I'll jump in here since this is a pet peve of mine:
When you see a malware scanner report something like:
GData and Bitdefender reported: Gen:Trojan.Heur.AutoIT.1
That's it's way of telling you: "I AM A STUPID LAZY IRRESPONSIBLE MALWARE SCANNER"
The signs are there, you just have to know how to read the detection report.
You can tell by the name it's giving the detection, that "HEUR" means "HEURISTIC", in other words, a guess, a generic thing it found that it doesn't know what it's looking at.
And then the "Heur.AutoIT" is the final nail in the coffin. What it's basically reporting is that this tool was made with the AutoIt language, AND NOTHING MORE.
So basically this irresponsible lazy stupid malware company is deciding that it's just going to mark EVERY tool on the planet created with AutoIt language as "possible" malware, and scare everyone who doesn't know better.
I've ranted on this behavior for a while, but it is absolutely irresponsible of these companies. I can appreciate them being overly cautious, but they need to stop marking stuff that they don't understand as being "DETECTED". If they want to show a window that says "This program was built with the AutoIt language, and cannot be further analyzed so it is impossible for us to know if it's safe." that would be fine. But they need to stop pretending they have detected malware signs when they haven't.
These false positives happen all the time with the AutoIt and AutoHotkey languages, and it has a very serious and unfair detrimental affect on the usability of these languages. I blame the antivirus companies almost entirely, but the AutoIt and AutoHotkey communities also must share in some of the blame for not rising up and mounting a real effort to get the anti-malware companies to stop this outrageous behavior.
Recent Posts