some malware authors and because of the fact that PB-PEs are pretty rare compared to other compilers the AV industry was fine with a imho very generous signature.

However, @Dude, I'm close to one of the AVs that detected the first executable you mentioned in your post. Can you drop me the according EXE in a ZIP with password "infected" or drop a download link and I fetch it? Please, also include the source code. I can then hand it over to my friend/colleague there and he should be able to tell me what the triggers are on that specific sample.

Re: Why I had to stop using PureBasic

Posted: Wed Oct 11, 2017 6:55 pm
by Kuron
Didelphodon wrote:
Dude wrote:As for PureBasic, I note with interest that 5.61 results in LESS false-positives with VirusTotal than 5.60! :shock: :D
I tested PureB the other day with the latest version. Only flagged 3 AV programs. Retesting now... Now only two. Same exact file, simply the canvas example compiled and tested.

Re: Why I had to stop using PureBasic

Posted: Wed Oct 11, 2017 10:57 pm
by IdeasVacuum
I have had an issue with site Purebasic.fr and Symantec when the 5.61 update was available. Norton came up and said that the PureBasic site didn't have a Valid Digital Signature.
I think at least part of that issue is that the only secure page on the PB website is the one where existing Users sign-in to access downloads. Fred can change that, https for the whole site.

Re: Why I had to stop using PureBasic

Posted: Thu Oct 12, 2017 12:26 am
by Dude
Didelphodon wrote:@Dude, I'm close to one of the AVs that detected the first executable you mentioned in your post. Can you drop me the according EXE in a ZIP with password "infected" or drop a download link and I fetch it? Please, also include the source code.
Thanks for the offer, but I can't do that (sorry) as the app was a paid product. I've been advised by a software publishing website that in their experience, system info tools always gets flagged as malware by AV companies, due to querying the specifics of the PC. Oh well. Doesn't matter.