anti virus programs

Discussions related to Visual Prolog
Post Reply
drspro2
Active Member
Posts: 119
Joined: 28 Apr 2006 12:03

anti virus programs

Unread post by drspro2 » 8 Dec 2018 20:59

dear Forum,

It is becoming very difficult to distribute Vip applications to windows-systems on customers machines. I have until now encountered several antivirus programs which throw away all the executables, and some of them even throw away all de vip-dlls. When in contact with the client it is very difficult to find in all the different antivirus programs where they leave the removed files, and then to restore them if you have the rights for that. In most cases the system manager of those machines has disabled those options.

And also it is very difficult to say to the end user that the antivirus program probably has incorrectly detected a positive.

One option is to notify the antivirus company and ask to white list the programs, but if you release a new version that process may have to be undertaken again. In many cases the customer will trust the antivirus program and not the prolog program.

Another issue is that I still have the problem that on some windows systems the vip Web-browser program is killed without any reason It is almost impossible to find out why it is killed, and also if this can be solved.

User avatar
Thomas Linder Puls
VIP Member
Posts: 2361
Joined: 28 Feb 2000 0:01

Re: anti virus programs

Unread post by Thomas Linder Puls » 9 Dec 2018 20:29

We have from time to time also experienced problems with antivirus programs. Clearly, the detections are false positives, coming from some heuristic "guessing" rather than a real detection of some malicious behavior.

Unfortunately, it is very hard to do anything about it. There exists numerous of antivirus programs, any of them may judge that your program is a virus or contains a virus. You can contact the relevant antivirus vendor, and go through a white listing procedure and that will most likely after some time result in your program being white listed. But if you update a single byte in your program you may need to go through the entire procedure again.

Some time ago we pre-white-listed our runtime DLL's with Norton Antivirus by Symantec (which is a major player and which have on several occasions "caught" our DLL's). But now Symantec has removed that possibility: Symantec no longer offers software vendors a proactive whitelisting partnership. Now you cannot act proactively you can only try to fix problems that have occurred.

Furthermore, that is just one antivirus vendor.

It seems unbalanced: you are a legit person/company doing legit things, but you are up against a "multi headed creature" that can do whatever it likes.

I don't know if Visual Prolog programs experience more problems than other programs or not. Maybe backtracking looks suspicious to these programs, who knows? For obvious reasons the antivirus vendors does not reveal anything about how/what/... they do. Maybe they use some kind of trained AI algorithms, which does something they don't even know what is (i.e. in details); which they cannot fully control, but only influence (pure speculation -- I have no factual knowledge about their could-this-be-a-new-virus-algorithms).

The other issue will have to be discussed in another mail thread, so you will have to start another thread if you want to discuss that.
Regards Thomas Linder Puls
PDC

Paul Cerkez
VIP Member
Posts: 384
Joined: 6 Mar 2000 0:01

Re: anti virus programs

Unread post by Paul Cerkez » 10 Dec 2018 13:21

Just a quick side note to this discussion.

a few years back, an application I wrote worked fine and was approved to be on the network computers. It was used fairly extensively and was on the network for about 6 years. Then, with no warning, it was automatically stripped from all the computers. A week after it happened, I received a notification that it was a potential malware product. Because I was the author, They also sent me a 'drop' stating the area that was flagged.

After a lot of digging, it turned out the new AV 'detector' did not like the "external" database being in memory. I modified that section and went back for approval. Now it didn't like the 'internal' database in memory and reported "buffer" issues. (if I remember correctly one 'error' they reported was "potential buffer overflow") The application made extensive use of the internal database. I would have had to rewrite the entire program.

Because of other things happening, the customer decided to just drop the effort. It was replaced by another product (using Java and C++) that is still trying to solve the issues I solved over 20 years ago using VIP.

The funny(?) thing is the application still runs cleanly if you can get it onto the computer. The only problem is it gets 'striped' every time the AV does a full scan. (It is a green application and makes no changes to the registry so it can be run from an external, plugged in hard drive. The user just needs to remember to disconnect the drive when done.)

(I have it running on a WIN 10 machine with no problems at all).

DrsPro and Thomas, Good luck finding a solution to all this, it will help a lot of out.
AI Rules!
P.

drspro2
Active Member
Posts: 119
Joined: 28 Apr 2006 12:03

Re: anti virus programs

Unread post by drspro2 » 11 Dec 2018 13:26

dear Thomas and Paul,

thankyou for the feedback, good to know that we are not alone on this issue.

Indeed for example older DLL files which havent been changed for years suddenly become suspicious in the opinion of certain AV vendors.

Some recent AV programs become more and more strict. And one extra thing is that the system manager locks the entire system by default in the sense that almost nothing is allowed anymore, and they themselves cannot be reached, they will contact you in a day or two days if at all.

Some AV programs dont know what to block or allow and for extra safety they block the program if it tries to make a http connection, or they block every connection that is not https.

Is it true that everybody may call himself a windows AV vendor?.

I always had this reasoning that the vendor of the OS and the vendor of the development tools should be 2 separate parties to keep things fair and neutral, and is this same reasoning valid for OS vendors in relation to ( third party ) AV vendors?

Only recently microsoft himself provides an AV tool (MS Defender )

I heard someone say that microsoft is planning to create a central Software store in windows 11, (same idea as app store) so that all new software has to be provided through this store, and can be judged and scanned before it is accepted there. Would that be a better solution ?

Then there would be less need for anti virus programs?


thankyou.

User avatar
Jan de Lint
VIP Member
Posts: 239
Joined: 6 Mar 2000 0:01

Re: anti virus programs

Unread post by Jan de Lint » 22 Dec 2018 16:12

Perhaps I missed it, but did you guys deploy your apps in an installer like Inno Setup?
That might help.
]an

User avatar
Thomas Linder Puls
VIP Member
Posts: 2361
Joined: 28 Feb 2000 0:01

Re: anti virus programs

Unread post by Thomas Linder Puls » 23 Dec 2018 21:31

I don't think that the installation method makes any difference; it is the program and or DLL itself that is "pacified".
Regards Thomas Linder Puls
PDC

User avatar
Jan de Lint
VIP Member
Posts: 239
Joined: 6 Mar 2000 0:01

Re: anti virus programs

Unread post by Jan de Lint » 24 Dec 2018 11:06

For instance: an installer helps create one or more entries in the windows registry at install time under your control, which in turn are recognized by the anti virus program. It also provides the possibility to 'sign' the installable. (I never used the latter). Also the fact that an uninstaller is available helps to create trust.
Last but not least I noticed that the virus checker can distinguish between programs that were installed from the internet from the ones that were installed via a different route. Don't ask me how.
If you are desperate enough you should try anything.
]an

User avatar
Thomas Linder Puls
VIP Member
Posts: 2361
Joined: 28 Feb 2000 0:01

Re: anti virus programs

Unread post by Thomas Linder Puls » 25 Dec 2018 23:19

Our exe's and dll's and the installer itself are all signed with a verisign-trusted digitial signature. But that is absolutely no guarantee against the aniti-virus programs.

On the other hand, the signature is your guarantee that the installer/exe/dll is the one we have made.
Regards Thomas Linder Puls
PDC

User avatar
Jan de Lint
VIP Member
Posts: 239
Joined: 6 Mar 2000 0:01

Re: anti virus programs

Unread post by Jan de Lint » 27 Dec 2018 14:34

Now that you mention it, yes my VP installation always goes smooth. One tip though, if you provide a generic download of a certain VP version (which requires f.i. a registration code at install time), your installable will be even better accepted than your current downloads which are personalized. At least that is my experience.
But using an installer is anyhow more reliable than just copying/unzipping files to the target machine.
]an

Paul Cerkez
VIP Member
Posts: 384
Joined: 6 Mar 2000 0:01

Re: anti virus programs

Unread post by Paul Cerkez » 2 Jan 2019 12:58

Jan,
sorry for the delay in responding. Been off line.

I have used both installers and simply copying from one device to another. As I mentioned, no registry modifications.

The installers (2 different products) worked cleanly. Loved using them.

The AV products simply did not like the application itself (for the reasons I mentioned).

P.
AI Rules!
P.

drspro2
Active Member
Posts: 119
Joined: 28 Apr 2006 12:03

Re: anti virus programs

Unread post by drspro2 » 4 Jan 2019 7:14

an install tool can help,

Currently I use NSIS install tool, is that similar to Inno setup ?

User avatar
Thomas Linder Puls
VIP Member
Posts: 2361
Joined: 28 Feb 2000 0:01

Re: anti virus programs

Unread post by Thomas Linder Puls » 4 Jan 2019 9:20

It seems that there are two different experiences:
  • is our experience that installers and signatures does not help. And I also believe that Paul expresses.
  • others have experienced that installers may help.
Regards Thomas Linder Puls
PDC

User avatar
Jan de Lint
VIP Member
Posts: 239
Joined: 6 Mar 2000 0:01

Re: anti virus programs

Unread post by Jan de Lint » 5 Jan 2019 21:10

I'm sure the large Inno Setup users community can be of some assistance, but basically you are on your own :oops: .
Over the years, Inno Setup worked for me, and I let it create registry entries for the program, e.g. uninstall. I did not sign the program, however the download site had a domain certificate (and https).
After I started keeping the download URL constant and stable over time the (rare) false antivirus alarms went away.
]an

Post Reply