Re: Explanations about some problems with antivirus
Posted by Sven Gothel on Mar 22, 2012; 5:27pm
URL: https://forum.jogamp.org/Explanations-about-some-problems-with-antivirus-tp3848715p3849181.html
On 03/22/2012 03:45 PM, gouessej [via jogamp] wrote:
>
>
> Hi
>
> I've just read this article (in French):
> http://www.developpez.com/actu/42480/Les-developpeurs-detestent-ils-les-antivirus-Un-programmeur-manifeste-sa-haine-envers-ces-solutions-de-securite/
> http://www.developpez.com/actu/42480/Les-developpeurs-detestent-ils-les-antivirus-Un-programmeur-manifeste-sa-haine-envers-ces-solutions-de-securite/
>
> Now I understand why some antivirus block JOGL. When a programmer builds
> GlueGen, some native libraries are created or renamed as DLLs and such silly
> tools believe that it is a self-replicant virus.
>
> In my humble opinion, if I'm right, we won't have any problem with client
> machines except if the feature allowing to extract native libraries from
> JARs is detected as such a virus too.Wow .. thank you Julien.
Ok, so we don't rename the files [or suffix] in the extraction process
but copy it to a new 'temp' folder.
Looks like this is not hash match then (validation of known virus hash values
with blobs) but a runtime behavioral decision where the anti-virus hooks
monitor system level operations like file open and copy ..
Fascinating .. who trusts the anti-virus software then ? :)
[Dunno if my interpretation of your findings is true]
Cheers, Sven
>
> Best regards.
>
> -----
> Julien Gouesse
> http://tuer.sourceforge.net
> http://gouessej.wordpress.com
URL: https://forum.jogamp.org/Explanations-about-some-problems-with-antivirus-tp3848715p3849181.html
On 03/22/2012 03:45 PM, gouessej [via jogamp] wrote:
>
>
> Hi
>
> I've just read this article (in French):
> http://www.developpez.com/actu/42480/Les-developpeurs-detestent-ils-les-antivirus-Un-programmeur-manifeste-sa-haine-envers-ces-solutions-de-securite/
> http://www.developpez.com/actu/42480/Les-developpeurs-detestent-ils-les-antivirus-Un-programmeur-manifeste-sa-haine-envers-ces-solutions-de-securite/
>
> Now I understand why some antivirus block JOGL. When a programmer builds
> GlueGen, some native libraries are created or renamed as DLLs and such silly
> tools believe that it is a self-replicant virus.
>
> In my humble opinion, if I'm right, we won't have any problem with client
> machines except if the feature allowing to extract native libraries from
> JARs is detected as such a virus too.
Ok, so we don't rename the files [or suffix] in the extraction process
but copy it to a new 'temp' folder.
Looks like this is not hash match then (validation of known virus hash values
with blobs) but a runtime behavioral decision where the anti-virus hooks
monitor system level operations like file open and copy ..
Fascinating .. who trusts the anti-virus software then ? :)
[Dunno if my interpretation of your findings is true]
Cheers, Sven
>
> Best regards.
>
> -----
> Julien Gouesse
> http://tuer.sourceforge.net
> http://gouessej.wordpress.com
signature.asc (910 bytes) | Free forum by Nabble | Edit this page |