Jump to content

Warning warning trojan is real !!! (no it is not, just the morons at McAfee think so)


Nev

Recommended Posts

Rather than all this back and forth on whose to blame. It is obvious that the Configurer includes a a bit/byte pattern that is matches a Trojan by a number of the leading anti-virus suppliers on the market. On my system both Norton Anti-virus for Mac and Kasparov reports a Trojan and quarantine it.

Can I suggest Mathijs that the source code for this important utility be juggled around a little (ie. Move some of the function positions in the code to new positions)? The utility could then be recompiled/built and tested against the AV software. Hopefully the recompiled code will have a different, non-Trojan like signature. This is an Aerosoft issue not one for the AV Software producers.

Sent from my iPad using Tapatalk

Anti virus programs use two primary techniques to identify actual or potential threats. Pattern analysis of the file, looking for a specific sequence of bytes that are known to exist in particular malware, and heuristic analysis, where the AV program looks at the actual machine language functions that the file contains - analyzing what the file will do when executed.

Heuristic analysis is mainly used to detect files which "might" be malware, based on their behavior. It is an AV technique which does indeed catch new, previously unknown malware, but it is also a technique which is subject to false positives - which all AV software vendors readily admit if you read the manuals for their products.

It's highly unlikely that the configurator contains an extended byte pattern which is identical to a known virus. It is far more likely that the AV software is using heuristic analysis to make the (false) identification of the configurator as malware.

One "behavior" that real malware engages in is to open, modify and/or overwrite existing files on a computer. It is the primary way that malware spreads or reproduces itself.

Unfortunately, (in terms of false positives by AV programs) there are perfectly legitimate programs that do exactly the same thing - and the configurator is a perfect example. The whole point and purpose of the configurator is.... to configure! To open, modify and/or overwrite various files used by the Airbus when it is running in FSX. If the program cannot do those things, there would be no point in it even existing.

There is little that Aerosoft or any other add-on developer can do to prevent this problem. Standard software development tools used in Windows, like C, C++, VB.net etc. will always translate file open/modify/overwrite functions in the original source code into the same machine code in the final executable programs. Developers have no control over this. It is those machine language file-manipulation instructions that the heuristic analysis routines of the AV programs are picking up.

Also, Aerosoft is not the only FSX Add-on developer to have this issue. Both PMDG and Eaglesoft have had problems with their configuration software being falsely identified as malware because the executable files contain commands to open/modify/overwrite existing files.

The ball is definitely in the court of the AV vendors. Because false heuristic malware identification is a known problem, EVERY legitimate AV vendor has the means for end-users to submit known "good" programs which have been falsely identified, so that they will not be flagged in updated versions of the AV software. Sometimes this submission may be done from within the AV software itself, other times by uploading the file to the vendors website.

Link to comment
Share on other sites

I can attest to JRBarrett's comment. As a software developer I've seen a release change from a normal file to a "virus", according to the scanner, when a single digit was changed in the file's sub-version number.

DJ

Link to comment
Share on other sites

  • Aerosoft

I can attest to JRBarrett's comment. As a software developer I've seen a release change from a normal file to a "virus", according to the scanner, when a single digit was changed in the file's sub-version number.

DJ

The commercial damage these mistakes cause must be incredible. Yet in tests I only see how a scanner detects laboratorium viruses that have never been seen in the wild and never how much the scanners mistakenly flag files. McAfee must have costs us thousands of Euro's over the years.

Link to comment
Share on other sites

I can attest to JRBarrett's comment. As a software developer I've seen a release change from a normal file to a "virus", according to the scanner, when a single digit was changed in the file's sub-version number.

DJ

Funny thing during the internal beta testing:

One day a configurator version got blocked by my AV software, the next day it went unhampered, the next but one day it got blocked again ... Avast! (I use the freeware version only) can be configured to notify me of a blocked execution and I still have the opportunity to unblock it, so the *.exe would still start.

Link to comment
Share on other sites

MSE here and no issues,but also recommend Avast (free). We are forced to use Macafee at work and it's a hog.Everyone complains about it but we have to use that rubbish.

Jude

Link to comment
Share on other sites

I use microsoft security essentials without issue.

Yeah, I agree. It has not that big influence on the PC`s performance and is enough to have something like a safe feeling :eyepop_s:

Link to comment
Share on other sites

Guys ! Guys !! please !!!

What did I start by posting here ??, even Mathijs reduced to swearing !!!!!!! .I know Aerosoft would not include a virus in there product .. I know McAfee aint helping out here also, in the past I used AVG as some of you have suggested ... the bottom line is that this is a fully paid up package with all the trimmings of the virus software ie its all turned on in the price of infinity !!! , it seem s why risk the ship for an bucket extra of tar applied to its hull ?? or down grade to freeware .... like in my original post I cant talk to McAfee im a Bt subscriber and I get VS thru them... End

Now I can use the configurator by isolating McAfee as suggested (ie pull the plug on scanner ) make my adjustments and enjoy the fleet 318,319 an now 320, 321. which work brilliant deff the best ever bar none , an believe me ive tried most of them over the past ten years or more !!!

So guys guys please no more bickering an swearing as im not up to speed on all the tech jargon of comp programing .

All I said was McAfee says it a virus I know... You know... it aint but not being a full purchaser of McAfee ( out the box or down load ect ect it comes via BT) I cant get them to unblock it for me or others

and it seems BT cant either !! Its not about laying blame but its just crazy that it cant be fixed by either parties for us laymen out here .

I tried.. I failed... Sorry

Now... Mathijs lock this post please .... an lets enjoy one very superb Airbus its been a long time in coming but its definitely Arrived

Nev

Link to comment
Share on other sites

Mathis,

That particular incident caused a room full of very highly paid developers to come to a complete stop for several hours while the build testers and I tracked down and proved what had happened...

DJ

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy & Terms of Use