someone previously posted a thread about trojans/antiviruses in some au3 compiled scripts..i assure everyone with suspicions(including appearing siria..thank you very much for your support)that those are all false positives. not a single autoit was written -whether by me or desga or jsnj or playwin or anyone else- with the intention to add malware or malicious code.
contributors in k-meleon write in the true sense of opensource. writing macros or extensions without any financial gain in mind. we all have jobs that pay us and pay us well.. we don't need to write extensions and publicly publish them to make a few lame bucks by including spyware code to collect info. your private info is of no interest to us and never will be. if we wanted to really make money from extensions then obviously we'd write extensions to more popular browsers that have a much bigger userbase ..and without mentioning names, some firefox authors do that and ironically no one questions their very popular and spyware extensions. ofcourse spyware/antiviruses will never flag those extensions as malware because they can't detect or scan them since they are xul.
now to the main question.. why are antiviruses flagging some autoit binaries as viruses? antiviruses are in a war that they are losing anf losing fast.
those antivirus programs and their developers can no longer detect new viruses, their update definitions are always behind new viruses so they do what they call a heuristic scan. this is bogus scan and nothing but rubbish.. they don't scan anything. they simply check if a file has the same name as an entry in their definition file..if yes, they immediately flag it as a virus. another condition for their numerous false positives is when they can't actually scan a file, this often happens with binaries that are compressed.
compressed binaries are exe files that have underwent a compression routine during compiling to reduce their footprint. because they are compressed; antiviruses can not scan them so they just tell you it's a virus just because they can't scan them they become viruses..anything more stupid than that? and of course in doing that..identifying any benign file as a viruses justifies their questionable existence as bogus protection so 'hey, look user..i've found a virus, now you know i'm a good program even though that file as nothing to do with viruses but you're an idiot and you will never know' it doesn't matter to the retards developing antivirus programs the damage they are doing to good developers reputation.
autot binaries are all upx compressed, this is a default setting for the au3 compiler and hence it's actually impossible for an antivirus to scan them and know if they are antiviruses or not so it's easier for them to flag anything they can't scan as an antivirus.. better safe than sorry? no..it doesn't work that way, a proper scanner should only flag a file as bad whn it's 100% sure it's bad. we are not dealing with strawberries in a fruit market..those are computer files..many of them can be essential system files, flagging good files as viruses just to justify your existence to the dumb enduser can render a machine useless and we all know what mcafee recently did to windows xp computers.
ironically, those same antiviruses will not detect new real viruses in most cases not until the damage is already done and millions of computers become infected they they start updating their definitions when it's too late.. antiviruses are NO REAL PROTECTION. they are scam programs and recently almost all antiviruses have quarantined or deleted system files that rendered millions of computers unbootable. now someone please tell me, how is that any different from a virus itself??!
antiviruses and viruses even though they have completely different goals, they both achieve them in the same methods. hogging your cpu and memory and making your computer so slow it becomes almost useless.. no wonder the most productive users are on apple and linux machines where they have enough wisdom not to believe in antivirus/virus rubbish and give up their expensive machines to useless programs.
what's really funny, that all binaries identified as trojans by the person 'death2kmeleon' do not even establish a connection or have inet udf. this is the first rule of a trojan, it need to connect to some server and they never do..they are strictly for kmeleon and yet his antivirus identified them as trojans..could you do a check yourself and see if this script actually connects to any server?
anyone who has blind faith in antivirus should get their brains checks..they shouldn't even be using computers because having blind faith in a bogus protection will ultimately get you infected with a real virus when your stupid program cannot detect it.
the problem of false positives has been increasing rapidly in the past few years due to many factors:
1- many programs are choosing some sort of compression to reduce size
2- virus definition files are becoming useless against new and very sophisticated viruses that they can no longer detect till it;s too late.
3- many wise people(including network administrators) are challenging antiviruses, and advocating better methods for protection
4- antivirus big companies are loosing money and they need to justify their existence to stupid housewives and other morons so they flag anything as a virus to make the morons beleive the rubbish program is doing its job.
all autoit extensions come with their source(otherwise they couldn't be hosted on sf), if you're so paranoid with so much faith in your antivirus..just download the source..examine it and if your cranium is satisifed..compile it with autoit youself. i bet my life your antivirus will still flag it as a virus.
flase positives are affecting many decent devs, it's becoming so bad that ahk writers have sent an open letter with their complains.
http://www.scmagazineuk.com/mcafee-mistakenly-detects-legitimate-windows-system-files-as-malicious-in-false-positive-nightmare/article/168521/
http://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives
http://www.raymond.cc/blog/archives/2009/05/23/false-positives-is-a-common-problem-in-todays-antivirus-software/
http://www.securelist.com/en/glossary?glossid=153654932#gloss153654932
http://www.nirsoft.net/false_positive_report.html
http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
http://www.autohotkey.com/forum/viewtopic.php?t=31975
http://www.codinghorror.com/blog/2007/02/choosing-anti-anti-virus-software.html
http://news.bbc.co.uk/2/hi/technology/6431853.stm
http://www.brighthub.com/computing/smb-security/articles/5932.aspx
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm
http://www.urbandictionary.com/define.php?term=fucktard