From: FromTheRafters on
"VanguardLH" <V(a)nguard.LH> wrote in message
news:hu11jn$ipp$1(a)news.albasani.net...
> FromTheRafters wrote:
>
>> Man-wai Chang wrote ...
>>
>>> Avira (forgot when) had once reported it as a virus....
>>
>> No, it was probably a false positive detection at one time - since
>> corrected. You could submit the program to virustotal.com, jotti.org,
>> or
>> virscan.org to see what some other scanners have to report.
>>
>> ...better safe than sorry.
>
> Until the AV program quarantines system files for the OS. A false
> positive on a system file could render your OS unbootable or
> inoperable.

Those are file submission scanners, no danger of that.


From: VanguardLH on
FromTheRafters wrote:

> VanguardLH wrote ...
>
>> FromTheRafters wrote:
>>
>>> No, it was probably a false positive detection at one time - since
>>> corrected. You could submit the program to virustotal.com,
>>> jotti.org, or virscan.org to see what some other scanners have to
>>> report.
>>>
>>> ...better safe than sorry.
>>
>> Until the AV program quarantines system files for the OS. A false
>> positive on a system file could render your OS unbootable or
>> inoperable.
>
> Those are file submission scanners, no danger of that.

I thought you meant "better safe than sorry ... to allow false
positives". I have my AV program alert my on *everything* it thinks is
bad; i.e., no automatic actions. I'll be able to figure out if the file
belongs to an app or to the OS and then investigate what that file
should really contain to determine if it was a false positive. I've hit
far more false positives in a variety of AV programs than I have ever
discovered for infections on my host. Letting the AV program
automatically dump files into its quarantine area (which means not even
the OS can get at it) could result in a dead OS or app.

Quarantining is usually an automatic action performed by the AV program.
I don't believe in allowing automatic quarantines; however, that also
means the user needs some education regarding their OS and have some
inititative to investigate the claim of an infection.

The online scanner make a good backup to get more opinions regarding the
good/bad status of a file. However, since only an on-demand scan is
performed against the uploaded file, only the current signatures can be
tested against the uploaded file. None of the heuristics can be used
against the behavior of the functions performed by execution of the file
or any libraries it happened to call. So the online scanners are only
good for a signature test against known malware. Zero-day malware won't
be caught that way.
From: FromTheRafters on
"VanguardLH" <V(a)nguard.LH> wrote in message
news:hu1quu$onr$1(a)news.albasani.net...
> FromTheRafters wrote:
>
>> VanguardLH wrote ...
>>
>>> FromTheRafters wrote:
>>>
>>>> No, it was probably a false positive detection at one time - since
>>>> corrected. You could submit the program to virustotal.com,
>>>> jotti.org, or virscan.org to see what some other scanners have to
>>>> report.
>>>>
>>>> ...better safe than sorry.
>>>
>>> Until the AV program quarantines system files for the OS. A false
>>> positive on a system file could render your OS unbootable or
>>> inoperable.
>>
>> Those are file submission scanners, no danger of that.
>
> I thought you meant "better safe than sorry ... to allow false
> positives". I have my AV program alert my on *everything* it thinks
> is
> bad; i.e., no automatic actions. I'll be able to figure out if the
> file
> belongs to an app or to the OS and then investigate what that file
> should really contain to determine if it was a false positive. I've
> hit
> far more false positives in a variety of AV programs than I have ever
> discovered for infections on my host. Letting the AV program
> automatically dump files into its quarantine area (which means not
> even
> the OS can get at it) could result in a dead OS or app.
>
> Quarantining is usually an automatic action performed by the AV
> program.
> I don't believe in allowing automatic quarantines; however, that also
> means the user needs some education regarding their OS and have some
> inititative to investigate the claim of an infection.
>
> The online scanner make a good backup to get more opinions regarding
> the
> good/bad status of a file. However, since only an on-demand scan is
> performed against the uploaded file, only the current signatures can
> be
> tested against the uploaded file. None of the heuristics can be used
> against the behavior of the functions performed by execution of the
> file
> or any libraries it happened to call. So the online scanners are only
> good for a signature test against known malware. Zero-day malware
> won't
> be caught that way.

All good points.


From: Man-wai Chang to The Door (33600bps) on
> But you already knew all of this. So what is your question *NOW* about
> PhysX?

I was/am just not sure whether Avira was trying to protect Nvidia's
interests... :)

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.34
^ ^ 18:20:01 up 13 days 21:31 2 users load average: 0.00 0.00 0.00
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
From: VanguardLH on
Man-wai Chang wrote:

>> But you already knew all of this. So what is your question *NOW* about
>> PhysX?
>
> I was/am just not sure whether Avira was trying to protect Nvidia's
> interests... :)

Avira, as well as other anti-virus vendors, don't want their products
generating ANY false positives regardless of whose software is installed
on your host. I'm not sure that any AV product hasn't had false
positives in the past and why you have to do some investigation when any
malware gets reported on your host. For example, I've had false alerts
on the .vhd files for virtual machines where they contained a pristine
install of Windows XP. Somewhere in the huge file was a string of bytes
that happened to match on a malware signature.

Avira may have falsely alerted on PhysX in the past but it is likely
that it didn't false alert before that, happened to include a signature
that matched on a byte string after some update to Avira's signatures,
and then users reported the false positive and Avira updated the
signature database or extended the signature to ensure it looked at more
bytes than before so it wouldn't match on the PhysX file anymore. If it
is a *false* alert then it usually does get fixed but can be several
updates later. Some false positives never get fixed by some AV vendors,
like many continually alert on Nirsoft's utilities on your host.
First  |  Prev  | 
Pages: 1 2
Prev: Ant To Raid/Cook:
Next: Forged