Saturday, December 07, 2013

The lunatics have taken over the asylum

This is a repost  of a posting made in 2009. It is still as true today as it was then.

I received an email a couple of hours ago to tell me that the Windows setup file for VOAProp is reported as containing a trojan at VirusTotal, so I checked for myself. It's true. Thei nstaller is reported as containing a trojan by 8 out of 41 scanners none of which I have heard of or have any reason to take seriously.

I checked the original copy of the KComm setup file that I have here just in case my web site had been hacked and a trojan planted. But the result was the same. I also checked the downloads of a couple of other programs of mine including MorseGen and VOAProp. They produced virtually the same scan results as for KComm.

For years I have advised people that if they have downloaded a file from a source they would trust and their security software flags it as suspicious, they should scan it at VirusTotal to get a consensus of opinion as to whether the file really is a virus, a trojan or spyware, or just a false alarm. Unfortunately, VirusTotal has kept on adding new virus scanners to its armoury regardless of whether they are any good or not. The lunatics are taking over the asylum and as a result, VirusTotal has become useless as a tool for ordinary PC users to check whether a file is suspicious. I recommend instead.

Some of my programs that are accused of containing a trojan were last updated several years ago. They have since been downloaded by hundreds or thousands of people. It is inconceivable that they could have contained a trojan that remained undetected all that time. The thing that all the programs have in common is that the installers were all created using the same setup generator. The likelihood is that somebody used the same setup generator to create an installer package for a trojan and the third rate scanners are picking up on something in the installer package that is not unique to the trojan.

I have no desire to waste my time contacting the developers of obscure anti-virus products to inform them about this false reporting of my programs. Nor do I have any plans to repackage all the programs using a different setup generator. I'm sorry, but third rate virus scanners are not my fault and I don't have the time or the inclination to deal with the problems they cause. If you choose to trust your virus scanner instead of me  I won't argue with you.

Some of the scanners are flagging the fact that the files have been compressed using UPX. This is a harmless tool used to make executable files smaller. It is not a malware. But I don't know how users of these scanners are supposed to know that.

No comments: