Why I had to stop using PureBasic

[Bitblazer]

Update - the bitdefender support replied and got the sample again today plus more detailed infos. Lets hope things improve - on a sidenote, the food example in the database help also triggered bitdefender and it reacted quite excited

ps: kcc if you notice this, please feel free to add a mad man animation who is super alerted running in circles

[Dude]

Cyclaan and eGambit

They sound like stand-up, quality software.

[IndigoFuzz]

Just throwing a wild knife in the dark...

Do you get the same problem if you process the executable with UPX?

[Dude]

Do you get the same problem if you process the executable with UPX?

Yes. Virus-scanners know about UPX (and other compressors) and decompress them before scanning.

[Bitblazer]

Virusscanners try to access archives or packed executables and UPX is well known by now. A way to block them from access would be for example to use a password on an archive. They dont try dictionary attacks on archives yet

Keep in mind that any UPX or archive compression happens after the compilation and an active virus scanner usually already erased your false positive executable before you are able to convert/disguise/archive/process it.

UPX compression => reading executable into memory - process its structure, compress elements - write out new binary stream including decompression header + compressed elements. For more info see :

https://de.wikipedia.org/wiki/UPX
https://en.wikipedia.org/wiki/Compariso ... le_formats
https://en.wikipedia.org/wiki/Portable_Executable

etc.

ps: that also makes selfwritten exe-compressors pointless, but we could probably use a replacement of the last stage of exe-creation to fool the antivirus software. But we aren't at that point yet, lets wait what happens.

[ElementE]

I just discovered this thread topic.

Earlier this year (2017) I downloaded the Purebasic installer to my work computer.
Symantec immediately tagged it as some sort of virus or malware and removed it.
Then I got an email from the IT department regarding my offense of downloading dangerous software.
So now I can't use Purebasic at work.

Can this problem between Purebasic and Symantec be resolved?
It would help Purebasic become a more popular programming language.

[Fig]

It would be easier to talk with your IT. Make them understand what is purebasic and why it's tag as a virus.
It guys are usually friendly nerds maybe they will add Pb to their exception list.

Long time ago i used Pb on a usb key. I dont' know if it still work neither if you can plug usb key at work....

[IdeasVacuum]

Can this problem between Purebasic and Symantec be resolved?

It has been resolved before, but the poor quality control of almost all Anti-Virus software leads to false-positives springing-up again, for all sorts of applications, not only PB.

However, If you where working for me I would not be best pleased to hear that you had downloaded an executable independent of the IT department, who are there to run the company network and keep it as safe as possible.

What you should be doing is producing a (written) request for the IT guys to provide software that you need to do your work, with a brief on why your specific choices will be to the advantage of the company - given that all tech investment is ultimately governed by a budget. It's the IT department's responsibility to ensure safe installations.

This is not specifically a PB issue at all. No doubt the IT department have set Symantec up to prevent well-meaning Users from accidentally bringing the whole company network down by introducing a virus or opening a gateway to hackers.

[Bitblazer]

Thats probably the basic problem, the powerful ability to create anything including lowlevel system/network affecting software, makes PB potentially able to tear huge security holes into crucial company resources. Maybe its more realistic to tell the IT appartment what you try to achieve and ask them how they suggest you to do that.

Sadly their solution is unlikely to include the suggestion that you write a homebrew solutions with PB, but maybe they have a less potentially dangerous solution like a script language or maybe a mechanism to solve your problem with their own internally used company solution.

There is a tiny chance they see a huge use and you advance to the companies internal IT software development branch as CTO ok its tiny but ...

Either way, work with them, not against them

[Bitblazer]

My antivirus subscription was about to expire, so i had to look for a replacement. Checked the usual AV rankings and installed kaspersky internet suite - no problems with purebasic, messagerequesters or tiny executables. So far the false positive problem didnt show up with any of the tests i did and kaspersky just works. If a problems arises, i will post in this thread again, but i hope i dont have to

Looks like kaspersky is actually doing their job and they even have a 30 day trial time.

[davido]

@Bitblazer,
I can concur.
Since installing Kaspersky, over 12 months ago, I've had no more issues with PureBasic.

[Bitblazer]

Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.

[Dude]

Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.

Here's a support email I got from a customer today, regarding BitDefender. Annoying as hell (the AV issue, not the customer).

[Dude]

Just noticed something important today... I created a blank exe with nothing in it. Here's the source:

Code: Select all

; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; DisableDebugger

VirusTotal reported 10/67 malware. An empty exe!

Then I changed the Compiler Options to make it compile as "Dynamic CPU" instead of "All CPU":

Code: Select all

; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; CPU = 1
; DisableDebugger

VirusTotal now reported only 3/67 malware! Can anyone else with false malware results try this test and report here how it went for you? Thanks.

[skywalk]

Cpu Optimisation (next to Executable format)
This setting allows to include Cpu optimised PB functions in your executable:
All CPU : The generic functions are included that run on all CPUs.
Dynamic CPU : The generic functions as well as any available CPU specific function are included. The function to execute is decided at runtime. This creates a bigger executable, but it will run as fast as possible on all CPUs.
All other options : Include only the functions for a specific CPU. The executable will not run on any Cpu that does not support this feature.

Note: No PB functions actually support this feature for now (it is ignored for them). However, some User Libraries include such optimisations.