PureBasic Forums - English

I tried all:
-threadsafe compile option (it helped before)
-adding (bigger) icon to program (same)
-adding some binary data (example image) to program
-disabling modules or giving low sensitivity for avast modules
but... more and more programs are blocked by Avast as generic trojan or similar stupid words.
The worst thing it blocks my packer,binder,installer (programmed also in pb) that i use for all my program.
Mbam and avg blocks also but in higher numbers.
I give up on sending false alarms (avast even classified trojan fixes that i send them to whitelist )
It is hard develop when adding few lines triggers 'generic trojan'.
I use now immunet and have no problems.
I tried also few packers and problem is even worst. They trigger 'generic packer trojan' ))

don't hesitate to send them your executables

Fred wrote:don't hesitate to send them your executables

I think this sentence could mean he already sent them without much luck.

sartic wrote:I give up on sending false alarms (avast even classified trojan fixes that i send them to whitelist )

I really don't see why a baseless opinion from a stupid software should be kept in so high regard, especially when you know it's wrong. Screw them and try to educate your users if you care to do so.
Invite them to try your program in a virtual machine, in a sandbox, to log its registry and filesystem activity, to reverse engineering it, whatever. To use their brains instead of kneeling in front of a message box telling them what to believe. An antivirus it's only a tool, not a god.
If the problem it's only personal instead, because it makes difficult for you to test your own software, change antivirus if the current one it's not sufficiently configurable to make it work as you like. If you can't do that it's a sign it's a mediocre product, not well designed.

I'm a bit fed up with anti-virus, so time for a rant: http://www.purebasic.fr/blog/?p=410

Since when do you have these problems with Avast? Is this a recent problem or a older problem?
I am using Avast at home and it does not flag my executables. However the last version i compiled at home with was 4.60 or so. Right now i only use PB at work and there we have a different anti-virus.

Only thing you can do for yourself is to deactivate heuristics in the options. However that does not help users of your program.

last month it started with great problems.... even fixes r marked as problem 4 avast.
i am using now immunet and thats my advice for all who have 'problems' with my programs
avast was great product until 6.x

Antivirus scanners are doomed and place a real time burden on all activity.
Acquiring trusted certificates and only allowing them to run is the future
Industry leader in white listing space
As you develop new executables/dll's, you must request a signature from the server or else you are blocked.
MS has caught on but now they must figure a way to implement whitelisting and not step on existing IP.

Having posted just the other day to confirm in a post that i had been happily using avast with no problems with pb and my pb created exe`s, for it to suddenly kick off.

But only one specific program would be blocked by avast on compile and execution ((simple gui creating and checking md5 ) As Fred said in his blog AV`s picking up a pattern )

I commented out lines to see which caused the av to fire on compilation and eventually narrowed it down to a combination of setgadgettext() and setwindowtitle().

Went though all the options to no avail so ousted avast and now trying kaspersky 30 day trial at the moment with no problems and the md5 prog compiles and runs fine.

Now how do customers act when you tell them that they need to change there AV`s etc soon no one will want PB compiled exe`s

Something needs to be done a epetition to avast & others or something etc (fortunately i don't rely on PB programming for a living) but some do, Fred & team included.

Just a thought

Zebuddi.

sartic wrote:last month it started with great problems.... even fixes r marked as problem 4 avast.
i am using now immunet and thats my advice for all who have 'problems' with my programs
avast was great product until 6.x

I'm dislike avast more and more, too ... i have already
marked my development directory to be ignored in avast
... it is really nice that when you start a program,
you can select if it should be ok or not with a checkbox
to remember it on next run.

The problem is only, it doesn't remember it and asks
again and again. My current project runs
3 processes at once so i have to click 3 times ...
I just doesn't work on the avast-computer that much,
but it will not last very long if that is not going to
change soon ... the second time i need to switch
away from avast.

MFG PMV

skywalk wrote:Acquiring trusted certificates and only allowing them to run is the future

Nope. Viruses can fake signatures, or alter the code in Windows that verifies them. It's all been tried before.

Not when running in user mode, or the OS has a real issue

I am pretty much fed up with this whole false positives issue as well. And it most probably is generated by people who use PB to make malware and the inability of the AV vendors to differentiate between actual malware code and benign code (from libraries for example). Not hard to understand considering that the number of virus samples has increased. So my guess is that they are using automated systems for generating signatures en-masse, otherwise I can't explain the big number of FPs... Or heuristics à la ClamAV (PUA.Win32.Packer.Purebasic-1 ). It would be funny if it wasn't so sad.

I think / hope the AV industry will change their tactics towards proactive protection (maybe HIPS, Sandbox and community-based ratings).

Adding to that:
http://www.purebasic.fr/english/viewtop ... =5&t=53448

In my case some programs made with PB were deleted by Avast! Internet Security without warning. Others compiled on the same day still ran without problems.
My Avast! subscription has to be renewed next month. I doubt I will continue ... on the other hand ... it will be hard to find a better one.

I have now switched off part of the real-time-protection to work with my own programs. A nuisance anyway.

RGR


.

Fred wrote:I'm a bit fed up with anti-virus, so time for a rant: http://www.purebasic.fr/blog/?p=410

It's not just PureBasic. I tried to download CamStudio just now from camstudio.org and as soon as it saved, Avira Antivir threw a fit and said it had a virus. It's probably a false alarm but I'm too scared to risk it.

MachineCode wrote:It's not just PureBasic. I tried to download CamStudio just now from camstudio.org and as soon as it saved, Avira Antivir threw a fit and said it had a virus. It's probably a false alarm but I'm too scared to risk it.

if you have that problem ... how can we tell other
not-computer-freaks that they don't need to worry about it.