Author Topic: Avast Default=Small Time Dev?Must be making malware. Give the app user a scare!!  (Read 6178 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
I'm pretty cheesed off with this so called antivirus. The reason is that every time I build an application, Avast! stops it from running. I'm using VS2010 and one app I'm developing in particular keeps being consigned to the malware bin.  >:(

The paranoid bit:<paranoia> But Avast! must like my application, because it wants me to submit it. Thus giving away a hugely (in development time) expensive license for free for Avast! to rip off or resell or simply use themselves. If I don't submit it, and I do distribute the application, Avast! will tell it's users that it contains malware and being to destroy it's reputation.</paranoia>

Why does Avast! not run the application silently before shouting warnings and taking action based upon a rubbish heuristic guess? It's being debugged under appname.vshost.exe for goodness sake!! Can't it even detect that? :o

Yes, one day I might buy digital signing, but initially, for 100 users it was going to be free, in return for feedback. (Beta Testing)

For the record my app does not hook the keyboard, or do anything illicit,  or write to incorrect places etc etc and has only a few warnings from MS .net code analyzer. One of those is a deeply complicated series of calculations under one function:

(Warning   2 CA1502 : Microsoft.Maintainability : 'Form1.xxxxx_Click(Object, EventArgs)' has a cyclomatic complexity of 37. Rewrite or refactor the method to reduce complexity to 25.)

How can we as small developers stop Avast! from treating apps as malware that are not ready to be submitted to avast for analysis? After all it could go through several major development changes before finally being released?

My proposed solution: Can Avast! issue some kind of token and sign the app for themselves from my development environment? That avast token could be embedded in my code if necessary (my option where and how). Obviously it would need to test and run the app before adding to Avast! whitelist, but as I am running it inside a development environment, Avast! could take that into account and assume that I know what I'm doing!!

Thanks for reading...

Rob

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31073
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Quote
My proposed solution: Can Avast! issue some kind of token and sign the app for themselves from my development environment?
That will never happen ofcourse. If they would do that it means that everyone who is developing malware could get such a code bypassing security/detection.

If you are sure there is no malicious code in your software, just submit it to avast through the contact form so they can have a look at it. It could be a false positive.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6699
  • Trust only what you test yourself!
Try this form http://www.avast.com/contact-form.php

Or...

Send the file to virus@avast.com in a "zipped" password protected file.
Choose the "subject" as you desire.

Additional: Software under development will always send up a red flag.
               It's the final product that matters.
               

Edit: Deleted one line.
« Last Edit: August 02, 2014, 09:27:18 PM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

REDACTED

  • Guest
Quote
My proposed solution: Can Avast! issue some kind of token and sign the app for themselves from my development environment?
That will never happen of course. If they would do that it means that everyone who is developing malware could get such a code bypassing security/detection.

If you are sure there is no malicious code in your software, just submit it to avast through the contact form so they can have a look at it. It could be a false positive.


I heard.. yes only 2nd hand, that getting an app whitelisted during development stages is worthless.  Also, the whole point would be to run and test the app and either issue or not issue a token. I can't see malware developers wanting to run their product via an antivirus checker!!! lol

I don't see why they can't sign the app for avast users. They will accept 3rd party signing! why don't they issue a token of their own.  If avast! wants to ensure safety, in a FAIR manner, don't trash unknown apps by default. Analyse them at runtime once and issue a token to that MD5.


Oh it is a false positive. Other AV don't flag it. and it's not doing anything bad. not even a 3rd party dll or control or even connection to the web. all legitimate stuff.

REDACTED

  • Guest
I'm pretty cheesed off with this so called antivirus.
You wrote a lot, and so I might have missed it, but you didn't mention what check Avast failed your program on.

If you're going to distribute code online nowadays, you'll want to get a code signing certificate, which indicates to others that you have been vetted and that the module you've provided hasn't been tampered with.  Yep, it's a pain, and yep, it costs a few hundred bucks, but it's the way of the world.

-Noel (another developer)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76017
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I can't see malware developers wanting to run their product via an antivirus checker!!! lol
You'd be surprised, most of them do.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Try this form http://www.avast.com/contact-form.php

Or...

Send the file to virus@avast.com in a "zipped" password protected file.
Choose the "subject" as you desire.

Additional: Software under development will always send up a red flag.
               It's the final product that matters.
               

Edit: Deleted one line.

Yes, thank you :) I'm aware of that opportunity to upload. I mentioned in the other comment that getting it checked while under development is worthless because it can change.

I know why new software is initially a little bit suspicious, and i appreciate the safety,  but as it's running under appname.vshost.exe it implies that i'm debugging it.

The token idea seems reasonable to me. *shrug*

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76017
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
The token idea seems reasonable to me. *shrug*
Most probably won't happen.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
I'm pretty cheesed off with this so called antivirus.
You wrote a lot, and so I might have missed it, but you didn't mention what check Avast failed your program on.

If you're going to distribute code online nowadays, you'll want to get a code signing certificate, which indicates to others that you have been vetted and that the module you've provided hasn't been tampered with.  Yep, it's a pain, and yep, it costs a few hundred bucks, but it's the way of the world.

-Noel (another developer)

Hi Noel, It failed because it was suspicious! :/   win32:Evo-gen [SUSP] thats all i know. Avast doesn't supply more information than that does it?

REDACTED

  • Guest
I can't see malware developers wanting to run their product via an antivirus checker!!! lol
You'd be surprised, most of them do.

Actually. thinking it over, yes. i can see why they would.

REDACTED

  • Guest
The token idea seems reasonable to me. *shrug*
Most probably won't happen.
*nods* probably. But it's a shame that over zealous antivirus is taking over so much more of our computers.  At this rate, in the future 99% of our cpu power will be processing operations on our computers. no processing the work it should be doing.

We're losing the antivirus war in the fact our tools that prevent virus are actually hampering us :( (yes, slightly over exaggerated, but the point is still valid, if you see what i mean)

REDACTED

  • Guest
I'm pretty cheesed off with this so called antivirus.
You wrote a lot, and so I might have missed it, but you didn't mention what check Avast failed your program on.

If you're going to distribute code online nowadays, you'll want to get a code signing certificate, which indicates to others that you have been vetted and that the module you've provided hasn't been tampered with.  Yep, it's a pain, and yep, it costs a few hundred bucks, but it's the way of the world.

-Noel (another developer)

a few hundred bucks is what i dont have right now. :( but yes, it is seemingly more and more necessary..

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76017
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
We're losing the antivirus war in the fact our tools that prevent virus are actually hampering us :( (yes, slightly over exaggerated, but the point is still valid, if you see what i mean)
Well, you can exclude your dev dirs from scanning. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
We're losing the antivirus war in the fact our tools that prevent virus are actually hampering us :( (yes, slightly over exaggerated, but the point is still valid, if you see what i mean)
Well, you can exclude your dev dirs from scanning. ;)
well,  avast could avoid scanning them. and then avoid marking them as viorus and throwing them into the chest.  ;)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Quote
  well,  avast could avoid scanning them. and then avoid marking them as viorus and throwing them into the chest.     
Not virus ...... Suspicious

Anyway this is the price we pay for using generic/heuristic detections to be able to catch new virus before signature is created
If lots of undetected malware slipped by ..... what would you say then?