pouët.net

packers/compressors & security & malware & webhosting

category: code [glöplog]
Hi guys,

In rgba we are having this annoying problem of our webhosting company repeatedly shutting down our website cause they detect malware i our 4k intros. This time, as this is a reincident problem, they have almost shutted it down forever.

Despite my attempts to explain them the virus detection problem with packed files and all the stuff, the conversation went into a surreal status in form of infinite loop, where the technical support insisted I contacted an expert in security who would explain me what malware is and so forth.

Basically, they have some fixed procedures that they will follow as robots and it seems imposible to convince them to behave otherway, so the battle is lost.

The solution is either we change to another server with less security paranoia, either I try to trick the scanner and somehow start becoming a hacker myself. I would rather leave programming that wasting my time learning hacking and security techniques. But changing to another server might not solve the problem in the long term.

So, nobody else is having this problem? How did you solve it?

I fuking hate all this security paranoia, and even if I might be mixing issues here, I hate even more the hackers and crackers and whatever originated it all. I'm so NOT proud but ashamed of our cracking origins, I'm sorry.

[/i]
added on the 2010-06-10 22:03:37 by iq iq
Submit for an account here.

Scamp and the others behind this project, we <3 you. ;-)
added on the 2010-06-10 22:09:39 by Defiance Defiance
What Defiance said.
added on the 2010-06-10 22:23:33 by torus torus
use Dsplit or protect your files with a PW
i can store your files for you at http://www.esemdesign.com/hexen/rgba/ and you can link to them.
added on the 2010-06-10 22:51:20 by hexen hexen
use password protected archives where password is 'rgba' for all of them and put it near every download link. i hope virus scaners r not that smart yet to beat this trick...)
added on the 2010-06-10 22:58:01 by RRROAR RRROAR
passwords on archives are lame. go to untergrund.
or you could use 7z and pack with PPMd on Ultra compresion. works on most of my packed "files"
I am having problems with my own stuff getting destroyed by webservers and users AVs for using packers (I particularly love kkrunchy...)

So, someone know a packer that is not tagged yet as malware?
I am planning in using MEW11 or UPX, and although the AVs on my machine don't deleted them, I wonder if they are tagged by someone...
added on the 2010-06-10 23:29:03 by speeder speeder
Quote:
I'm so NOT proud but ashamed of our cracking origins, I'm sorry.

What on earth has that to do with this? Even if you, for some reason, dislike what crackers did in the 1980s on c64, it's not like we have a doctrine of ancestral sin going on here.

Good luck with your hosting though, must be a bitch ;)
added on the 2010-06-10 23:41:29 by Hyde Hyde
Quote:

I am planning in using MEW11 or UPX, and although the AVs on my machine don't deleted them, I wonder if they are tagged by someone...

The difference is that UPX provides an unpacker, meaning that AV manufacturers can easily look inside an upx-packed file. due to practical reasons (kkrunchy somehow scambles exe files at least partly), this is not possible with popular demo packers. in fact, the older versions of kkrunchy are not detected as threats anymore, but the more recent, better versions still are.
actually, iirc the problem with some packers was that they can just be unpacked at runtime, which is not a problem with UPX - but of course UPX produces bigger files.
An untergrund account seems to be the best option to me. Or you can link to files stored in ftp.scene.org if you prefer it.

But, alas, this security paranoia will never end!
added on the 2010-06-11 00:16:49 by ham ham
The problem is even more annoying. I tried to download Elevated in this Windows7 machine, and apparently IE/Mozilla had some sort of AV protection thing that I had to disable. Then, the OS itself had another AV or something. In the end, I had to disable two or three protection layers before I could see the demo. How frustrating, man, this is like going backwards.

Thing is that, yeah I know, being realistic only demosceners consume intros, but still you dream with some random person downloading an intro and running it, but if I was that random person I would immediately give up for sure. But other distribution formats like web stuff (wether that is html5+webgl, or flash, or whatever) are not there yet for demo making. What a mess.....

added on the 2010-06-11 00:20:24 by iq iq
I agree wholeheartedly with you. Nowadays this seems to be a major problem if we want to distribute intros for windows.

I can't figure a simple solution as there will be always people suspicious around while their AV software raise the "generic trojan/virus" alert.
added on the 2010-06-11 00:30:55 by ham ham
Can someone give a brief explanation (or a link to one) why packers are detected as malware?

...SirThanxalot.
added on the 2010-06-11 00:43:00 by maw maw
they are probably detected that way just because they are compressed. because most games and legitimate software isn't.
added on the 2010-06-11 00:50:29 by hexen hexen
you could always store your encrypted or compressed stuff in not executable files.
added on the 2010-06-11 00:51:39 by hexen hexen
non*
added on the 2010-06-11 00:51:52 by hexen hexen
i have some e-books on malware. i'll try to find them.
added on the 2010-06-11 00:54:23 by hexen hexen
I agree with you that this is totally fucking lame. Untergrund seems to be the best option. I just hope that in the future search-engines don't start black-listing your site, I can see them needlessly taking on this responsibility.
added on the 2010-06-11 01:00:48 by sigflup sigflup
or start storing your stuff as 2 seperate files and compress the stuff which is non executable. then you won't have to worry about it. the fact that the code is executable and is compressed is probably what is setting that shit off. leave the executable stuff alone or have something to write it out the compressed executable for you without compressing the executable writing it out. just my opinion.
added on the 2010-06-11 01:06:46 by hexen hexen
iq, who's your isp? I'm going to mail them and tell them they're lame
added on the 2010-06-11 01:14:53 by sigflup sigflup
Or then we could, you know, just stop caring about file size and quit packing them so much?

Okay, didn't think so. Just go to untergrund or somewhere else where tightly packed executables are accepted.
added on the 2010-06-11 01:29:52 by msqrt msqrt

login