Page 8 of 11
Re: Why I had to stop using PureBasic
Posted: Mon Nov 06, 2017 8:46 pm
by Bitblazer
Update - the bitdefender support replied and got the sample again today plus more detailed infos. Lets hope things improve - on a sidenote, the food example in the database help also triggered bitdefender and it reacted quite excited
ps: kcc if you notice this, please feel free to add a mad man animation who is super alerted running in circles
Re: Why I had to stop using PureBasic
Posted: Mon Nov 06, 2017 10:17 pm
by Dude
blueznl wrote:Cyclaan and eGambit
They sound like stand-up, quality software.
Re: Why I had to stop using PureBasic
Posted: Thu Nov 09, 2017 1:14 pm
by IndigoFuzz
Just throwing a wild knife in the dark...
Do you get the same problem if you process the executable with UPX?
Re: Why I had to stop using PureBasic
Posted: Thu Nov 09, 2017 1:29 pm
by Dude
IndigoFuzz wrote:Do you get the same problem if you process the executable with UPX?
Yes. Virus-scanners know about UPX (and other compressors) and decompress them before scanning.
Re: Why I had to stop using PureBasic
Posted: Thu Nov 09, 2017 5:07 pm
by Bitblazer
Virusscanners try to access archives or packed executables and UPX is well known by now. A way to block them from access would be for example to use a password on an archive. They dont try dictionary attacks on archives yet
Keep in mind that any UPX or archive compression happens after the compilation and an active virus scanner usually already erased your false positive executable before you are able to convert/disguise/archive/process it.
UPX compression => reading executable into memory - process its structure, compress elements - write out new binary stream including decompression header + compressed elements. For more info see :
https://de.wikipedia.org/wiki/UPX
https://en.wikipedia.org/wiki/Compariso ... le_formats
https://en.wikipedia.org/wiki/Portable_Executable
etc.
ps: that also makes selfwritten exe-compressors pointless, but we could probably use a replacement of the last stage of exe-creation to fool the antivirus software. But we aren't at that point yet, lets wait what happens.
Re: Why I had to stop using PureBasic
Posted: Thu Nov 09, 2017 8:54 pm
by ElementE
I just discovered this thread topic.
Earlier this year (2017) I downloaded the Purebasic installer to my work computer.
Symantec immediately tagged it as some sort of virus or malware and removed it.
Then I got an email from the IT department regarding my offense of downloading dangerous software.
So now I can't use Purebasic at work.
Can this problem between Purebasic and Symantec be resolved?
It would help Purebasic become a more popular programming language.
Re: Why I had to stop using PureBasic
Posted: Thu Nov 09, 2017 9:34 pm
by Fig
It would be easier to talk with your IT. Make them understand what is purebasic and why it's tag as a virus.
It guys are usually friendly nerds maybe they will add Pb to their exception list.
Long time ago i used Pb on a usb key. I dont' know if it still work neither if you can plug usb key at work....
Re: Why I had to stop using PureBasic
Posted: Fri Nov 10, 2017 10:58 am
by IdeasVacuum
Can this problem between Purebasic and Symantec be resolved?
It has been resolved before, but the poor quality control of almost all Anti-Virus software leads to false-positives springing-up again, for all sorts of applications, not only PB.
However, If you where working for me I would not be best pleased to hear that you had downloaded an executable independent of the IT department, who are there to run the company network and keep it as safe as possible.
What you should be doing is producing a (written) request for the IT guys to provide software that you need to do your work, with a brief on why your specific choices will be to the advantage of the company - given that all tech investment is ultimately governed by a budget. It's the IT department's responsibility to ensure safe installations.
This is not specifically a PB issue at all. No doubt the IT department have set Symantec up to prevent well-meaning Users from accidentally bringing the whole company network down by introducing a virus or opening a gateway to hackers.
Re: Why I had to stop using PureBasic
Posted: Fri Nov 10, 2017 1:21 pm
by Bitblazer
Thats probably the basic problem, the powerful ability to create anything including lowlevel system/network affecting software, makes PB potentially able to tear huge security holes into crucial company resources. Maybe its more realistic to tell the IT appartment what you try to achieve and ask them how they suggest you to do that.
Sadly their solution is unlikely to include the suggestion that you write a homebrew solutions with PB, but maybe they have a less potentially dangerous solution like a script language or maybe a mechanism to solve your problem with their own internally used company solution.
There is a tiny chance they see a huge use and you advance to the companies internal IT software development branch as CTO
ok its tiny but ...
Either way, work with them, not against them
Re: Why I had to stop using PureBasic
Posted: Tue Nov 14, 2017 7:56 am
by Bitblazer
My antivirus subscription was about to expire, so i had to look for a replacement. Checked the usual AV rankings and installed kaspersky internet suite - no problems with purebasic, messagerequesters or tiny executables. So far the false positive problem didnt show up with any of the tests i did and kaspersky just works. If a problems arises, i will post in this thread again, but i hope i dont have to
Looks like kaspersky is actually doing their job and they even have a 30 day trial time.
Re: Why I had to stop using PureBasic
Posted: Tue Nov 14, 2017 9:07 am
by davido
@Bitblazer,
I can concur.
Since installing Kaspersky, over 12 months ago, I've had no more issues with PureBasic.
Re: Why I had to stop using PureBasic
Posted: Tue Nov 14, 2017 1:54 pm
by Bitblazer
Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.
Re: Why I had to stop using PureBasic
Posted: Tue Nov 14, 2017 10:22 pm
by Dude
Bitblazer wrote:Just got a Mail from bitdefender support, that they released an update for the signatures that should fix the PB problem. Too late for me but just in case anybody wants to know.
Here's a support email I got from a customer today, regarding BitDefender.
Annoying as hell (the AV issue, not the customer).
Re: Why I had to stop using PureBasic
Posted: Sat Nov 25, 2017 7:23 am
by Dude
Just noticed something important today... I created a blank exe with nothing in it. Here's the source:
Code: Select all
; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; DisableDebugger
VirusTotal reported
10/67 malware.
An empty exe!
Then I changed the Compiler Options to make it compile as "Dynamic CPU" instead of "All CPU":
Code: Select all
; IDE Options = PureBasic 5.61 (Windows - x86)
; Executable = App.exe
; CPU = 1
; DisableDebugger
VirusTotal now reported only
3/67 malware!
Can anyone else with false malware results try this test and report here how it went for you? Thanks.
Re: Why I had to stop using PureBasic
Posted: Sat Nov 25, 2017 3:23 pm
by skywalk
Manual wrote:Cpu Optimisation (next to Executable format)
This setting allows to include Cpu optimised PB functions in your executable:
All CPU : The generic functions are included that run on all CPUs.
Dynamic CPU : The generic functions as well as any available CPU specific function are included. The function to execute is decided at runtime. This creates a bigger executable, but it will run as fast as possible on all CPUs.
All other options : Include only the functions for a specific CPU. The executable will not run on any Cpu that does not support this feature.
Note: No PB functions actually support this feature for now (it is ignored for them). However, some User Libraries include such optimisations.