Chrome Security Warning for scene.org
category: general [glöplog]
This message was shown to me today each time when I wanted to download a release from scene.org:
Is there anything that can be done do about it? Can we all flag it positively or so?
I guess it scares many people away who don't know about antivirus false alarms for intros etc.
Is there anything that can be done do about it? Can we all flag it positively or so?
I guess it scares many people away who don't know about antivirus false alarms for intros etc.
I hooked the site under Google's Webmaster Tools to find out and it appears they're particularly fidgety about elevated_win7_test.zip being malware, so perhaps the best you can do is check which scanners are flagging it as malware and sending false positive reports.
Once that's done I can request a review (I tried twice so far and gotten rejected)
Once that's done I can request a review (I tried twice so far and gotten rejected)
Nothing special.
A website that hosts many small binaries is automatically suspicious for hosting malicious code to phirsching, identity theft, fraud, ddos and anything that You make a 64k Computer virus do.
Demoscene uses highly compressed binaries often usung pointers to external Things and l-systems.
A half decent protective script just makes a hard to miss but fuzzy warning about This. Its not smart enough to ne More specific.
A website that hosts many small binaries is automatically suspicious for hosting malicious code to phirsching, identity theft, fraud, ddos and anything that You make a 64k Computer virus do.
Demoscene uses highly compressed binaries often usung pointers to external Things and l-systems.
A half decent protective script just makes a hard to miss but fuzzy warning about This. Its not smart enough to ne More specific.
it's been a growing issue for quite a few years now :/ wish there was an easier way to deal with this.
i remember on previous threads some folks talked about code signing and including checksums as possible solution. but i believe the main issue is most of these antivirus/malware detection companies dont really care much about resolving these false positives.
i remember on previous threads some folks talked about code signing and including checksums as possible solution. but i believe the main issue is most of these antivirus/malware detection companies dont really care much about resolving these false positives.
A solution would be to distribute demos as sourcecode without binaries.
Quote:
A solution would be to distribute demos as sourcecode without binaries.
No, that won't be a solution at all. Because for once that would mean that everybody would have to have ALL dev-environments in all possible configurations at hand to build the demo.
Compile-times and hassle included.
Secondly that would force everybody to disclose their sources - no matter if you want it or not.
a working solution would be making a demo launcher with some custom format for compression/data obfuscation and create+distribute .demo files for it that are basically mutilated .zip files from which you'll run the .exe... then again, that's also highly unpractical :)
Quote:
A solution would be to distribute demos as sourcecode without binaries.
You can just see how well this crap works in the linux-land.
The real solution is youtube.
I suggest to never enforce any single virtual machine for demoscene code.
This only ends in a Turing tarpit.
This only ends in a Turing tarpit.
Detect user agent of google's bot and serve it a different file.
If it works that way...? Does google actually get reports from public virus scan tools?
I´d say he best solution is to backfire by informing users of such browsers with a short notice about the questionable decision and user disinformation their self-proclaimed "do-not-evil" browser makers are providing.
Including a note how a user can check that a file is original and safe (afair all scene.org archive uploads are reviewed anyway, but some additional hints like checking party appearance, file date or checksum may be helpful, too).
That´s true. In trying to simulate maximum security in an battle malware heuristics have gone braindead. Actually I´m retty sure they aren´t interested in a real secure system at all since that would render their business model obsolete, and in my experience their "solutions" are already causing a similar level of trouble than the problems they claim to counter.
It´s also interesting that free/hobbyist stuff remain in false positive a long time while commercial products don´t - as if the real evildoers care, most of them are likely using cracked or pirated commercial stuff as well.
E.g., tools like pskill, alink, upx often end up in false positives, but i´ve never seen the same stuff happening for ms binaries serving more or less the same purpose.
It is also on purpose that they always smash big red "MALWARE! VIRUS! TROJAN!" alerts right into the users face rather than providing a more honest warning like "This file is unchecked and may be harmful because it is runtime packed/opens an internet connection/contains driver parts/..." which actually would be way more helpful.
That works for like 5 weeks, and then you´ll have the next TROJAN-GEN-BULLSHITNAME malware alert.
Encrypted standard archives might work better since they cannot be scanned automatically.
Please die a slow and horrible death (screened on googletube ;)
If a third party sucks the worst way is to counter that by sucking (their ass) as well.
Including a note how a user can check that a file is original and safe (afair all scene.org archive uploads are reviewed anyway, but some additional hints like checking party appearance, file date or checksum may be helpful, too).
Quote:
i believe the main issue is most of these antivirus/malware detection companies dont really care much about resolving these false positives.
That´s true. In trying to simulate maximum security in an battle malware heuristics have gone braindead. Actually I´m retty sure they aren´t interested in a real secure system at all since that would render their business model obsolete, and in my experience their "solutions" are already causing a similar level of trouble than the problems they claim to counter.
It´s also interesting that free/hobbyist stuff remain in false positive a long time while commercial products don´t - as if the real evildoers care, most of them are likely using cracked or pirated commercial stuff as well.
E.g., tools like pskill, alink, upx often end up in false positives, but i´ve never seen the same stuff happening for ms binaries serving more or less the same purpose.
It is also on purpose that they always smash big red "MALWARE! VIRUS! TROJAN!" alerts right into the users face rather than providing a more honest warning like "This file is unchecked and may be harmful because it is runtime packed/opens an internet connection/contains driver parts/..." which actually would be way more helpful.
Quote:
a working solution would be making a demo launcher with some custom format for compression/data obfuscation and create+distribute .demo files for it[...]
That works for like 5 weeks, and then you´ll have the next TROJAN-GEN-BULLSHITNAME malware alert.
Encrypted standard archives might work better since they cannot be scanned automatically.
Quote:
The real solution is youtube.
Please die a slow and horrible death (screened on googletube ;)
If a third party sucks the worst way is to counter that by sucking (their ass) as well.
"Change browser or disable the warning" Of course this does not change the fact that people who try to download and do not know, get this stupid message :/
Quote:
The real solution is youtube.
If you look at the stats, binary downloads for the non-superstar-64k stuff seem to be almost negligible these days (yes, I know, a lot of self-hosting too).
Quote:
If it works that way...? Does google actually get reports from public virus scan tools?
Google owns VirusTotal, which many people use - that's one way how they get that data. AV companies/organizations sharing threat data is another.
Quote:
Including a note how a user can check that a file is original and safe
How can average joe who is not an IT guy check if a file is safe? Heck, how can an experienced IT guy who is not an IT security specialist check?
Quote:
[...] in my experience their "solutions" are already causing a similar level of trouble than the problems they claim to counter.
AV solutions have a host of problems (false positives, having vulnerabilities themselves, ...), but I for one am nonetheless really glad that they protect me at least from all those threats that are at least a day old. You wouldn't believe how often we still see Conficker infections causing REAL problems for example, which AV would have easily prevented. (I'm not working for an AV company, btw.)
Quote:
It is also on purpose that they always smash big red "MALWARE! VIRUS! TROJAN!" alerts right into the users face rather than providing a more honest warning like "This file is unchecked and may be harmful because it is runtime packed/opens an internet connection/contains driver parts/..." which actually would be way more helpful.
More helpful to *you*, who has IT experience and who understands that warning. The vast majority of people do not, and would simply ignore it and often make the wrong decision. Simplifying the warnings has improved the situation quite a bit, as tests and experience has shown.
That said, I agree the option to get more details for those who want that would be nice.
The real solution (probably) is(n't) ... a Linux/BSD style package manager & repos for scene prods.
Use another browser!!! google psicotic rules and pretentious behaviour controlling all the stuff is upsetting me.
Quote:
How can average joe who is not an IT guy check if a file is safe?
Why would an average joe who is not an it guy be on scene.org??
Quote:
Why would an average joe who is not an it guy be on scene.org??
Successful outreach? :)
Also, are all graphicians, musicians and designers in the scene IT guys (in the sense that they know more than just how to use a computer)?
1: Find the files generating the false positives.
2: Encrypt the zip, place inside another zip with the password in file_id.diz
3: Try and get the site-warning removed.
2: Encrypt the zip, place inside another zip with the password in file_id.diz
3: Try and get the site-warning removed.
Quote:
Also, are all graphicians, musicians and designers in the scene IT guys (in the sense that they know more than just how to use a computer)?
I think you are severely underestimating the people that are still interested in the demoscene. :)
I picked a random hit from the virustotal list and sent them the Elevated archive for false positive submission:
Good job! If it's "not detect worthy", then why is the file detected as a virus? :) But at least the readme file is clean!
Quote:
SophosLabs has analyzed the submitted file(s) and determined they are not malicious.
scene.org.txt -- clean
elevated.txt -- clean
elevated_1920x1080_hq.exe -- not detect worthy at this point in time
elevated_1440x900.exe -- not detect worthy at this point in time
elevated_1024x768.exe -- not detect worthy at this point in time
elevated_1280x1024.exe -- not detect worthy at this point in time
elevated_1280x720.exe -- not detect worthy at this point in time
elevated_1920x1080.exe -- not detect worthy at this point in time
elevated_win7_test.zip -- archive file
file_id.diz -- not detect worthy at this point in time
Good job! If it's "not detect worthy", then why is the file detected as a virus? :) But at least the readme file is clean!
Quote:
Quote:How can average joe who is not an IT guy check if a file is safe?
Why would an average joe who is not an it guy be on scene.org??
THAT. Same for other sites offering other stuff.
Also, "checking" does´t necessarily mean to reverse every bit and its behaviour but some basic plausibility checks which would already sort out most attempts of tricking a faulty file to be downloaded. E.g., most scene prods were released at a party and should thus also be listed on the results.txt or demozoo, have a file dates matching the release date etc.
Being skeptical if a scene prod is served on superwarezhost or if scene.org suddenly turns into a pirategamers paradise isn´t an "IT guy" only thing but rather one of common sense and basic brain usage.
Quote:
Quote:[...] in my experience their "solutions" are already causing a similar level of trouble than the problems they claim to counter.
AV solutions have a host of problems (false positives, having vulnerabilities themselves, ...), but I for one am nonetheless really glad that they protect me at least from all those threats that are at least a day old.
That´s wishful thinking. It sometimes can protect you from KNOWN threats with a KNOWN detection method, but not from something unknown which might be in the wild for months. That worked as long as most data was transferred on floppies or expensive and slow dialup connections, but not in a world full of devices with 24/7 online presence and hence enough possibilities to quickly spread, update and mutate malware anytime.
My experience looks more like that:
* backup script broken after av software silently deleted a false positive
* scared user which messed things up after av flagged a joke program as virus and thought it was her fault
* win xp no longer starting successfully after av flagged a driver provided by windows update
* successful detection of a trojan contained in an e-mail, but not preventing it from infecting the system
* firewall blocking a hacking attempt (turned out receiving a "ping" is already sufficient) leads to machine crash
* successfully detecting an old dos-age bootsector virus on old floppies
* not detecting an obviously infected machine even after several weeks
* web hoster blocking access to an unmodified upx-packed file due to av false positive after it has been there for several years without getting flagged
So much about the security "average joe" gets.
Also, security needs to cover the whole environment, thus any local machine based solution is likely to miss most network and social engineering based tampering attempts.
Quote:
Quote:It is also on purpose that they always smash big red "MALWARE! VIRUS! TROJAN!" alerts right into the users face rather than providing a more honest warning like "This file is unchecked and may be harmful because it is runtime packed/opens an internet connection/contains driver parts/..." which actually would be way more helpful.
More helpful to *you*, who has IT experience and who understands that warning. The vast majority of people do not, and would simply ignore it and often make the wrong decision. Simplifying the warnings has improved the situation quite a bit, as tests and experience has shown.
Keeping the users dumb by scaring them instead of providing helpful advice and education is definitely helping the business of certain companies.
But it does not improve the situation for the users, and is hazardous for any kind of small business and non-profit stuff. With great power comes great responsibility, you won´t get one of it without taking care of both of them.
Waht T$ said.
And if we are talking about container impregnable to av scans, how about classic uuencode/uudecode? Not so onerous for 4k & 64k.
And if we are talking about container impregnable to av scans, how about classic uuencode/uudecode? Not so onerous for 4k & 64k.