| View previous topic :: View next topic |
| Author |
Message |
BoBo²
Guest
|
 Posted: Tue May 20, 2008 12:52 pm Post subject: |
 |
|
| Quote: | | We'd like to ask that when you generate virus signatures, scripts compiled with AutoHotkey are not treated as malware by default. |
as scripts could be indeed malicious, I doubt that they will/should be set on a whitelist per se.
| Quote: | | I think that its current form is too verbose. I (usually ) like to make my posts and e-mails as concise as possible without omitting anything of value. |
Obviously you own the book "How to communicate professionally"  |
|
| Back to top |
|
 |
DerRaphael
Joined: 23 Nov 2007
Posts: 704
Location: % ( RegExMatch( A_AppData, "^(?P<_Home>.*)\\", A ) ? A_Home : "" )
|
| Posted: Tue May 20, 2008 1:11 pm Post subject: |
|
|
| Quote: | | We'd like to ask that when you generate virus signatures, scripts compiled with AutoHotkey are not treated as malware. |
i agree with BoBo²: it's the interpreter which is treated as the malware, so it'd be better to ask for not blacklisting the interpreter bytecode. personally i like your version, lexikos, but since i am not the only one here and this is intended to be a community letter, i'd like to read some other opinions, too.
greets
derRaphael
_________________
|
|
| Back to top |
|
|
Lexikos
Joined: 17 Oct 2006
Posts: 4473
Location: Qld, Australia
|
| Posted: Tue May 20, 2008 10:01 pm Post subject: |
|
|
I see your point, but I wasn't sure if AutoHotkeySC and the script are indeed seen as separate entities by anti-virus software. It is specifically the "interpreter" in compiled scripts, not the standard AutoHotkey, right? I'm also reluctant to use the term "interpreter" since it isn't entirely accurate. I suppose they don't know that, though. 
Would adding "unnecessarily" or "indiscriminately" suffice? |
|
| Back to top |
|
|
Oberon
Joined: 18 Feb 2008
Posts: 442
|
| Posted: Tue May 20, 2008 10:28 pm Post subject: |
|
|
| It is my understanding that AVs have only blocked compiled scripts thus far. The sad truth is that AutoHotkey can and has been used for keylogging and malware. We should feel assured that protection software warn us about all the potential risks indiscriminate of open source engines or whatever. So long as regular .ahk scripts work I have no problem under the current system. AutoHotkey has been promoted as a personal desktop macroing tool, not a means to develop commercial applications which this affects. |
|
| Back to top |
|
|
imapow
Joined: 13 Mar 2008
Posts: 155
Location: Trøndelag, Norway
|
| Posted: Tue May 20, 2008 11:09 pm Post subject: |
|
|
Norwegian
| Quote: |
På vegne av Autohotkey's samfunnet:
hei,
Vi lager programvare med åpen kildekode skriptspråk Autohotkey. Etter kompilering, ved hjelp av pakking av skriptet med en strippet ned versjon av skriptets tolk til en kjørbar binær fil, i stedet for å konvertere skriptet til maskinkode, vår programvare blir ofte gjenkjent som malware og derfor som en falsk positiv. Dette kan være fordi skript er UPX pakket. Dette er standardinnstillingen.
deres antivirus gjenkjenner hvert program som ble laget med Autohotkey som malware og behandler disse harmløse og nyttige verktøyene som ubrukelige. Dette er en svært skjemmende atferd. Det blir enda verre når programmene våre blir brukt i bedrifter og på grunn av falske positiver tillitsfulle brukere får bewildered. Verken vår eller deres sak drar fordeler fra slik oppførsel av antivirus programvaren.
Dessverre er ikke dette første gang at det er falske positiver med kompilert Autohotkey prosedyrer som en bakgrunn. Vi vil spørre deg når du genererer virus signaturer, at Autohotkey's skriptspråk tolk er ikke blir behandlet som malware.
Vennlig hilsen,
Autohotkey samfunnet
www.autohotkey.com/forum
de.autohotkey.com/forum
|
_________________
-._.-¨¯¨-._.-IM@PΩW-._.-¨¯¨-._.- |
|
| Back to top |
|
|
DerRaphael
Joined: 23 Nov 2007
Posts: 704
Location: % ( RegExMatch( A_AppData, "^(?P<_Home>.*)\\", A ) ? A_Home : "" )
|
| Posted: Wed May 21, 2008 12:39 am Post subject: |
|
|
added the norwegian and the korean version to 1st post .. thanx for all contributions so far.
_________________
|
|
| Back to top |
|
|
n-l-i-d
Guest
|
| Posted: Wed May 21, 2008 1:07 pm Post subject: |
|
|
Here is my "softer" (I don't think we should "pound" to much on the annoyances) and "degermanized" (ent-Germanismen-ierter) English version.
| Quote: | On behalf of the Autohotkey community:
Greetings,
As one of many users of the open source scripting language Autohotkey, I wish to call your attention to the following:
AutoHotkey "compiles" its scripts by packaging the script with a stripped-down version of the script interpreter to an executable binary file, rather than converting the script to machine code. Moreover, the compiled scripts get packed by UPX by default.
Unfortunately, after compiling our scripts to executables, our software is often mistakenly recognized as a malware by your product. Both the nature of AutoHotkey's "compilation" and the fact that it usually uses UPX might trigger those false positives.
Many harmless and useful tools get rendered useless by this behaviour.
We'd therefore urge you, when generating virus-signatures and detection methods for your product, that Autohotkey's specifics will be taken into account.
Kind regards,
Autohotkey Community
www.autohotkey.com/forum/
de.autohotkey.com/forum/ |
|
|
| Back to top |
|
|
DerRaphael
Joined: 23 Nov 2007
Posts: 704
Location: % ( RegExMatch( A_AppData, "^(?P<_Home>.*)\\", A ) ? A_Home : "" )
|
| Posted: Wed May 21, 2008 1:22 pm Post subject: |
|
|
nice one, thank you n-l-i-d.
what do all the others think about this version? of course its easy to update the 1st post everytime a new variant comes up, but since we are a forum, it'd be nice to hear (read) some more opinions about this. so not only the creator of the letter variant, but also some other autohotkey user state their opinion. keep in mind, that when major content changes happen this also impacts on all other localised variants so far. german version is no big deal, but i dont know about the other. keep the discussion alive!
greets
derRaphael
_________________
|
|
| Back to top |
|
|
IsNull
Joined: 10 May 2007
Posts: 166
Location: .switzerland
|
| Posted: Fri May 23, 2008 8:26 pm Post subject: |
|
|
I'm stunned to see a such great involvement into this Idea. Thanks for propel this project. - McAfee hopefully understand our point of view in this case.
regards
IsNull
_________________
http://securityvision.ch
AHK 2D GAME ENGINE |
|
| Back to top |
|
|
Lexikos
Joined: 17 Oct 2006
Posts: 4473
Location: Qld, Australia
|
| Posted: Sat May 24, 2008 12:58 am Post subject: |
|
|
n-l-i-d, I like the wording of your introduction, and the overall tone of the message. I do have two suggestions:
| n-l-i-d wrote: | | On behalf of the Autohotkey community: |
I think this is redundant in light of:
| Quote: | | As one of many users of the open source scripting language Autohotkey, I wish to call your attention to the following: |
| Quote: | AutoHotkey "compiles" its scripts by packaging the script with a stripped-down version of the script interpreter to an executable binary file, rather than converting the script to machine code.
|
Perhaps it would be clearer and more accurate to say:
| Quote: | | AutoHotkey "compiles" a script by appending it to an executable binary file containing a version of the script interpreter, rather than translating the script to machine code. |
|
|
| Back to top |
|
|
mouser
Joined: 03 Oct 2008
Posts: 9
|
| Posted: Sat Dec 06, 2008 9:42 pm Post subject: |
|
|
The DonationCoder.com community stands behind this idea 100%. When the letter goes out please let me know so i can help draw attention to it.
-mouser |
|
| Back to top |
|
|
m^2
Joined: 28 Feb 2008
Posts: 86
Location: Krk, PL
|
| Posted: Sat Dec 06, 2008 10:37 pm Post subject: |
|
|
I think that the problem is not that AV companies are unwilling to allow AHK executables, but that they cannot do it easily.
Because of performance reasons, AVs scan only the code part of executables. All AHK scripts, both legit and malware have it the same.
I think there's only one good solution. Write a real compiler. AHK doesn't seem to be problematic to do so.
It needs time, but everybody will benefit from this solution.
_________________
| Benjamin Franklin wrote: | | Anyone who trades liberty for security deserves neither liberty nor security. |
|
|
| Back to top |
|
|
jaco0646
Joined: 07 Oct 2006
Posts: 1898
Location: MN, USA
|
|
| Back to top |
|
|
Alex Herrero
Guest
|
| Posted: Sun Dec 07, 2008 5:20 am Post subject: Spanish version |
|
|
This would be a first draft of the Spanish Version:
| Quote: |
En el nombre de la comunidad de Autohotkey
Buen día,
Nosotros creamos software con el lenguaje de código abierto de scripting Autohotkey. Luego de compilar, refiriéndonos a empaquetar el script a una versión más simple a un archivo binario ejecutable, en lugar de convertir el script a código de máquina, nuestro software es muchas veces reconocido como malware y tomado entonces como falso positivo. Esto puede deberse a que los scripts son compilados por UPX. Este es el seteo por defecto.
Vuestro producto antivirus reconoce cada programa que fue hecho por Autohotkey como malware, dejando inservibles estos inofensivos y útiles programas. Esta es una conducta poco placentera. Esto se vuelve aún peor cuando nuestros programas se usan en compañías y a causa de los falsos positivos los usuarios quedan desconcertados. Ninguna de nuestra y vuestra reputación se ve beneficiada por tal comportamiento del software antivirus.
Desafortunadamente esta no es la primera vez que hay falsos positivos con scripts compilados por Autohotkey. Nos gustaría pedirles que cuando generen las firmas de virus, el lenguaje de scripting Autohotkey no se trate como malware.
Nuestros saludos,
La comunidad de Autohotkey
|
Modify it as you please. |
|
| Back to top |
|
|
AHKFun"
Guest
|
| Posted: Mon Dec 08, 2008 10:09 am Post subject: |
|
|
@DerRaphael:
Great idea 
| m^2 wrote: |
I think that the problem is not that AV companies are unwilling to allow AHK executables, but that they cannot do it easily.
|
It is not relevant.
They have not right to make false positive.
Otherwise they could easily crush any software company.
If wonder, just try to make false positive for some MS software
and you'll see what'll hit you  |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
