It is currently Thu Nov 14, 2019 8:33 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 155 posts ]  Go to page Previous  1 ... 4, 5, 6, 7, 8, 9, 10, 11  Next
Author Message
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Wed Oct 18, 2017 9:25 pm 
Offline
User
User

Joined: Mon Feb 25, 2013 9:29 pm
Posts: 13
This code causes me a false positive with McAfee Antivirus using PureBasic v5.61 32 Bits but compile fine with PureBasic v5.61 64 bits.

Code:
EnableExplicit

Define Null.l

If OpenWindow(0, 0, 0, 120, 100, "ButtonImage", #PB_Window_SystemMenu | #PB_Window_ScreenCentered)
  ButtonGadget(0,10,10,100,20,"Button",0)
  ButtonGadget(1,10,50,100,20,"Button",0)
 
  SetWindowTheme_(GadgetID(0),@Null,@Null)
  SetWindowLongPtr_(GadgetID(0),#GWL_STYLE,GetWindowLongPtr_(GadgetID(0),#GWL_STYLE)|#BS_FLAT)

Repeat : Until WaitWindowEvent() = #PB_Event_CloseWindow
EndIf


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Fri Oct 27, 2017 10:27 am 
Offline
Enthusiast
Enthusiast

Joined: Fri Feb 19, 2010 3:42 am
Posts: 534
Same here :(

Nice to see that 64bit version runs!


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Mon Oct 30, 2017 6:39 pm 
Offline
Enthusiast
Enthusiast

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 288
Location: Germany
There seems to be a core problem with antivirus detection and purebasic currently. I just compiled a x86 PB exe with a simple MessageRequester("test", "test requester")" and bitdefender instantly detected and quarantained it. It compiled into a tiny 5kb executable and was now send to bitdefener support for further analysis.

Lets see what they say. I have to pay for a new AV solution again anyway and if they cant fix this, i will switch again. I suggest everybody of you does the same and reports here which AV solution thinks its a threat and which isnt.

Compile the following line into a x86 executable:

Code:
MessageRequester("test", "test requester")


30.10.2018 bitdefender internet security 2018 both antivirusscanner and advanced threat detection wrongly detect and quarantaine/erase it.

Support is contacted and has a zipped copy of the executable for analysis.

If you use a different AV solution, please compile the line into x86 code and tell if you can launch the executable or what happens if you try. I will report my reply from bitdefender here.

Lets see which vendor will get my/our money for next year.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Mon Oct 30, 2017 10:21 pm 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1897
Bitblazer wrote:
Code:
MessageRequester("test", "test requester")

Yep, it's pretty bad: 12/67 scanners say the above code is malware:

https://www.virustotal.com/#/file/600ac ... 600244171/

:(


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 3:40 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 17, 2009 10:51 pm
Posts: 1341
Location: Nashville
Dude wrote:
Bitblazer wrote:
Code:
MessageRequester("test", "test requester")

Yep, it's pretty bad: 12/67 scanners say the above code is malware:

https://www.virustotal.com/#/file/600ac ... 600244171/

:(


Damn, that is high.

_________________
Fangbeast for President!


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 7:22 am 
Offline
Enthusiast
Enthusiast

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 288
Location: Germany
Dude wrote:
Bitblazer wrote:
Code:
MessageRequester("test", "test requester")

Yep, it's pretty bad: 12/67 scanners say the above code is malware:

https://www.virustotal.com/#/file/600ac ... 600244171/

:(


Another hint to me that too many AV products are truely just crap and dont analyse this at all. So it just seems to be a filesize check (and maybe a single stub signature of pb that they pick up without even noticing they detect a programming language instead).

Maybe its time to compile 5 general basic single liners like this, "hello world" and other common ones and point out which scanners are basically snake oil products. Make an article about it in detail and post it with the executables and links on a webpage, so people can make a more inforrmed buy.

Hmmm ...

hello world, a messagerequester, a windows version check (maybe in inlined asm for the stupid entropy checks some scanners do), maybe a canvas widget with a bresenham line (most basic algo in IT for graphic ;) - any more suggestions?

ps: im pretty sure other less common programming languages have the same problem. Maybe we should team up and initiate some kind of (anti)-EICAR movent ;)


Last edited by Bitblazer on Tue Nov 21, 2017 11:13 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 8:36 am 
Offline
Administrator
Administrator

Joined: Fri May 17, 2002 4:39 pm
Posts: 13627
Location: France
For info I signed the exec and performed the test but it didn't changed anything, still 12/65 which is pretty bad.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 11:12 am 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1897
For comparison, I compiled this code instead, and only got 4/67 false positives:

Code:
MessageBox_(0,"test requester","test",0)

https://www.virustotal.com/#/file/c8cce ... /detection


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 11:44 am 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1897
And this compiled code gives 3/67 false positives:

Code:
With msg.MSGBOXPARAMS
  \cbSize = SizeOf(msg)
  \hwndOwner = 0
  \lpszText = @"test requester"
  \lpszCaption = @"test"
  \dwStyle = #MB_USERICON | #MB_YESNO
EndWith
MessageBoxIndirect_(@msg)

https://www.virustotal.com/#/file/f9b53 ... /detection


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 3:27 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat May 05, 2007 5:31 pm
Posts: 628
Location: Linz, Austria
Code:
MessageRequester("test", "test requester")
Without version info: 12/66
With version info (*): 02/67


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 3:38 pm 
Offline
Administrator
Administrator

Joined: Fri May 17, 2002 4:39 pm
Posts: 13627
Location: France
chi wrote:
Code:
MessageRequester("test", "test requester")
Without version info: 12/66
With version info (*): 02/67


Now, that's interesting @chi. Tested on the same .exe and it got only flagged 1/66. Just put some version info to your file and it seems to do the trick (which demonstrate how these AV are a bunch of crap)

https://www.virustotal.com/#/file/8374d ... /detection


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 4:01 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat May 05, 2007 5:31 pm
Posts: 628
Location: Linz, Austria
For faster testing and more insight: https://www.winitor.com/ ;)


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 5:18 pm 
Offline
Enthusiast
Enthusiast

Joined: Fri Feb 19, 2010 3:42 am
Posts: 534
The anti virus specialists are very clever.
No virus would put version info into its code.
So, everything without version info is a virus; really smart!

O.k., McAfee also wants version info and I could now compile with 32bit.

So I don't need 64bit OCI.dll which I got to run meanwhile; a positive effect...

Thanks a lot for the version hint!!!

I mean really... I am really happy!!!
Thanks a lot folks! You're all great!


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 8:55 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat May 17, 2003 11:31 am
Posts: 6073
I've been using AntiVir now for years, and it did spot a few real ones, as well as some false positives. There were very few false positives with PureBasic thus far. Also it doesn't seem to need version info to detect a (non) virus :-)

And as it seems to score reasonably as well in most virusscanner tests I think I'll stick with it for the moment. That, a bit of common sense, and now and again a single scan with malwarebytes or superantispyware has kept me clean for the last 10 years or so. I also use Firefox + NoScript to avoid some incidental drive-by downloads.

Oh. And avoiding porn websites probably helps as well 8)

Perhaps I was just lucky :?

_________________
( PB5.xx Win10 x64 Asrock AB350 Pro4 Ryzen 1600X 32GB RAM Evo 840 GTX1060 )
( The path to enlightenment and the PureBasic Survival Guide right here... )


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Oct 31, 2017 9:34 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat May 17, 2003 11:31 am
Posts: 6073
I tried virustotal, and all my stuff (except ReVal) gives 2/62. Cyclaan and eGambit are the offenders. Pfff.

_________________
( PB5.xx Win10 x64 Asrock AB350 Pro4 Ryzen 1600X 32GB RAM Evo 840 GTX1060 )
( The path to enlightenment and the PureBasic Survival Guide right here... )


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 155 posts ]  Go to page Previous  1 ... 4, 5, 6, 7, 8, 9, 10, 11  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye