Rockbox General > Rockbox General Discussion
Virus in Rockbox Utility 1.2.8 Installer
gbl08ma:
Sorry, but for me it seems this whole discussion started at the point somebody (who relies too much on antivirus) got an antivirus warning saying that the Rockbox Utility file was a virus. Then that somebody got way too much alarmed and posted on Rockbox forums.
After that, the Rockbox community answers, trying to explain that false positives occur - and yes they don't show a good image to the newcomer, specially if you have one of those antivirus that delete the infected (or not so infected) file instantaneously once it is created.
As that somebody continues alarmed because of some antivirus warning, s/he keeps posting complaining there's no "official answer", I think is what s/he wants. Hey, like soap said, on non-corporate OSS projects there's no "official", there's a community that, ideally, acts like a family or a group of friends and works together to meet an objective.
In fact, I have already downloaded many OSS software from well known sites and publishers, and also some from not-so-well-known publishers, and many antivirus software classifies them as being malware. I'm also a software developer, and once I added an automated updater to my software (that doesn't download anything without previous user acknowledge and agreement), some antivirus software classified them as dangerous because it "downloaded files" (exactly what's happening with RB Util). Did I stop using that software (including mine) just because some antivirus said it is or contains a virus? No. At a maximum, when I don't trust the software in question, I go having a bit of work and look on the source code for dangerous operations - most of the times, I found that the point is on automated updaters and things like that. So, RB Utility is not immune to being classified as a virus.
Let's stop with this whole discussion - in fact now I think I have written too much. No one is obligated to use Rockbox, much less Rockbox Utility; in fact it voids your warranty in many (if not all) targets. The somebody that created the thread would have reasons to complain if s/he had paid for Rockbox or Rockbox Utility, but as an OSS project, you only use it if you want, and if you don't like it that way, you can change it.
"Somebody" is used on this post to demonstrate that cases like this can happen with anyone, and not to take away the honor of marthirial. In fact, what I described could not have happened with s/he, but it's a situation that actually can happen.
This is just my point of view! And no, you're not obligated to read this or agree with me.
bluebrother:
--- Quote from: marthirial on October 01, 2010, 01:25:24 PM ---Llorean: Yes, posted to Reddit and guess what, they had better answers than the actual developers here.
--- End quote ---
What answer do you expect? Someone saying "it's a false positive"? People did that, plus why they can't say why it's impossible why it's a false positive. This still doesn't change the problem that you need to trust someone posting in these forums -- or trust your virus software. You are the one to decide who you want to trust.
Edit: I've just checked the result of the scan that was posted on Reddit. It shows 3 scanners out of 43 considering the file malicious, so 40 scanners think it's ok. Do you trust 40 scanners saying the same or 3 scanners saying something else (but not exactly the same)? I'm more likely to go with the majority ...
M_Koga:
PMJI (duck, cringe, etc.)
Not having a dog in the fight, trying to be a bit of a peacemaker, hoping for the best, and so on...
A long time ago, when the net was a far safer, friendlier place, I got infected -- the ONLY time I ever got infected -- by a COMMERCIAL PRODUCT by a top-tier company that shall remain nameless. I don't remember if I was acting in the role of beta tester, or software review writer (this was a long time ago, I have forgotten more than I ever knew).
Fortunately, it was a relatively benign infection (a Word macro virus that shat upon every doc it could find, causing me lots of fun doing manual cleanup). I notified the vendor who turned eleven shades of purple, thanked me profusely for informing them, and proceeded to do the same on their in-house machines.
Some time earlier, I did NOT get infected, because the "disease" I was sold was incapable of doing any damage to me, having "destroyed its host" before landing in my hand. It as an updated motherboard BIOS (manufacturer shall remain nameless). This was during the 286 era, when BIOSs were purchased as either masked ROMs, PROMs, or EPROMs (this was long before we were able to flash our own firmware -- we had to physically replace a pair of ROM chips).
When I installed the chip pair I'd purchased from the mobo mfgr, my machine would not boot. After much "fun" I ended up writing a program that parsed both chips (original BIOS reinstalled, and suspect chips read in my PROM blaster), interleaved the hi/lo byte pairs, and extracted "likely ASCII" so that I could see what the hell was going on (suspicious sort that I was).
I stopped my investigation when I encountered a string that said something like "DISK KILLER TROJAN"
I then packed it in, and informed the mobo manufacturer, who proceeded to shit a pile of giant economy sized bricks, and tell me how bloody grateful they were to me for discovering that their machines were infected (the LIVE virus in their systems had corrupted the BIOS files before they burned them).
Of course, their talk of SHOWING me how grateful they were (there was some hinting about sending me a hot new mobo) amounted to naught. They had what they wanted, and I had to be satisfied with replacment chips (or maybe they only sent me the files so that I could burn my own, I don't remember, t'was a long time ago).
My point is that this sort of thing happened on occasion in a much more innocent age. Nowadays, the image I see when I think of the Internet is like that scene from Pfeiffer's "Little Murders" where the guy opens the steel cover protecting the window in the highrise apartment, and INSTANTLY bullets start flying in, until he shuts the steel cover again.
This brand of ever-present abuse causes a lot of jangled nerves. People are jumpy, and predisposed to freaking out. (This is why so many TRULY fraudulent "antivirus" crapwares are sold, many of which are nothing more than vectors OF infection themselves, with the less=noxious of them being "merely" garbageware that serves only to collect payment for the BELIEF of protection being provided.
It's a nasty, often brutal world, and getting worse by the moment.
To put this ALL into perspective, I have found Rockbox to be one of the MOST solid, stable, robust, well-designed pieces of software I have ever used. I am amazed at how fantastic it is, and I only use a small fraction of its capability.
Code like this can ONLY be produced by people that TRULY CARE about what they are doing. And, if there is ANY software I'd trust, Rockbox would be way at the top of that list.
R3n4:
I had a similar experience when my anti-virus has also detected this threat. I just immediately submit this issue to my anti-virus lab. They found out that the virus is a false positive. There's no need to worry about this issue because there is no virus in the installer.
wolftail:
I have just scanned the file in Microsoft Security Essentials (with up to date definitions) and it found nothing. Also virustotal.com gives a 2.43% chance of being infected (only one out of 43 AVs, nProtect detects anything). So I would definitely call it a false positive.
http://www.virustotal.com/file-scan/report.html?id=c384f29391e169aee74920b18279914c8aa67b2e0fb039f472a9b1c5390d8cbc-1295882127
Navigation
[0] Message Index
[*] Previous page
Go to full version