Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Software Protection...

  1. #1
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12

    Software Protection...

    The old software protection method I used for years was Armadillo. Handled registrations good, but was bloated and became increasingly insecure for the $$ it cost. For distribution on free stuff, I used Molebox and a proprietary method, both of which are in my stuff in storage and I can't access them. So, I explored the current offerings including new protection programs.

    The mafioso protection racket designed by AV authors with their false positives has become absurd. I compiled a simple demo program in PowerBASIC.

    1. As is, compiled and then tested in Virus Total, the program was 76k and scored a 2/64. Ironically, this is the ONLY one who flags Comodo. Native PB was the only one to flag what I consider to be one of the big boys and legitimate programs. I would be curious to retry this in PB 9, as PB 9 was a better product (much smaller compiled EXEs and often much faster compiled EXEs).

    2. The same EXE compressed with ASPack was 42k and scored 15/62.

    3. The same EXE compressed with UPX (ultra brute) was 37k and scored 10/63. Not only is UPX finally compressing smaller than ASPack, it also triggers less false positives. Needless to say, I will NOT be repurchasing ASPack (I own it, but it is in storage).

    4. The same EXE, protected with a new protector which also compresses/encrypts was 54k and scored 24/64. Not bad on compression, given the type of product it is, but the false positives are concerning. But, the program works well and seems easy to use for me as well as potential customers.

    These AV authors have literally made it almost impossible for an indie developer to exist. Something I have raved about for years, but it is getting increasingly worse over the years. Even if indie developers tell their customers the truth, that the program is fine and the AV company is wrong, the customers are still going to believe the multi-million dollar AV company and not run your software and bad mouth it for viruses.

    As indie developers, we are expected to do the work of the lazy and incompetent AV authors and report false positives and hope and pray they safe list our program, which may or may not happen and may or may not require money changing hands. Self-proclaimed AV experts, have been running roughshod over indie authors for many years. The only ones who are not routinely dealing with false positives are the major software companies who do exchange some $$ with the AV authors.

    I am amazed there have not been multiple class action suits against every AV author out there due to their continued false allegations that a program is or may be harmful when it is not.

    Very hard to think about even trying to compete in today's software market...

  2. #2
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    7,128
    Rep Power
    732
    Hi,

    no need for suits. As I work for AVG / Avast, should you find something worth investigation, let me know and I can discuss it with colleagues.


    Petr
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 10 64bit - Intel Core i5-3350P @ 3.1GHz - 16 GB RAM - NVIDIA GeForce GTX 1050 Ti 4GB

  3. #3
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10
    Every time an AV tells some part of thinBasic has a virus ... I submit it to AV web page as false positive
    In few days they usually react and fix.

    Problem is when you update your software quite often.
    In that case false positive can come up again and again.
    And I re-submit again and again
    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

  4. #4
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    Quote Originally Posted by Petr Schreiber View Post
    Hi,
    I work for AVG / Avast, should you find something worth investigation, let me know and I can discuss it with colleagues.

    Good to know, thank you.

  5. #5
    Quote Originally Posted by Kuron View Post
    The old software protection method I used for years was Armadillo...
    ....................................
    Very hard to think about even trying to compete in today's software market...


    I second every single word of your message, Brice.

    I am literally sick and tired of all the decades of warfare of a lone indie developer against the hordes of money-thirsty blood suckers at VirusTotal dot com.


    Quote Originally Posted by Kuron View Post
    Quote Originally Posted by Petr Schreiber View Post
    Hi,
    I work for AVG / Avast ...


    Petr
    Good to know, thank you.
    Very interesting indeed! Avast and Avira are among the dumbest of the dumb at the VirusTotal waste pit. Again, I simply can't afford wasting any more of my lifetime for negotiations with potential sixty-three "Petr Schreiber"s, however civil and intelligent they might be socially and in all other respects, at that VirusTotal arse of the world of computers.




    Quote Originally Posted by ErosOlmi View Post
    And I re-submit again and again
    I bow to your patience, Eros. But that's not for me any more -- not at my age and life expectancy.
    Mike
    (3.6GHz i5 Core Quad w/ 16GB RAM, nVidia GTX 1060Ti w/ 6GB VRAM, x64 Windows 7 Ultimate Sp1)

  6. #6
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    Quote Originally Posted by mike lobanovsky View Post
    Very interesting indeed! Avast and Avira are among the dumbest of the dumb at the VirusTotal waste pit.
    In its day, 10+ years back, AVG was actually pretty good, nowadays AVG/Avast/Avira are among the worst. Bloated and slow and nothing but false positives. I never recommend any of the three to clients.

    The author of my protection software, due to the nonsense from the three named above and a few others you never heard of, uses the terminology "proven safe in 42 different anti virus programs" on his website. I think I will follow that lead as well and even name the software programs.

    I have really ranted on the false positive nonsense over the years and the real reasons the companies do this nonsense. But out of respect for Petr, I am biting my tongue pretty hard.

    For real-time protection I stick with Panda. It is not bloated and very light on resources and in 2015, Panda obtained the best rate protection in the Real World Protection Test by AV-Comparatives. For on-demand, I stick with ClamWin.

    Mike, there is not a language author out there that I have more respect for their work and their knowledge. Truly do love FBSL.

  7. #7
    Quote Originally Posted by Kuron View Post
    Truly do love FBSL.
    Thank you very much for your appreciation, Brice. And my heart goes to Eros and Petr. They are great at whatever they are doing, and they are also very friendly and easy-going socially, which is indeed a rare combination of talents on the web today.

    Quote Originally Posted by Kuron View Post
    But out of respect for Petr, I am biting my tongue pretty hard.
    Averyone has the right to their own skeleton in their closet, haven't they?
    Mike
    (3.6GHz i5 Core Quad w/ 16GB RAM, nVidia GTX 1060Ti w/ 6GB VRAM, x64 Windows 7 Ultimate Sp1)

  8. #8
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    Quote Originally Posted by mike lobanovsky View Post
    Averyone has the right to their own skeleton in their closet, haven't they?
    And everybody needs a job to put food on their table for their family. :c)

  9. #9
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    7,128
    Rep Power
    732
    I am still waiting for that example to help with.


    Petr
    Last edited by Petr Schreiber; 07-10-2017 at 18:09.
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 10 64bit - Intel Core i5-3350P @ 3.1GHz - 16 GB RAM - NVIDIA GeForce GTX 1050 Ti 4GB

  10. #10
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    Every time an AV tells some part of thinBasic has a virus ... I submit it to AV web page as false positive
    Is it still like the old days and the web page isn't even linked off the home page? Hmm, went and looked at the three in question myself...

    AVG: Gave up after looking for 10 minutes.
    Avast: It is there, but they try and hide it by the "need help" scroller that pops out from the right and partially covers the "false positive" icon.
    Avira: Gave up after 10 minutes.


    And my heart goes to Eros and Petr. They are great at whatever they are doing, and they are also very friendly and easy-going socially, which is indeed a rare combination of talents on the web today.
    I could not agree more, my friend. Both are tops at what they do. Also, in reading old posts, it really touched my heart deeply to see how far they both went to help a fellow community member in need. Good stand up guys with hearts of gold.


    Very interesting indeed! Avast and Avira are among the dumbest of the dumb at the VirusTotal waste pit.
    Have you ever read Virus Total's, TOS?

    When you upload or otherwise submit content, you give VirusTotal (and those we work with) a worldwide, royalty free, irrevocable and transferable licence to use, edit, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content.

    Oy vey!


    I am still waiting for that example to help with.
    Petr, I have a massive amount of respect for you as a person, and as a programmer for your work with TB. However, your employer is AVAST. My comments are only about Avast (and their holdings) not you.

    Avast bought Piriform (the maker of CCleaner) in July of 2017. In September 2017, it was found that CCleaner was responsible for one of the biggest acts of industrial espionage I can remember. The infected version of CCleaner was also found to have been on the Piriform servers since August of 2017, which is one month after the acquisition by Avast. I am willing to accept (perhaps naively) that nothing was intentionally done by Avast and this arose because of the normal ineptness they have demonstrated with their AV software for many years. I have no problem believing Avast is that incompetent.

    The federal government over here is freaking out about Kapersky and wants it banned and is even telling us citizens not to use it. The problem is they are too stupid to realize the Kapersky AV software is not the issue (at least what I know at the time of this writing). The company who is working with the Russian government is the one started by Kapersky's ex-wife. Entirely different company. Nothing hidden either, as her company is openly working with the government.

    What the federal government should be freaking out about and banning and telling us citizens not to use, is any software produced by Avast, and their holdings, like AVG, CCleaner, etc. Avast is the one who is ultimately responsible (by not securing their servers and their software and distributing the infected software for a month) for the industrial espionage which has the potential to have cost companies like Microsoft, Intel, Sony, Cisco, Dell, Samsung and countless others, billions of dollars in damage.

    Given the scope and severity of this incident and the mega corporations that were infected, do you seriously think an average ham and egger like myself is going to entrust my software to be sent to Avast, when I know the fault in the false reporting is 100% theirs and my software is clean and 100% safe?

    Besides my time in the Army, as a civilian I have maintained a high level security clearance that has allowed me to do lucrative contract work for defense contractors (who were in no shortage where I lived up until two years ago). Although I never plan to do contract work again, especially in the defense sector, I am not going to jeopardize my security clearance, this includes sending any of my work to a company who (intentional or not) is behind an industrial espionage incident like this.

    The only way for indie developers to legitimately combat the false positive issue is by educating our customers. And in the case of Avast, educate our customers why they should not even have AVG or Avast installed on their computers and the potential security liability they present.

    I would be shocked if Piriform can survive this. Avast, as the parent company, may even have a hard time surviving this one given the scope. AVG can survive, but only if Avast sells it off immediately. If Avast folds, it will take the subsidiaries with them. This has the potential to be the biggest mess the industry has ever seen. Yahoo's breech was bad, but it only affected Yahoo. The Avast/Piriform mess is affecting many of the major companies, and when the fallout fully hits, it will likely be most major companies, as well as many governments.
    Last edited by Kuron; 08-10-2017 at 07:37. Reason: typos

Page 1 of 2 12 LastLast

Similar Threads

  1. Glibc is now 100% free software
    By ErosOlmi in forum Software discussion
    Replies: 0
    Last Post: 10-09-2010, 12:17
  2. A Visit to id software
    By matthew in forum Shout Box Area
    Replies: 2
    Last Post: 09-04-2009, 02:09
  3. 3D Software
    By Michael Clease in forum Software discussion
    Replies: 11
    Last Post: 02-12-2008, 21:41
  4. Replies: 10
    Last Post: 21-03-2008, 10:54
  5. maybe illigal software
    By sandyrepope in forum General
    Replies: 6
    Last Post: 14-09-2007, 16:27

Members who have read this thread: 0

There are no members to list at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •