The old software protection method I used for years was Armadillo. Handled registrations good, but was bloated and became increasingly insecure for the $$ it cost. For distribution on free stuff, I used Molebox and a proprietary method, both of which are in my stuff in storage and I can't access them. So, I explored the current offerings including new protection programs.

The mafioso protection racket designed by AV authors with their false positives has become absurd. I compiled a simple demo program in PowerBASIC.

1. As is, compiled and then tested in Virus Total, the program was 76k and scored a 2/64. Ironically, this is the ONLY one who flags Comodo. Native PB was the only one to flag what I consider to be one of the big boys and legitimate programs. I would be curious to retry this in PB 9, as PB 9 was a better product (much smaller compiled EXEs and often much faster compiled EXEs).

2. The same EXE compressed with ASPack was 42k and scored 15/62.

3. The same EXE compressed with UPX (ultra brute) was 37k and scored 10/63. Not only is UPX finally compressing smaller than ASPack, it also triggers less false positives. Needless to say, I will NOT be repurchasing ASPack (I own it, but it is in storage).

4. The same EXE, protected with a new protector which also compresses/encrypts was 54k and scored 24/64. Not bad on compression, given the type of product it is, but the false positives are concerning. But, the program works well and seems easy to use for me as well as potential customers.

These AV authors have literally made it almost impossible for an indie developer to exist. Something I have raved about for years, but it is getting increasingly worse over the years. Even if indie developers tell their customers the truth, that the program is fine and the AV company is wrong, the customers are still going to believe the multi-million dollar AV company and not run your software and bad mouth it for viruses.

As indie developers, we are expected to do the work of the lazy and incompetent AV authors and report false positives and hope and pray they safe list our program, which may or may not happen and may or may not require money changing hands. Self-proclaimed AV experts, have been running roughshod over indie authors for many years. The only ones who are not routinely dealing with false positives are the major software companies who do exchange some $$ with the AV authors.

I am amazed there have not been multiple class action suits against every AV author out there due to their continued false allegations that a program is or may be harmful when it is not.

Very hard to think about even trying to compete in today's software market...

Hi,

no need for suits. As I work for AVG / Avast, should you find something worth investigation, let me know and I can discuss it with colleagues.


Petr

Every time an AV tells some part of thinBasic has a virus ... I submit it to AV web page as false positive
In few days they usually react and fix.

Problem is when you update your software quite often.
In that case false positive can come up again and again.
And I re-submit again and again :)

Hi,
I work for AVG / Avast, should you find something worth investigation, let me know and I can discuss it with colleagues.


Good to know, thank you.

The old software protection method I used for years was Armadillo...
....................................
Very hard to think about even trying to compete in today's software market...

:eusaclap:

I second every single word of your message, Brice.

I am literally sick and tired of all the decades of warfare of a lone indie developer against the hordes of money-thirsty blood suckers at VirusTotal dot com.




Hi,
I work for AVG / Avast ...


PetrGood to know, thank you.

Very interesting indeed! Avast and Avira are among the dumbest of the dumb at the VirusTotal waste pit. Again, I simply can't afford wasting any more of my lifetime for negotiations with potential sixty-three "Petr Schreiber"s, however civil and intelligent they might be socially and in all other respects, at that VirusTotal arse of the world of computers.

:diablo:



And I re-submit again and again :)
I bow to your patience, Eros. But that's not for me any more -- not at my age and life expectancy. :D

Very interesting indeed! Avast and Avira are among the dumbest of the dumb at the VirusTotal waste pit. In its day, 10+ years back, AVG was actually pretty good, nowadays AVG/Avast/Avira are among the worst. Bloated and slow and nothing but false positives. I never recommend any of the three to clients.

The author of my protection software, due to the nonsense from the three named above and a few others you never heard of, uses the terminology "proven safe in 42 different anti virus programs" on his website. I think I will follow that lead as well and even name the software programs.

I have really ranted on the false positive nonsense over the years and the real reasons the companies do this nonsense. But out of respect for Petr, I am biting my tongue pretty hard.

For real-time protection I stick with Panda. It is not bloated and very light on resources and in 2015, Panda obtained the best rate protection in the Real World Protection Test by AV-Comparatives. For on-demand, I stick with ClamWin.

Mike, there is not a language author out there that I have more respect for their work and their knowledge. Truly do love FBSL.

Truly do love FBSL.
Thank you very much for your appreciation, Brice. And my heart goes to Eros and Petr. They are great at whatever they are doing, and they are also very friendly and easy-going socially, which is indeed a rare combination of talents on the web today. :)


But out of respect for Petr, I am biting my tongue pretty hard.
Averyone has the right to their own skeleton in their closet, haven't they? :D

Averyone has the right to their own skeleton in their closet, haven't they? :D

And everybody needs a job to put food on their table for their family. :c)

I am still waiting for that example to help with.


Petr

Every time an AV tells some part of thinBasic has a virus ... I submit it to AV web page as false positive


Is it still like the old days and the web page isn't even linked off the home page? Hmm, went and looked at the three in question myself...

AVG: Gave up after looking for 10 minutes.
Avast: It is there, but they try and hide it by the "need help" scroller that pops out from the right and partially covers the "false positive" icon.
Avira: Gave up after 10 minutes.



And my heart goes to Eros and Petr. They are great at whatever they are doing, and they are also very friendly and easy-going socially, which is indeed a rare combination of talents on the web today.

I could not agree more, my friend. Both are tops at what they do. Also, in reading old posts, it really touched my heart deeply to see how far they both went to help a fellow community member in need. Good stand up guys with hearts of gold.



Very interesting indeed! Avast and Avira are among the dumbest of the dumb at the VirusTotal waste pit.

Have you ever read Virus Total's, TOS?

When you upload or otherwise submit content, you give VirusTotal (and those we work with) a worldwide, royalty free, irrevocable and transferable licence to use, edit, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content.

Oy vey!



I am still waiting for that example to help with.

Petr, I have a massive amount of respect for you as a person, and as a programmer for your work with TB. However, your employer is AVAST. My comments are only about Avast (and their holdings) not you.

Avast bought Piriform (the maker of CCleaner) in July of 2017. In September 2017, it was found that CCleaner was responsible for one of the biggest acts of industrial espionage I can remember. The infected version of CCleaner was also found to have been on the Piriform servers since August of 2017, which is one month after the acquisition by Avast. I am willing to accept (perhaps naively) that nothing was intentionally done by Avast and this arose because of the normal ineptness they have demonstrated with their AV software for many years. I have no problem believing Avast is that incompetent.

The federal government over here is freaking out about Kapersky and wants it banned and is even telling us citizens not to use it. The problem is they are too stupid to realize the Kapersky AV software is not the issue (at least what I know at the time of this writing). The company who is working with the Russian government is the one started by Kapersky's ex-wife. Entirely different company. Nothing hidden either, as her company is openly working with the government.

What the federal government should be freaking out about and banning and telling us citizens not to use, is any software produced by Avast, and their holdings, like AVG, CCleaner, etc. Avast is the one who is ultimately responsible (by not securing their servers and their software and distributing the infected software for a month) for the industrial espionage which has the potential to have cost companies like Microsoft, Intel, Sony, Cisco, Dell, Samsung and countless others, billions of dollars in damage.

Given the scope and severity of this incident and the mega corporations that were infected, do you seriously think an average ham and egger like myself is going to entrust my software to be sent to Avast, when I know the fault in the false reporting is 100% theirs and my software is clean and 100% safe?

Besides my time in the Army, as a civilian I have maintained a high level security clearance that has allowed me to do lucrative contract work for defense contractors (who were in no shortage where I lived up until two years ago). Although I never plan to do contract work again, especially in the defense sector, I am not going to jeopardize my security clearance, this includes sending any of my work to a company who (intentional or not) is behind an industrial espionage incident like this.

The only way for indie developers to legitimately combat the false positive issue is by educating our customers. And in the case of Avast, educate our customers why they should not even have AVG or Avast installed on their computers and the potential security liability they present.

I would be shocked if Piriform can survive this. Avast, as the parent company, may even have a hard time surviving this one given the scope. AVG can survive, but only if Avast sells it off immediately. If Avast folds, it will take the subsidiaries with them. This has the potential to be the biggest mess the industry has ever seen. Yahoo's breech was bad, but it only affected Yahoo. The Avast/Piriform mess is affecting many of the major companies, and when the fallout fully hits, it will likely be most major companies, as well as many governments.

This topic could have evolved into forging an approach together to get proggies checked in a way the customers don't get false alerts once they reach their PCs.

Searching for the mistakes on the other side is... the simple approach to feel better, for a while. Not an effective approach to make things better.


Petr

One cannot fix, what they haven't broken. An indie developer is only responsible for bugs in their software, not the software of AV vendors. It would be nice someday to have a round table with indie developers and representatives of all major AV vendors. Probably would never happen as it would turn into a bare knuckle brawl with the amount of abuse indie developers have had to suffer through from AV developers over the many years.

Back to BASICs...

I compiled one of the samples for the latest version of PureBasic, 5.61 at this writing. PureBasic has certainly become bloated, the canvas gadget example compiles to 291k for the 32-bit version. Virus Total triggers 3 warnings on this one. The only one of any remote popularity, is McAfee and it hasn't been too popular since the DOS days. Even in the latter DOS days, I was using F-Prot as it was a better product. Still, McAfee manages to get itself on many systems as shovelware.

ThinBasic, trying the AntiTetris example. On VirusTotal it gets a score of 3 and the only major one is McAfee. Awesome score IMHO.

Compiled size is fairly comparable to what the same thing would be in PureBasic. The more I use TB, the more blown away I am by it. I can definitely see myself releasing some software in TB and not using it just for prototyping. I had to make a few tweaks to my registration method being used, but it now works flawlessly with TB created EXEs.

Does compressing with UPX has anything to do with the false alerts? If yes, I suggest not to compress anything TB related to avoid such false alerts.

Compressing with UPX is not an automatic symptom that let an AV software to say there is a threat.
Would be that simple ... I will remove UPX right now.

Mike, since all of my systems, software and backups are packed up, I am kinda really starting new. I have been trying to find replacements for Molebox and the proprietary bundler I used to use as well as find a new product to handle registrations and have a limited trial. Things have changed a good bit, some for the better, but the one thing that hasn't changed is all of those things like to trigger false positives.

Brice, due to its extreme popularity UPX compression should be very well known to the AV analyzers by now, whether its "signatures" are present in the packed exe or not. (yes, you can clean the exe manually of a lot of UPX patterns yet the AVs would unmistakably determine it as UPX, which isn't per se a symptom of malicious intentions)

Still there are quite a lot of heuristic criteria by which SW is regarded as potentially malicious, just to name but a few:

inconsistency in the Windows PE headers (bad checksum, non-standard section layout, etc.)
lack of resources (manifest, version info, etc.)
executable code compression (and especially custom non-UPX exe packing)
lack (or minimum) of external library calls, especially if none are present but LoadLibrary/GetProcAddress
many, many more -- in fact, too many to even mention here

None of the AV vendors are eager to specify exactly why they've labeled this or that exe as potentially malicious -- just because they wouldn't want virus writers to know of, and bypass, their booby traps. But the algos to determine if the code is packed or not are quite simple regardless of the sophistication of exe packer itself. The AV just analyzes the frequency of unique byte patterns in the code sections and, if it is sufficiently high, then the exe is considered packed. (clearly, the main objective of data compression is to ultimately eliminate any byte pattern repetition at all)

So, whichever the compression utility, you are always suspected of ill intentions even if the only exe packer you're using is UPX.

inconsistency in the Windows PE headers (bad checksum, non-standard section layout, etc.)

How the EXE was laid out was really an issue back in the day. Back then ASPack was better than UPX in that it produced smaller EXEs, But some things ASPack and UPX could not compress, so I used a product called Neolite that was very good. IIRC, Neolite was fairly costly, but it was good and reliable, but it would not compress some EXEs that ASPack would.

I have always been big on EXE compression. In the DOS days I used Diet which besides being an EXE compressor, it could also be loaded as a TSR and could be used to compress your whole hard drive and uncompress files on the fly. In the Windows 3.1 days, my friend Doren wrote a 16-bit Windows EXE compressor that was very good.