|
Posted by Laksa on October 12, 2006, 11:01 am
If you were Registered and logged in, you could reply and use other advanced thread options
To all,
I am one of many software developer that some time, our program involve in
networking or other stuff (like write to registry to store user
configuration/user-preference data), for example, by opening a TCP-Port to
exchange data with server.
Be noted that unlike other true trojan that done it SECRETLY (user unaware
that the program have open on connection outside there computer and exchange
unknow data with unknow party), but we totally NOT done it in secret way and
USER IS WELL AWARED of this, and indeed, many time, the user themself whose
used to configure the port to be used (for eg, their port 80 have been used
by web-server, then there have to use other port). This include now common
Internet accessible CCTV Surveillance and/or smart-home application.
However, many of the so-called 'Anti-virus' does not do their 'home-work'
properly, instead, there just do automatic PATTERN-MATCHING, or just scan
for some API-CALL in our program and where there detect some, there just say
our program is a so-called Trojan. I doubt there ever run the through the
application, even not go through (or not even simply browse) the
document/manual on the characteristics on the application and claim the
'credit' that there are the first that found the 'trojan' then their
competitor, and their competitor act correspondingly.
Of-course, your may argue that why then, program like from Microsoft or
other big-gun will not having this problem ? The answer to you is that there
are big, popular and application used by many user and, there have lawyer
(to sue the A.V company if there give fault info). but we are small player,
maybe just sales to few or few-ten of customer, not afford to have team (or
even single) lawyer to protect our interest.
Then how then many application, not big like the big-gun but is "okay" for
this AV company ? you may ask ...
For your info, many of the time, we cannot use the high-level, 'safer' call
like via web-services, Wininet HTTP layer, but for efficiency or the
high-level call does not provide the neccessary flexibility/function we
required or other reason, we have to use the lower layer API like winsock
and use well published port (80, 21, 101,...etc) but 'proprietary' port
like 1050, 8081, etc, and again, the AV company threated the not-well-know
port as 'trojan'....
Most of the time, there just given some funny name to the 'trojan' there
claim we are, but does not or fail to illustrate the detail characterics of
the so-called trojan we wrote, nor illustrated the criterial in classify us
as 'trojan'... or in simple, classify any program there dont know as trojan.
Like most of your, I totally against the real 'trojan' that bring to us and
appreciate for the hard-work of the responsible A.V company, but just
disappointed with the lazy A.V company that not do their hard work but
threat any program having the same 'pattern' as 'trojan', at least, there
differentiate what is 'trojan' and what is 'networked-application' there
should understand more on the program and check with the author before
simple classify application there dont know as 'trojan'....
I do have 2 application group suffer from the lazy work of the AV company,
include:
1. A networked Internet surveillance program.
2. A file-sync program (the file sync program is making API call to make
sure the file copied is identical to the original file datetime, so I have
to call API to change the file date to it original cause otherwise the
CreateFile API will use the current date), and both of the program suffer
from the lazy AV.
Both of them there called is a 'Trojan xxx'
But however, the other application group that I wrote that do NOT having
either network call or file date-time change have never threated as trojan
by them (irresponsible AV company).
I'm pretty sure it is their fault instead of my program or my company have
been affected by virus cause otherwise the other program that do not call
the 2 API group will also be affected.
Those of your did work with similar product group (1 & 2) should understand
the program I have, but customer will not understand and very annoying for
us.
Anyway for developer like me to take legal action against the irresponsible
and lazy A.V company ? or any organization can we seek help ?
Rgds
wp
(software engineer)
|
|
Posted by Leythos on October 12, 2006, 11:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
pls1924575106571@thankyou.tv.org.com says...
> Anyway for developer like me to take legal action against the irresponsible
> and lazy A.V company ? or any organization can we seek help ?
Contact the AV company yourself, submit your code, show them that your
code is not malicious, they will remove you if they believe you.
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by Laksa on October 12, 2006, 12:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I affrair this is not possible cause:
1. It is clear that there scan for the 'pattern' for API-call.
2. My program is a commercial product, not open-source.
It is not whether I show them the code or not, It doesnt matter cause they
they already know which API (Application Programming Interface) my program
is calling, but the problem is they didn't care at all, neithr browser
through the product and/or it document, which is openly available from the
product document.
There a so many AV company, even some of them I never heard before, as I
mention previously, If my company is "small-gun', not big-gun like to have
team of people to deal with them, but unfortunately, I (we) do not have.
I just hope them be more responsible, do more hardwork, have more
business-ethical, instead of blamming the innocent in order to win the
credit in the open-competitor AV market).
Rgds
wp
> pls1924575106571@thankyou.tv.org.com says...
> > Anyway for developer like me to take legal action against the
irresponsible
> > and lazy A.V company ? or any organization can we seek help ?
>
>
> Contact the AV company yourself, submit your code, show them that your
> code is not malicious, they will remove you if they believe you.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
|
|
Posted by Leythos on October 12, 2006, 1:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I affrair this is not possible cause:
> 1. It is clear that there scan for the 'pattern' for API-call.
> 2. My program is a commercial product, not open-source.
You can make all the excuses you want, but you still need to contact the
AV vendor and work with them to get your product off their list.
API Calls are not the reason for the detection, it's based on more, you
just don't know what specifically.
They can create a signature for your application to exclude it, but you
have to contact them.
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by Laksa on October 12, 2006, 2:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Well, good to know that you are one of the veteran coder, I know what you
mean, but as I said earlier, we are just a very small team of
developer/company,
I'm not specialize in secure network type of business, nor I'm inside U.S,
Instead I'm ust a (very) small group of developer (at a develping country),
even only afford to to do part-time on some product, if the process
prolonged, it does not justify,
nor I afford the cost with the small budget and time we have. What if there
(AV company) does not listen at all from us ? (small-player).
Why not the AV company contact us for verification as the product have valid
contact information ? instead of classify the program as trojan in first
hand and need us to write to them ? Is this fair ?
> API Calls are not the reason for the detection, it's based on more, you
> just don't know what specifically.
For this.... I doubt most of the resposible AV company is, but not all of
them, cause my current program, even just in beta, few beta tester know, and
not make publicly download, just include the winsock API reference (even not
call), the AV threat it as Trojan, when I have removed the winsock reference
and recompile, the 'trojan' warning disappeared...
(full disclose, my NAV AV not threat it as trojan, but another popular free
AV threat it as trojan, and unfortunately, my customer, who is still
evaluating the product, used the later AV....)
I do not have long experience as you, I only have about 12 year in I.T,
wrote some device driver and little hardware design as well occasionally.
however, when I first go out of school, the AV business is just begin to
grown, networked application (and trojan) is not popular (at least for
ms-dos)
Well, as you say, complaining here is just complaining, it not help to solve
the problem in practical (at least in near future)... many thank for your
feedback... really.
just hope to have a better solution in future....
Rgds
wp
> pls1924575106571@thankyou.tv.org.com says...
> > I affrair this is not possible cause:
> > 1. It is clear that there scan for the 'pattern' for API-call.
> > 2. My program is a commercial product, not open-source.
>
> You can make all the excuses you want, but you still need to contact the
> AV vendor and work with them to get your product off their list.
>
> API Calls are not the reason for the detection, it's based on more, you
> just don't know what specifically.
> They can create a signature for your application to exclude it, but you
> have to contact them.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
|
| Similar Threads | Posted | | Message while opening any application THE application failed to initialize properly(0XC0000142).Click on OK to terminate the application | January 16, 2007, 9:04 am |
| Questioning the 'helper' - is this true? | November 4, 2008, 7:46 pm |
| services.exe Application Error | February 12, 2007, 5:10 pm |
| Not a valid win32 application | August 27, 2008, 7:04 am |
| "*.exe is not a win32 valid application" and reboot | December 22, 2005, 3:41 am |
| registering an application or otherwise notifying antivirus s/w ? | February 7, 2006, 11:28 pm |
| Open Source Internet Filtering application | April 2, 2007, 4:18 pm |
| Secure your endpoints easily with SecureWave Application Control!!!! | July 4, 2006, 9:11 am |
| Re: not a valid Win32 application - warning. Can't run antivirus apps | November 9, 2008, 9:12 pm |
| Re: not a valid Win32 application - warning. Can't run antivirus apps | November 16, 2008, 12:14 am |
|
XML site map