Show Posts
1
Living Room / Fabricated virus warnings.
« on: March 22, 2010, 10:33 AM »
Hmm, I came across <a href="http://www.autohotke...orum/topic53129.html">interesting thread on AutoHotKey forums</a> related to donationcoder.
In my opinion, if you let bully push you around even a little, you're well on the road to complete submission, to handling over your hard earned lunch money to bully and doing a funny dance. Today you stop using UPX, tomorrow you stop using -O2 compiler flag in GCC, and the day after tomorrow you'll be buying code signing certificates coz any unsigned code gets flagged as malware. Then, to program you'll need a license and 'proofs' of being a good-behaving fella, 'just like for buying a gun'. All while big software vendors are whitelisted and could still do anything coz they can easily fight back with a libel lawsuit.
I'm entirely with AutoHotkey people on this issue. They have the courage to stand up for themselves.
On technical side - the notion that UPX is associated with malware is laughable. UPX - the original unmodified version that the good guys in question use - is an executable packer. Ironically, UPX is the most antivirus-friendly packer there is - it is free open source, thus unpacker can be incorporated into antivirus, and license even forbids packing binaries with a custom versions of UPX that would not unpack with the vanilla UPX - that's why good guys are using unmodified UPX. Whereas bad guys aren't going to use packer that is being flagged as malware, simple as that, so even if it was once true that some malware was being 'detected' by this "if it reads as UPX archive, call it malware" heuristics, this heuristic has immediately rendered itself obsolete for any new threats.
So what do you think. Should the independent developers quit using any free technology that became a target for automated libel, losing without any fight? Or should we try to stand for ourselves and hold the ground? The UPX issue may seem trivial - but it is just one step of retreat - there can be little doubt that antivirus vendors would come up with some other but similar 'heuristic' if their false positive rate is way below what they consider acceptable.
In my opinion, if you let bully push you around even a little, you're well on the road to complete submission, to handling over your hard earned lunch money to bully and doing a funny dance. Today you stop using UPX, tomorrow you stop using -O2 compiler flag in GCC, and the day after tomorrow you'll be buying code signing certificates coz any unsigned code gets flagged as malware. Then, to program you'll need a license and 'proofs' of being a good-behaving fella, 'just like for buying a gun'. All while big software vendors are whitelisted and could still do anything coz they can easily fight back with a libel lawsuit.
I'm entirely with AutoHotkey people on this issue. They have the courage to stand up for themselves.
On technical side - the notion that UPX is associated with malware is laughable. UPX - the original unmodified version that the good guys in question use - is an executable packer. Ironically, UPX is the most antivirus-friendly packer there is - it is free open source, thus unpacker can be incorporated into antivirus, and license even forbids packing binaries with a custom versions of UPX that would not unpack with the vanilla UPX - that's why good guys are using unmodified UPX. Whereas bad guys aren't going to use packer that is being flagged as malware, simple as that, so even if it was once true that some malware was being 'detected' by this "if it reads as UPX archive, call it malware" heuristics, this heuristic has immediately rendered itself obsolete for any new threats.
So what do you think. Should the independent developers quit using any free technology that became a target for automated libel, losing without any fight? Or should we try to stand for ourselves and hold the ground? The UPX issue may seem trivial - but it is just one step of retreat - there can be little doubt that antivirus vendors would come up with some other but similar 'heuristic' if their false positive rate is way below what they consider acceptable.