Why I had to stop using PureBasic
Re: Why I had to stop using PureBasic
Update - the bitdefender support replied and got the sample again today plus more detailed infos. Lets hope things improve - on a sidenote, the food example in the database help also triggered bitdefender and it reacted quite excited
ps: kcc if you notice this, please feel free to add a mad man animation who is super alerted running in circles
ps: kcc if you notice this, please feel free to add a mad man animation who is super alerted running in circles
Re: Why I had to stop using PureBasic
They sound like stand-up, quality software.blueznl wrote:Cyclaan and eGambit
Re: Why I had to stop using PureBasic
Just throwing a wild knife in the dark...
Do you get the same problem if you process the executable with UPX?
Do you get the same problem if you process the executable with UPX?
Re: Why I had to stop using PureBasic
Yes. Virus-scanners know about UPX (and other compressors) and decompress them before scanning.IndigoFuzz wrote:Do you get the same problem if you process the executable with UPX?
Re: Why I had to stop using PureBasic
Virusscanners try to access archives or packed executables and UPX is well known by now. A way to block them from access would be for example to use a password on an archive. They dont try dictionary attacks on archives yet
Keep in mind that any UPX or archive compression happens after the compilation and an active virus scanner usually already erased your false positive executable before you are able to convert/disguise/archive/process it.
UPX compression => reading executable into memory - process its structure, compress elements - write out new binary stream including decompression header + compressed elements. For more info see :
https://de.wikipedia.org/wiki/UPX
https://en.wikipedia.org/wiki/Compariso ... le_formats
https://en.wikipedia.org/wiki/Portable_Executable
etc.
ps: that also makes selfwritten exe-compressors pointless, but we could probably use a replacement of the last stage of exe-creation to fool the antivirus software. But we aren't at that point yet, lets wait what happens.
Keep in mind that any UPX or archive compression happens after the compilation and an active virus scanner usually already erased your false positive executable before you are able to convert/disguise/archive/process it.
UPX compression => reading executable into memory - process its structure, compress elements - write out new binary stream including decompression header + compressed elements. For more info see :
https://de.wikipedia.org/wiki/UPX
https://en.wikipedia.org/wiki/Compariso ... le_formats
https://en.wikipedia.org/wiki/Portable_Executable
etc.
ps: that also makes selfwritten exe-compressors pointless, but we could probably use a replacement of the last stage of exe-creation to fool the antivirus software. But we aren't at that point yet, lets wait what happens.
Re: Why I had to stop using PureBasic
I just discovered this thread topic.
Earlier this year (2017) I downloaded the Purebasic installer to my work computer.
Symantec immediately tagged it as some sort of virus or malware and removed it.
Then I got an email from the IT department regarding my offense of downloading dangerous software.
So now I can't use Purebasic at work.
Can this problem between Purebasic and Symantec be resolved?
It would help Purebasic become a more popular programming language.
Earlier this year (2017) I downloaded the Purebasic installer to my work computer.
Symantec immediately tagged it as some sort of virus or malware and removed it.
Then I got an email from the IT department regarding my offense of downloading dangerous software.
So now I can't use Purebasic at work.
Can this problem between Purebasic and Symantec be resolved?
It would help Purebasic become a more popular programming language.
Think Unicode!
Re: Why I had to stop using PureBasic
It would be easier to talk with your IT. Make them understand what is purebasic and why it's tag as a virus.
It guys are usually friendly nerds maybe they will add Pb to their exception list.
Long time ago i used Pb on a usb key. I dont' know if it still work neither if you can plug usb key at work....
It guys are usually friendly nerds maybe they will add Pb to their exception list.
Long time ago i used Pb on a usb key. I dont' know if it still work neither if you can plug usb key at work....
There are 2 methods to program bugless.
But only the third works fine.
Win10, Pb x64 5.71 LTS
But only the third works fine.
Win10, Pb x64 5.71 LTS
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: Why I had to stop using PureBasic
It has been resolved before, but the poor quality control of almost all Anti-Virus software leads to false-positives springing-up again, for all sorts of applications, not only PB.Can this problem between Purebasic and Symantec be resolved?
However, If you where working for me I would not be best pleased to hear that you had downloaded an executable independent of the IT department, who are there to run the company network and keep it as safe as possible.
What you should be doing is producing a (written) request for the IT guys to provide software that you need to do your work, with a brief on why your specific choices will be to the advantage of the company - given that all tech investment is ultimately governed by a budget. It's the IT department's responsibility to ensure safe installations.
This is not specifically a PB issue at all. No doubt the IT department have set Symantec up to prevent well-meaning Users from accidentally bringing the whole company network down by introducing a virus or opening a gateway to hackers.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
Re: Why I had to stop using PureBasic
Thats probably the basic problem, the powerful ability to create anything including lowlevel system/network affecting software, makes PB potentially able to tear huge security holes into crucial company resources. Maybe its more realistic to tell the IT appartment what you try to achieve and ask them how they suggest you to do that.
Sadly their solution is unlikely to include the suggestion that you write a homebrew solutions with PB, but maybe they have a less potentially dangerous solution like a script language or maybe a mechanism to solve your problem with their own internally used company solution.
There is a tiny chance they see a huge use and you advance to the companies internal IT software development branch as CTO ok its tiny but ...
Either way, work with them, not against them
Sadly their solution is unlikely to include the suggestion that you write a homebrew solutions with PB, but maybe they have a less potentially dangerous solution like a script language or maybe a mechanism to solve your problem with their own internally used company solution.
There is a tiny chance they see a huge use and you advance to the companies internal IT software development branch as CTO ok its tiny but ...
Either way, work with them, not against them
Re: Why I had to stop using PureBasic
My antivirus subscription was about to expire, so i had to look for a replacement. Checked the usual AV rankings and installed kaspersky internet suite - no problems with purebasic, messagerequesters or tiny executables. So far the false positive problem didnt show up with any of the tests i did and kaspersky just works. If a problems arises, i will post in this thread again, but i hope i dont have to
Looks like kaspersky is actually doing their job and they even have a 30 day trial time.
Looks like kaspersky is actually doing their job and they even have a 30 day trial time.
Last edited by Bitblazer on Tue Nov 14, 2017 10:21 am, edited 1 time in total.
Re: Why I had to stop using PureBasic
@Bitblazer,
I can concur.
Since installing Kaspersky, over 12 months ago, I've had no more issues with PureBasic.
I can concur.
Since installing Kaspersky, over 12 months ago, I've had no more issues with PureBasic.
DE AA EB
Re: Why I had to stop using PureBasic
Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.
Re: Why I had to stop using PureBasic
Here's a support email I got from a customer today, regarding BitDefender. Annoying as hell (the AV issue, not the customer).Bitblazer wrote:Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.
Re: Why I had to stop using PureBasic
Just noticed something important today... I created a blank exe with nothing in it. Here's the source:
VirusTotal reported 10/67 malware. An empty exe!
Then I changed the Compiler Options to make it compile as "Dynamic CPU" instead of "All CPU":
VirusTotal now reported only 3/67 malware! Can anyone else with false malware results try this test and report here how it went for you? Thanks.
Code: Select all
; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; DisableDebugger
Then I changed the Compiler Options to make it compile as "Dynamic CPU" instead of "All CPU":
Code: Select all
; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; CPU = 1
; DisableDebugger
Re: Why I had to stop using PureBasic
Manual wrote:Cpu Optimisation (next to Executable format)
This setting allows to include Cpu optimised PB functions in your executable:
All CPU : The generic functions are included that run on all CPUs.
Dynamic CPU : The generic functions as well as any available CPU specific function are included. The function to execute is decided at runtime. This creates a bigger executable, but it will run as fast as possible on all CPUs.
All other options : Include only the functions for a specific CPU. The executable will not run on any Cpu that does not support this feature.
Note: No PB functions actually support this feature for now (it is ignored for them). However, some User Libraries include such optimisations.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum