Explanations about some problems with antivirus

Hi

I've just read this article (in French):
http://www.developpez.com/actu/42480/Les-developpeurs-detestent-ils-les-antivirus-Un-programmeur-manifeste-sa-haine-envers-ces-solutions-de-securite/

Now I understand why some antivirus block JOGL. When a programmer builds GlueGen, some native libraries are created or renamed as DLLs and such silly tools believe that it is a self-replicant virus.

In my humble opinion, if I'm right, we won't have any problem with client machines except if the feature allowing to extract native libraries from JARs is detected as such a virus too.

Best regards.

On 03/22/2012 03:45 PM, gouessej [via jogamp] wrote: Wow .. thank you Julien.

Ok, so we don't rename the files [or suffix] in the extraction process
but copy it to a new 'temp' folder.

Looks like this is not hash match then (validation of known virus hash values
with blobs) but a runtime behavioral decision where the anti-virus hooks
monitor system level operations like file open and copy ..
Fascinating .. who trusts the anti-virus software then ? :)

[Dunno if my interpretation of your findings is true]

Cheers, Sven

>
> Best regards.
>
> -----
> Julien Gouesse
> http://tuer.sourceforge.net
> http://gouessej.wordpress.com

I think that my explanation is enough for the case of developers trying to build GlueGen because some antivirus really believe any program that creates a DLL is a virus except some "known" compilers. However, it does not explain why some people who don't build GlueGen have the same problem. In this case, I think that another viral agent target our DLLs. None of my Windows "users" reproduced this problem.

Yes, I suspect these tools make bad predictions at runtime, based on the behaviour of a program.