 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
Chavez
Joined: 20 Aug 2008
Posts: 256
|
 Posted: Mon Dec 08, 2008 10:06 am Post subject: |
 |
|
Dutch(Netherlands - Nederlands) version, translated by me:
| Dutch/Nederlands wrote: |
Namens de Autohotkey gemeenschap:
Geachte heer/mevrouw,
Wij, als in gemeenschap, zijn programmeurs die werken met de AutoHotKey programmeertaal. Na het compileren, wat gebeurd door middel van het inpakken van het script met een lichte versie van de script interpreteer programma naar een binaire exe, in plaats van het converteren naar machine taal, worden onze programma's herkend als malware wat een op voorhand valse beschuldiging is. Dit word waarschijnlijk veroorzaakt door het feit dat deze scripts gecompileerd worden met UPX, wat de standaard instelling is.
Uw antivirus product herkent alle programma's die vervaardigd zijn met AutoHotKey als malware, wat als gevolg heeft dat een hoop bruikbare en onschadelijke programma's onbruikbaar worden voor publiekelijk gebruik. Dit is een zeer ongemakkelijke bijwerking. Hierbij komt dat veel van deze programma's worden gebruikt in verschillende bedrijven en wegens deze malware herkenning raakt het vertrouwen tussen klant en programmeur gauw beschadigd, of de klant gaat op z'n minst verdacht kijken naar de betreffende programmeur. Onze reputatie gaat hier niet op vooruit, en die van u net zo min.
Jammergenoeg is dit niet de eerste keer dat AutoHotKey gerelateerde programma's worden herkend als malware. Hierom vragen wij vriendelijk eens te kijken naar AutoHotKey en hiervóór een signature te genereren die AutoHotKey niet als een potentieel gevaar aftekent op de betreffende computer.
Met vriendelijke groet,
De Autohotkey Gemeenschap
www.autohotkey.com/forum/
de.autohotkey.com/forum/
|
_________________
-Chavez. |
|
| Back to top |
|
 |
m^2
Joined: 28 Feb 2008
Posts: 100
Location: Krk, PL
|
| Posted: Mon Dec 08, 2008 10:17 am Post subject: |
|
|
Well, that's not really a solution. I wouldn't be surprised if as soon as sb. uses it to create malware, AV companies would block uncompressed stubs too. It would be much bigger problem, because then they would report compiler (actually an interpreting stub) as malware too!
Now AV companies don't block the language, like some say, they only block "compiled" scripts.
If "compiler", being the part of the default installation, is blocked, this comes much closer to actually blocking the language.
| AHKFun" wrote: | | m^2 wrote: |
I think that the problem is not that AV companies are unwilling to allow AHK executables, but that they cannot do it easily.
|
It is not relevant.
They have not right to make false positive.
Otherwise they could easily crush any software company.
If wonder, just try to make false positive for some MS software
and you'll see what'll hit you  |
Lol, obviously they have right to do it. And use this right. Recently I saw that Kaspersky defines FTP servers as dangerous.
And, as I said, in case if AHK it's not unreasonable.
But by showing false positives on MS software they would crash themselves. And MS wouldn't have to do anything about it - people would stop buying such AVs.
_________________
| Benjamin Franklin wrote: | | Anyone who trades liberty for security deserves neither liberty nor security. |
|
|
| Back to top |
|
|
CMark
Guest
|
| Posted: Wed Dec 10, 2008 5:26 pm Post subject: |
|
|
| m^2 wrote: |
Lol, obviously they have right to do it.
And, as I said, in case if AHK it's not unreasonable.
|
You're so obviously quite wrong here.
So, what is it about then?
Are you working for some antivirus company?
Or you're just against AutoHotkey? |
|
| Back to top |
|
|
m^2
Joined: 28 Feb 2008
Posts: 100
Location: Krk, PL
|
| Posted: Wed Dec 10, 2008 5:41 pm Post subject: |
|
|
| CMark wrote: | | m^2 wrote: |
Lol, obviously they have right to do it.
And, as I said, in case if AHK it's not unreasonable.
|
Are you working for some antivirus company?
Or you're just against AutoHotkey? |
Neither.
_________________
| Benjamin Franklin wrote: | | Anyone who trades liberty for security deserves neither liberty nor security. |
|
|
| Back to top |
|
|
garry
Joined: 19 Apr 2005
Posts: 2210
Location: switzerland
|
| Posted: Sun Dec 14, 2008 10:55 am Post subject: |
|
|
http://news.bbc.co.uk/2/hi/technology/7779223.stm
12:18 GMT, Friday, 12 December 2008
"People are paying 40-60 dollars for bogus software which does nothing"
.....
Every scan found a host of security problems and urged visitors to buy software to fix them.
Typically the scans found evidence of viruses, spyware and, in some cases, illegal pornography.
"However," said the FTC, "the scans were entirely false."
| Quote: |
US shuts down 'scareware' sellers
Millions of people have paid money for the fake security products
The US government has moved to shut down sellers of fake security software.
The Federal Trade Commission (FTC) has won a restraining order that stops several sellers of "scareware" from continuing to trade.
Millions of people are thought to have been caught out by the software which, once installed, issues false alerts about viruses and illegal porn.
The FTC is pursuing further legal action to win a permanent ban on those peddling the scareware.
Frozen funds
Court papers submitted by the FTC show that the peddlers of the fake security software tricked websites into advertising their products.
The companies behind the fake security software won customers via adverts on many popular websites.
Anyone clicking on an advert was taken to the webpages run by the fake security firms which then ran a "scan" looking for security problems.
Every scan found a host of security problems and urged visitors to buy software to fix them. Typically the scans found evidence of viruses, spyware and, in some cases, illegal pornography.
"However," said the FTC, "the scans were entirely false."
In its legal action the FTC targeted two firms: Innovative Marketing, Inc. and ByteHosting Internet Services, LLC.
The fake security products the firms were peddling were: WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.
A US District court granted an injunction which stops Innovative Marketing and ByteHosting Internet Services from continuing to advertise their products, and from making false claims about their efficacy.
It has also asked firms hosting the websites owned by these firms to block customers from accessing them. And it has also frozen the assets of the two companies so it can reclaim cash and refund those caught out.
More than one million US citizens and many more around the world are thought to have been caught out by the "scareware" scam.
"The popularity of the rogue anti-virus and spyware products has rocketed," said Yuval Ben-Itzhak, chief technology officer at security firm Finjan.
"People are paying 40-60 dollars for bogus software which does nothing," he said, adding that Finjan research suggests up to five million people around the world have fallen victim to the huge number of firms selling "scareware".
Dan Hubbard, chief technology officer at Websense, said many "scareware" firms ran very sophisticated operations. Many use search engines to ensure web users see their adverts and tune their products to each territory.
"They seem to know the law in different regions," he said. "They monetise it very well." |
|
|
| Back to top |
|
|
TheGood
Joined: 30 Jul 2007
Posts: 580
|
| Posted: Wed Dec 24, 2008 9:51 pm Post subject: |
|
|
This open letter is a great idea!
I have to go right now, but when I come back, I will translate it in french. |
|
| Back to top |
|
|
TheGood
Joined: 30 Jul 2007
Posts: 580
|
| Posted: Thu Dec 25, 2008 7:48 pm Post subject: |
|
|
Here's the french version:
| Quote: |
Au nom de la communauté AutoHotkey:
Bonjour,
Nous créons des logiciels utilisant le langage de script à source ouverte AutoHotkey. Lors de la conversion à un fichier binaire exécutable, plutôt que de convertir le script en langage machine, il est emballé avec une version minimale de l'interpréteur. Le programme résultant est souvent reconnu en tant que logiciel malveillant et ainsi donne lieu à un faux positif. Ceci serait peut-être dû au fait que les scripts compilés sont compressés en utilisant UPX. Cette option est activée par défaut.
Votre produit antiviral reconnait tous les programmes fait avec AutoHotkey en tant que logiciels malveillants, rendant ainsi ces outils inoffensifs et utiles inutilisables. Ceci est un comportement très désagréable. La situation s'empire lorsque nos programmes sont utilisés dans des companies et des employés se sentent déconcertés face aux faux positifs. Ce comportement de votre logiciel antiviral ne bénéficie ni votre réputation, ni la nôtre.
Malheureusement, ceci n'est pas la première fois que les scripts compilés AutuHotkey donnent résultat à des faux positifs. Nous voulons vous demander de ne pas traiter l'interpréteur de langage de scripts AutoHotkey comme logiciel malveillant lorsque vous générez les signatures de virus.
Sincèrement,
La communauté AutoHotKey
www.autohotkey.com/forum/
de.autohotkey.com/forum/
|
Also, I think
| Quote: | | It gets even worse when our programs are used in companies and because of false positives trusting users get bewildered. |
should be | Quote: | | It gets even worse when our programs are used in companies and, because of false positives, trusting users get bewildered. |
or even | Quote: | | It gets even worse when our programs are used in companies and trusting users get bewildered because of false positives. |
Last edited by TheGood on Sat Mar 28, 2009 4:43 am; edited 1 time in total |
|
| Back to top |
|
|
n-l-i-d
Guest
|
| Posted: Thu Jan 08, 2009 7:44 pm Post subject: |
|
|
There are still "anti-virus" companies that throw up false positives.
I compiled a script
First with UPX, than without, and uploaded them to VirusTotal
With UPX compression:
| Quote: | File hello.exe received on 01.08.2009 20:13:02 (CET)
Current status: finished
Result: 5/38 (13.16%)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.08 -
AhnLab-V3 2009.1.9.0 2009.01.08 -
AntiVir 7.9.0.45 2009.01.08 -
Authentium 5.1.0.4 2009.01.08 -
Avast 4.8.1281.0 2009.01.08 -
AVG 8.0.0.199 2009.01.08 -
BitDefender 7.2 2009.01.08 -
CAT-QuickHeal 10.00 2009.01.08 -
ClamAV 0.94.1 2009.01.08 -
Comodo 895 2009.01.08 -
DrWeb 4.44.0.09170 2009.01.08 -
eSafe 7.0.17.0 2009.01.08 Suspicious File
eTrust-Vet 31.6.6298 2009.01.08 -
F-Prot 4.4.4.56 2009.01.08 -
F-Secure 8.0.14470.0 2009.01.08 -
Fortinet 3.117.0.0 2009.01.08 -
GData 19 2009.01.08 -
Ikarus T3.1.1.45.0 2009.01.08 -
K7AntiVirus 7.10.582 2009.01.08 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.08 -
McAfee 5489 2009.01.08 -
McAfee+Artemis 5489 2009.01.08 -
Microsoft 1.4205 2009.01.08 -
NOD32 3751 2009.01.08 -
Norman 5.99.02 2009.01.08 -
Panda 9.4.3.3 2009.01.08 -
PCTools 4.4.2.0 2009.01.08 Trojan.Agent.EPAO
Prevx1 V2 2009.01.08 Information Stealer
Rising 21.11.32.00 2009.01.08 -
SecureWeb-Gateway 6.7.6 2009.01.08 -
Sophos 4.37.0 2009.01.08 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.08 -
TheHacker 6.3.1.4.213 2009.01.08 Trojan/Spy.Agent.btl
TrendMicro 8.700.0.1004 2009.01.08 -
VBA32 3.12.8.10 2009.01.08 -
ViRobot 2009.1.8.1550 2009.01.08 -
VirusBuster 4.5.11.0 2009.01.08 - |
and without UPX:
| Quote: | File hello.exe received on 01.08.2009 20:16:20 (CET)
Current status: finished
Result: 2/38 (5.27%)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.08 -
AhnLab-V3 2009.1.9.0 2009.01.08 -
AntiVir 7.9.0.45 2009.01.08 -
Authentium 5.1.0.4 2009.01.08 -
Avast 4.8.1281.0 2009.01.08 -
AVG 8.0.0.199 2009.01.08 -
BitDefender 7.2 2009.01.08 -
CAT-QuickHeal 10.00 2009.01.08 -
ClamAV 0.94.1 2009.01.08 -
Comodo 895 2009.01.08 -
DrWeb 4.44.0.09170 2009.01.08 -
eSafe 7.0.17.0 2009.01.08 -
eTrust-Vet 31.6.6298 2009.01.08 -
F-Prot 4.4.4.56 2009.01.08 -
F-Secure 8.0.14470.0 2009.01.08 -
Fortinet 3.117.0.0 2009.01.08 -
GData 19 2009.01.08 -
Ikarus T3.1.1.45.0 2009.01.08 -
K7AntiVirus 7.10.582 2009.01.08 Trojan-Spy.Win32.Agent.cbv
Kaspersky 7.0.0.125 2009.01.08 -
McAfee 5489 2009.01.08 -
McAfee+Artemis 5489 2009.01.08 -
Microsoft 1.4205 2009.01.08 -
NOD32 3751 2009.01.08 -
Norman 5.99.02 2009.01.08 -
Panda 9.4.3.3 2009.01.08 -
PCTools 4.4.2.0 2009.01.08 -
Prevx1 V2 2009.01.08 -
Rising 21.11.32.00 2009.01.08 -
SecureWeb-Gateway 6.7.6 2009.01.08 -
Sophos 4.37.0 2009.01.08 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.08 -
TheHacker 6.3.1.4.213 2009.01.08 Trojan/Spy.Agent.cbv
TrendMicro 8.700.0.1004 2009.01.08 -
VBA32 3.12.8.10 2009.01.08 -
ViRobot 2009.1.8.1550 2009.01.08 -
VirusBuster 4.5.11.0 2009.01.08 - |
So, I guess there is still work to do:
eSafe
K7AntiVirus
PCTools
Prevx
TheHacker
 |
|
| Back to top |
|
|
sterrenstof ('stardust')
Joined: 17 Mar 2008
Posts: 21
Location: Netherlands
|
| Posted: Wed Mar 18, 2009 9:36 am Post subject: newest compiler better |
|
|
I also got those msgs at compiling from AVG.
upgrading to the latest ahk version solved the problem.
(still not sure if it was the compiler itself, or an infected version, have to try the older version again to test that)
_________________
your eyes are like bright stars in the sea,
you clean the dishes and I watch tv... |
|
| Back to top |
|
|
cerewa notloggedin
Guest
|
| Posted: Fri Mar 27, 2009 2:52 am Post subject: |
|
|
correction to the beautiful French translation provided above, by TheGood:
| Quote: | | il est emballer avec |
should read
| Quote: | | il est emballé avec |
|
|
| Back to top |
|
|
TheGood
Joined: 30 Jul 2007
Posts: 580
|
| Posted: Sat Mar 28, 2009 4:45 am Post subject: |
|
|
| cerewa notloggedin wrote: | correction to the beautiful French translation provided above, by TheGood:
| Quote: | | il est emballer avec |
should read
| Quote: | | il est emballé avec |
|
Merci pour la correction. 
I changed the post above. |
|
| Back to top |
|
|
SoLong&Thx4AllTheFish
Joined: 27 May 2007
Posts: 4999
|
|
| Back to top |
|
|
RaptorX
Joined: 19 Feb 2010
Posts: 580
|
| Posted: Sun Jul 04, 2010 8:45 pm Post subject: |
|
|
Dear RaptorX:
The false positive are resolved, thank you
| Quote: | Begin forwarded message:
> From: RaptorX <@gmail.com>
> Date: June 30, 2010 9:52:34 AM PDT
> To: michael.wang@antiy.com, virus@hacksoft.com.pe
> Subject: Trojan/Win32.AutoHK.gen & Trojan/AutoHK.ge
> - Hide quoted text -
>
> In the name of Autohotkey's community:
>
> Good day,
>
> We create software with the open source scripting language Autohotkey. After compiling, by means of packaging the script with a stripped-down version of the script interpreter to an executable binary file, rather than converting the script to machine code, our software is often recognized as malware and therefore as a false positive. This may be because compiled scripts are UPX packed. This is the default setting.
>
> Your antiviral product recognizes every program that was made with Autohotkey as malware, and renders these harmless and useful tools useless. This is a very displeasing behaviour. It gets even worse when our programs are used in companies and because of false positives trusting users get bewildered. Neither our nor your reputation benefits from such behaviour of antiviral software.
>
> Unfortunately this is not the first time that there are false positives with compiled Autohotkey scripts as a background. We'd like to ask you when generating viruses signatures, that Autohotkey's scripting language interpreter is not treated as malware.
>
> Kind regards,
> Autohotkey Community
>
> www.autohotkey.com/forum/
> de.autohotkey.com/forum/
>
> --
> ΓΝΩΘΙ Σ'ΑΥΤΟΝ
> +++++++++++++++
> Life is a comedy for those who think and a tragedy for those who feel. |
Last edited by RaptorX on Fri Mar 04, 2011 8:08 pm; edited 1 time in total |
|
| Back to top |
|
|
tarek
Guest
|
| Posted: Tue Jul 06, 2010 11:47 am Post subject: |
|
|
| safe with norton all products |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
