Saturday, October 24, 2009
The lunatics have taken over the asylum
I received an email a couple of hours ago to tell me that the Windows setup file for KComm is reported as containing a trojan at VirusTotal, so I checked for myself. It's true. The KComm installer is reported as containing a trojan by 8 out of 41 scanners none of which I have heard of or have any reason to take seriously.
I checked the original copy of the KComm setup file that I have here, just in case my web site had been hacked and a trojan planted. But the result was the same. I also checked the downloads of a couple of other programs of mine including MorseGen and VOAProp. They produced virtually the same scan results as for KComm.
For years I have advised people that if they have downloaded a file from a source they would trust and their security software flags it as suspicious, they should scan it at VirusTotal to get a consensus of opinion as to whether the file really is a virus, a trojan or spyware, or just a false alarm. Unfortunately, VirusTotal has kept on adding new virus scanners to its armoury regardless of whether they are any good or not. The lunatics are taking over the asylum and as a result, VirusTotal has really become useless as a tool for ordinary PC users to check whether a file is suspicious or not.
The only scanners whose results I would trust are AntiVir, Avast, AVG, BitDefender, Dr Web, F-Prot, F-Secure, Kaspersky, NOD32, Sophos and Symantec. Even those products sometimes have false alarms but it is rare. AVG recently claimed the Elecraft K3 firmware update utility contained a trojan, but by the time it was brought to the attention of the developer and he checked it himself AVG must have dealt with it because the false report had cleared.
Some of my programs that are accused of containing a trojan were last updated several years ago. They have since been downloaded by hundreds or thousands of people. It is inconceivable that they could have contained a trojan that remained undetected all that time. What I expect happened in the case of my programs and the K3 Utility is that the trojan we are accused of being used the same setup generator we did and the third-rate virus scanners are detecting something common to all files created with it.
I have neither the time nor the desire to contact the developers of eight obscure anti-virus products and get them to remove this false reporting of my programs. Nor am I going to create new installers for all these programs. I'm sorry, but third rate virus scanners are not my fault. People will have to decide for themselves who to believe.
I checked the original copy of the KComm setup file that I have here, just in case my web site had been hacked and a trojan planted. But the result was the same. I also checked the downloads of a couple of other programs of mine including MorseGen and VOAProp. They produced virtually the same scan results as for KComm.
For years I have advised people that if they have downloaded a file from a source they would trust and their security software flags it as suspicious, they should scan it at VirusTotal to get a consensus of opinion as to whether the file really is a virus, a trojan or spyware, or just a false alarm. Unfortunately, VirusTotal has kept on adding new virus scanners to its armoury regardless of whether they are any good or not. The lunatics are taking over the asylum and as a result, VirusTotal has really become useless as a tool for ordinary PC users to check whether a file is suspicious or not.The only scanners whose results I would trust are AntiVir, Avast, AVG, BitDefender, Dr Web, F-Prot, F-Secure, Kaspersky, NOD32, Sophos and Symantec. Even those products sometimes have false alarms but it is rare. AVG recently claimed the Elecraft K3 firmware update utility contained a trojan, but by the time it was brought to the attention of the developer and he checked it himself AVG must have dealt with it because the false report had cleared.
Some of my programs that are accused of containing a trojan were last updated several years ago. They have since been downloaded by hundreds or thousands of people. It is inconceivable that they could have contained a trojan that remained undetected all that time. What I expect happened in the case of my programs and the K3 Utility is that the trojan we are accused of being used the same setup generator we did and the third-rate virus scanners are detecting something common to all files created with it.
I have neither the time nor the desire to contact the developers of eight obscure anti-virus products and get them to remove this false reporting of my programs. Nor am I going to create new installers for all these programs. I'm sorry, but third rate virus scanners are not my fault. People will have to decide for themselves who to believe.
posted by g4ilo # Saturday, October 24, 2009
