|
Posted by Volker Birk on August 7, 2006, 3:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
Avira's AntiVir does not detect "Shutdown Windows' servers" as malware
because of generic detection algorithms.
It detects "Shutdown Windows' servers" because of a special signature
for this tool.
We did a small testing to proof that: I created a small test program:
http://www.dingens.org/servicetest.c
http://www.dingens.org/servicetest.exe
This program contains a copy of the code of "Shutdown Windows' servers",
which shutdowns one single service, Universal PnP. If AntiVir detects
with generic signatures, it has to detect this, too.
Then Markus Steinborn testet, if AntiVir realliy detects this. It does not:
Now it's clear, that Avira created a special signature for "Shutdown
Windows' servers", and that they're not detecting "by accident" or
something like that.
It's not necessary to whitelist for Avira, they just have to stop
blacklisting my tool.
Yours,
VB.
--
Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.
Ralph Angenendt in debate@ccc.de
| 
XML site map