Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Software Protection...

  1. #11
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    7,128
    Rep Power
    732
    This topic could have evolved into forging an approach together to get proggies checked in a way the customers don't get false alerts once they reach their PCs.

    Searching for the mistakes on the other side is... the simple approach to feel better, for a while. Not an effective approach to make things better.


    Petr
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 10 64bit - Intel Core i5-3350P @ 3.1GHz - 16 GB RAM - NVIDIA GeForce GTX 1050 Ti 4GB

  2. #12
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    One cannot fix, what they haven't broken. An indie developer is only responsible for bugs in their software, not the software of AV vendors. It would be nice someday to have a round table with indie developers and representatives of all major AV vendors. Probably would never happen as it would turn into a bare knuckle brawl with the amount of abuse indie developers have had to suffer through from AV developers over the many years.

    Back to BASICs...

    I compiled one of the samples for the latest version of PureBasic, 5.61 at this writing. PureBasic has certainly become bloated, the canvas gadget example compiles to 291k for the 32-bit version. Virus Total triggers 3 warnings on this one. The only one of any remote popularity, is McAfee and it hasn't been too popular since the DOS days. Even in the latter DOS days, I was using F-Prot as it was a better product. Still, McAfee manages to get itself on many systems as shovelware.

  3. #13
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    ThinBasic, trying the AntiTetris example. On VirusTotal it gets a score of 3 and the only major one is McAfee. Awesome score IMHO.

    Compiled size is fairly comparable to what the same thing would be in PureBasic. The more I use TB, the more blown away I am by it. I can definitely see myself releasing some software in TB and not using it just for prototyping. I had to make a few tweaks to my registration method being used, but it now works flawlessly with TB created EXEs.

  4. #14
    Does compressing with UPX has anything to do with the false alerts? If yes, I suggest not to compress anything TB related to avoid such false alerts.

  5. #15
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10
    Compressing with UPX is not an automatic symptom that let an AV software to say there is a threat.
    Would be that simple ... I will remove UPX right now.
    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

  6. #16
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    Mike, since all of my systems, software and backups are packed up, I am kinda really starting new. I have been trying to find replacements for Molebox and the proprietary bundler I used to use as well as find a new product to handle registrations and have a limited trial. Things have changed a good bit, some for the better, but the one thing that hasn't changed is all of those things like to trigger false positives.
    Anybody willing to help with graphics and models for a game in TB, please send me a PM.

  7. #17
    Brice, due to its extreme popularity UPX compression should be very well known to the AV analyzers by now, whether its "signatures" are present in the packed exe or not. (yes, you can clean the exe manually of a lot of UPX patterns yet the AVs would unmistakably determine it as UPX, which isn't per se a symptom of malicious intentions)

    Still there are quite a lot of heuristic criteria by which SW is regarded as potentially malicious, just to name but a few:
    • inconsistency in the Windows PE headers (bad checksum, non-standard section layout, etc.)
    • lack of resources (manifest, version info, etc.)
    • executable code compression (and especially custom non-UPX exe packing)
    • lack (or minimum) of external library calls, especially if none are present but LoadLibrary/GetProcAddress
    • many, many more -- in fact, too many to even mention here

    None of the AV vendors are eager to specify exactly why they've labeled this or that exe as potentially malicious -- just because they wouldn't want virus writers to know of, and bypass, their booby traps. But the algos to determine if the code is packed or not are quite simple regardless of the sophistication of exe packer itself. The AV just analyzes the frequency of unique byte patterns in the code sections and, if it is sufficiently high, then the exe is considered packed. (clearly, the main objective of data compression is to ultimately eliminate any byte pattern repetition at all)

    So, whichever the compression utility, you are always suspected of ill intentions even if the only exe packer you're using is UPX.
    Mike
    (3.6GHz i5 Core Quad w/ 16GB RAM, nVidia GTX 1060Ti w/ 6GB VRAM, x64 Windows 7 Ultimate Sp1)

  8. #18
    Member Kuron's Avatar
    Join Date
    Sep 2017
    Location
    Nashville
    Posts
    54
    Rep Power
    12
    Quote Originally Posted by mike lobanovsky View Post
    [*]inconsistency in the Windows PE headers (bad checksum, non-standard section layout, etc.)
    How the EXE was laid out was really an issue back in the day. Back then ASPack was better than UPX in that it produced smaller EXEs, But some things ASPack and UPX could not compress, so I used a product called Neolite that was very good. IIRC, Neolite was fairly costly, but it was good and reliable, but it would not compress some EXEs that ASPack would.

    I have always been big on EXE compression. In the DOS days I used Diet which besides being an EXE compressor, it could also be loaded as a TSR and could be used to compress your whole hard drive and uncompress files on the fly. In the Windows 3.1 days, my friend Doren wrote a 16-bit Windows EXE compressor that was very good.
    Anybody willing to help with graphics and models for a game in TB, please send me a PM.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Glibc is now 100% free software
    By ErosOlmi in forum Software discussion
    Replies: 0
    Last Post: 10-09-2010, 12:17
  2. A Visit to id software
    By matthew in forum Shout Box Area
    Replies: 2
    Last Post: 09-04-2009, 02:09
  3. 3D Software
    By Michael Clease in forum Software discussion
    Replies: 11
    Last Post: 02-12-2008, 21:41
  4. Replies: 10
    Last Post: 21-03-2008, 10:54
  5. maybe illigal software
    By sandyrepope in forum General
    Replies: 6
    Last Post: 14-09-2007, 16:27

Members who have read this thread: 0

There are no members to list at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •