View topic - An open letter for Antiviral software companies • AutoHotkey Community

View unanswered posts | View active topics

Board index » General » Offtopic

All times are UTC [ DST ]

An open letter for Antiviral software companies

Page 2 of 3

[ 44 posts ]

Go to page Previous 1, 2, 3 Next

Print view | E-mail friend

Previous topic | Next topic

Author

Message

BoBo²

Post subject:

Posted: May 20th, 2008, 12:52 pm

Quote:

We'd like to ask that when you generate virus signatures, scripts compiled with AutoHotkey are not treated as malware by default.

as scripts could be indeed malicious, I doubt that they will/should be set on a whitelist per se.

Quote:

I think that its current form is too verbose. I (usually ) like to make my posts and e-mails as concise as possible without omitting anything of value.

Obviously you own the book "How to communicate professionally"

Top

derRaphael

Post subject:

Posted: May 20th, 2008, 1:11 pm

Joined: November 23rd, 2007, 10:23 am
Posts: 841
Location: ~/.

Quote:

We'd like to ask that when you generate virus signatures, scripts compiled with AutoHotkey are not treated as malware.

i agree with BoBo²: it's the interpreter which is treated as the malware, so it'd be better to ask for not blacklisting the interpreter bytecode. personally i like your version, lexikos, but since i am not the only one here and this is intended to be a community letter, i'd like to read some other opinions, too.

greets
derRaphael

_________________

All scripts, unless otherwise noted, are hereby released under CC-BY

Top

Lexikos

Post subject:

Posted: May 20th, 2008, 10:01 pm

Joined: October 17th, 2006, 4:15 pm
Posts: 7502
Location: Australia

I see your point, but I wasn't sure if AutoHotkeySC and the script are indeed seen as separate entities by anti-virus software. It is specifically the "interpreter" in compiled scripts, not the standard AutoHotkey, right? I'm also reluctant to use the term "interpreter" since it isn't entirely accurate. I suppose they don't know that, though.

Would adding "unnecessarily" or "indiscriminately" suffice?

Top

Oberon

Post subject:

Posted: May 20th, 2008, 10:28 pm

Joined: February 18th, 2008, 8:26 pm
Posts: 442

It is my understanding that AVs have only blocked compiled scripts thus far. The sad truth is that AutoHotkey can and has been used for keylogging and malware. We should feel assured that protection software warn us about all the potential risks indiscriminate of open source engines or whatever. So long as regular .ahk scripts work I have no problem under the current system. AutoHotkey has been promoted as a personal desktop macroing tool, not a means to develop commercial applications which this affects.

Top

imapow

Post subject:

Posted: May 20th, 2008, 11:09 pm

Joined: March 13th, 2008, 6:37 pm
Posts: 155
Location: Trøndelag, Norway

Norwegian

Quote:

På vegne av Autohotkey's samfunnet:

hei,

Vi lager programvare med åpen kildekode skriptspråk Autohotkey. Etter kompilering, ved hjelp av pakking av skriptet med en strippet ned versjon av skriptets tolk til en kjørbar binær fil, i stedet for å konvertere skriptet til maskinkode, vår programvare blir ofte gjenkjent som malware og derfor som en falsk positiv. Dette kan være fordi skript er UPX pakket. Dette er standardinnstillingen.

deres antivirus gjenkjenner hvert program som ble laget med Autohotkey som malware og behandler disse harmløse og nyttige verktøyene som ubrukelige. Dette er en svært skjemmende atferd. Det blir enda verre når programmene våre blir brukt i bedrifter og på grunn av falske positiver tillitsfulle brukere får bewildered. Verken vår eller deres sak drar fordeler fra slik oppførsel av antivirus programvaren.

Dessverre er ikke dette første gang at det er falske positiver med kompilert Autohotkey prosedyrer som en bakgrunn. Vi vil spørre deg når du genererer virus signaturer, at Autohotkey's skriptspråk tolk er ikke blir behandlet som malware.

Vennlig hilsen,
Autohotkey samfunnet

www.autohotkey.com/forum
de.autohotkey.com/forum

_________________
-._.-¨¯¨-._.-IM@PΩW-._.-¨¯¨-._.-

Top

derRaphael

Post subject:

Posted: May 21st, 2008, 12:39 am

Joined: November 23rd, 2007, 10:23 am
Posts: 841
Location: ~/.

added the norwegian and the korean version to 1st post .. thanx for all contributions so far.

_________________

All scripts, unless otherwise noted, are hereby released under CC-BY

Top

n-l-i-d

Post subject:

Posted: May 21st, 2008, 1:07 pm

Here is my "softer" (I don't think we should "pound" to much on the annoyances) and "degermanized" (ent-Germanismen-ierter) English version.

Quote:

On behalf of the Autohotkey community:

Greetings,

As one of many users of the open source scripting language Autohotkey, I wish to call your attention to the following:

AutoHotkey "compiles" its scripts by packaging the script with a stripped-down version of the script interpreter to an executable binary file, rather than converting the script to machine code. Moreover, the compiled scripts get packed by UPX by default.

Unfortunately, after compiling our scripts to executables, our software is often mistakenly recognized as a malware by your product. Both the nature of AutoHotkey's "compilation" and the fact that it usually uses UPX might trigger those false positives.

Many harmless and useful tools get rendered useless by this behaviour.

We'd therefore urge you, when generating virus-signatures and detection methods for your product, that Autohotkey's specifics will be taken into account.

Kind regards,
Autohotkey Community

www.autohotkey.com/forum/
de.autohotkey.com/forum/

Top

derRaphael

Post subject:

Posted: May 21st, 2008, 1:22 pm

Joined: November 23rd, 2007, 10:23 am
Posts: 841
Location: ~/.

nice one, thank you n-l-i-d.

what do all the others think about this version? of course its easy to update the 1st post everytime a new variant comes up, but since we are a forum, it'd be nice to hear (read) some more opinions about this. so not only the creator of the letter variant, but also some other autohotkey user state their opinion. keep in mind, that when major content changes happen this also impacts on all other localised variants so far. german version is no big deal, but i dont know about the other. keep the discussion alive!

greets
derRaphael

_________________

All scripts, unless otherwise noted, are hereby released under CC-BY

Top

IsNull

Post subject:

Posted: May 23rd, 2008, 8:26 pm

Joined: May 10th, 2007, 10:54 am
Posts: 649
Location: .switzerland

I'm stunned to see a such great involvement into this Idea. Thanks for propel this project. - McAfee hopefully understand our point of view in this case.

regards
IsNull

_________________
http://securityvision.ch
AHK 2D GAME ENGINE

Top

Lexikos

Post subject:

Posted: May 24th, 2008, 12:58 am

Joined: October 17th, 2006, 4:15 pm
Posts: 7502
Location: Australia

n-l-i-d, I like the wording of your introduction, and the overall tone of the message.

I do have two suggestions:

n-l-i-d wrote:

On behalf of the Autohotkey community:

I think this is redundant in light of:

Quote:

As one of many users of the open source scripting language Autohotkey, I wish to call your attention to the following:

Quote:

AutoHotkey "compiles" its scripts by packaging the script with a stripped-down version of the script interpreter to an executable binary file, rather than converting the script to machine code.

Perhaps it would be clearer and more accurate to say:

Quote:

AutoHotkey "compiles" a script by appending it to an executable binary file containing a version of the script interpreter, rather than translating the script to machine code.

Top

mouser

Post subject:

Posted: December 6th, 2008, 9:42 pm

Joined: October 3rd, 2008, 9:42 pm
Posts: 9

The DonationCoder.com community stands behind this idea 100%. When the letter goes out please let me know so i can help draw attention to it.

-mouser

Top

m^2

Post subject:

Posted: December 6th, 2008, 10:37 pm

Joined: February 28th, 2008, 8:02 pm
Posts: 100
Location: Krk, PL

I think that the problem is not that AV companies are unwilling to allow AHK executables, but that they cannot do it easily.
Because of performance reasons, AVs scan only the code part of executables. All AHK scripts, both legit and malware have it the same.

I think there's only one good solution. Write a real compiler. AHK doesn't seem to be problematic to do so.
It needs time, but everybody will benefit from this solution.

_________________

Benjamin Franklin wrote:

Anyone who trades liberty for security deserves neither liberty nor security.

Top

jaco0646

Post subject:

Posted: December 7th, 2008, 12:31 am

Joined: October 7th, 2006, 4:50 pm
Posts: 3157
Location: MN, USA

I agree with m^2, and this is a good place to point out that ladiko's compiler has a "No UPX" option.
Compile_AHK II - for those who compile!

Top

Alex Herrero

Post subject: Spanish version

Posted: December 7th, 2008, 5:20 am

This would be a first draft of the Spanish Version:

Quote:

En el nombre de la comunidad de Autohotkey

Buen día,

Nosotros creamos software con el lenguaje de código abierto de scripting Autohotkey. Luego de compilar, refiriéndonos a empaquetar el script a una versión más simple a un archivo binario ejecutable, en lugar de convertir el script a código de máquina, nuestro software es muchas veces reconocido como malware y tomado entonces como falso positivo. Esto puede deberse a que los scripts son compilados por UPX. Este es el seteo por defecto.

Vuestro producto antivirus reconoce cada programa que fue hecho por Autohotkey como malware, dejando inservibles estos inofensivos y útiles programas. Esta es una conducta poco placentera. Esto se vuelve aún peor cuando nuestros programas se usan en compañías y a causa de los falsos positivos los usuarios quedan desconcertados. Ninguna de nuestra y vuestra reputación se ve beneficiada por tal comportamiento del software antivirus.

Desafortunadamente esta no es la primera vez que hay falsos positivos con scripts compilados por Autohotkey. Nos gustaría pedirles que cuando generen las firmas de virus, el lenguaje de scripting Autohotkey no se trate como malware.

Nuestros saludos,
La comunidad de Autohotkey

Modify it as you please.

Top

AHKFun"

Post subject:

Posted: December 8th, 2008, 10:09 am

@DerRaphael:
Great idea

m^2 wrote:

I think that the problem is not that AV companies are unwilling to allow AHK executables, but that they cannot do it easily.

It is not relevant.
They have not right to make false positive.
Otherwise they could easily crush any software company.
If wonder, just try to make false positive for some MS software
and you'll see what'll hit you :wink:

Top

Page 2 of 3

[ 44 posts ]

Go to page Previous 1, 2, 3 Next

Board index » General » Offtopic

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 3 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum