DOWNLOAD.CNET.COM virus scan positive!

Post here messages if you have any problems with working of Enigma Protector
speedyorange
Posts: 42
Joined: Mon Dec 19, 2011 3:47 pm
Contact:

Re: DOWNLOAD.CNET.COM virus scan positive!

Post by speedyorange »

Finally, good news!

It would have been extremely hard for me to get up to speed on this issue without your help. I believe many other shareware protector companies would just have gouged me hard for help in fixing the problem. You guys are the champs!

What about the full version of my program, should that be submitted to the antivirus companies as well? Would it better if it is submitted by you or me since your digital signature is the one on the outside, or does it matter?

Could you send me a list of the links you use to submit programs to the antivirus companies? I want to try to get up to speed on that. Apparently false positives are the bane of software developers all over the world and many claim their business was ruined by them!

Any advice on how to make my program popular?
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: DOWNLOAD.CNET.COM virus scan positive!

Post by Enigma »

speedyorange wrote:What about the full version of my program, should that be submitted to the antivirus companies as well? Would it better if it is submitted by you or me since your digital signature is the one on the outside, or does it matter?
I think since antivirus companies know about digital signature of DEMO version, they will apply same rules for full version too. And, to my mind, there is no need to submit full version.
This also does not matter who will submit the file, you or me, I could only use some internal contacts for "difficult" cases, but usually I do just everything written in this blog:
http://www.softwareprotection.info/2011 ... -to-solve/
speedyorange wrote:Any advice on how to make my program popular?
Yeah, this is probably the most difficult and important part in software development. Each program has own secrets, and very rare developers will share it :)
Everything depends on a program auditory, i.e. who are your users? Are they students, big companies, small companies, software developers, or maybe ladies? For each auditory there are different kinds of promotion.
Anyway, I can say that posting information about your product on the forums is good and right way in all the cases.
To improve your site index in the google, your site should contain big rating, SEO optimisation (keywords and so on) and refering pages (other sites that points users to your site).
You may look at the site alexa.com, it computes some site rating, lower rating means better popularity. It also shows a refering pages, so you can get some information from it.

As regarding CNET, I did not get good experience with them. Number of downloads from CNET is very low, number of visitors is almost zero... maybe we are doing something wrong? who knows...
speedyorange
Posts: 42
Joined: Mon Dec 19, 2011 3:47 pm
Contact:

Re: DOWNLOAD.CNET.COM virus scan positive!

Post by speedyorange »

Found out something real funny about CNET, if the user uses the cnet 'secure installer', the installer itself will pop up virus warnings! I saw a 'very suspicious file' warning!

I tested their 'secure installer' on virustotal and it got 6 positives! Some quick research revealed that it is because their 'secure installer' has offers for you to install junkware. In fact I ran google searches on the actual virus names that virustotal says it has and every one of them came right up 'cnet trojan'!

https://www.virustotal.com/file/8ec9847 ... /analysis/

Even worse than that, the actual 'secure installer' has none of my program in it, it just has a bunch of junkware offers on it with hard to notice checkboxes opting OUT of them! Then, after the 'secure installer' is done, it will just pop up a directory with the actual developers (me) installation file highlighted. I was confused what I was supposed to do next and it was my installation file!

They broke the flow that everybody expects when downloading:
- the file downloads and your download window on your browser pops up
- you double click on the file in your download window

I have to wonder how many people might download my file and then not install it because their virus scanner says that cnets 'secure installer' is 'very suspicious'. But of course they would think that it is my file that is very suspicious and tell all their friends that!

Or they might bite the bullet and run the file even though it says it is suspicious but then they don't do the extra confusing AFTER THE INSTALLER step when it pop ups the disk directory with a file selected on it. Oh, so you're supposed to run 2 installers, first the junkware installer, then the real installer! Run 2 installers to install one program, what a concept! So, then they tell all their friends that the program doesn't do anything and it tricked me into installing some junkware!

Even more bizarre, if the user uses the 'Direct Download Link' on the cnet software page to download my software, it will actually download from cnet's site not mine, but only my software will download(tested 100% virus free) with no cnet junkware installer that pops up virus warning and breaks the users expected flow of software installation! Unfortunately most users probably will use the cnet installer because it is big and bold. Of course there doesn't seem to be any way for the developer to turn off this amazing 'secure installer' from cnet!@$%#

If cnet wants to monetize their installer, at least they could do a better job of it! It should not be popping virus warning and breaking the users expected installation flow! I'm sure if I UPLOADED THEIR INSTALLER to their web site as a software submission IT WOULD FAIL because of virus positives.

Now the cnet download web site itself has become a virus warning popping piece of junkware! I feel that their poorly designed attempt to monetize installations has destroyed 90% of the value of the site for developers!

Have you guys tried downloading your own stuff from cnet lately, what with their new 'secure installer', now with more junkware?
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: DOWNLOAD.CNET.COM virus scan positive!

Post by Enigma »

Yes, CNET adds own installer for files. This case was discussed about a year or more ago. Most developers does not like it and deleted own files from CNET.
Our Enigma Virtual Box is also wrapped to their installer, but I can't say you it gives any disadvantages (only because it does not give advantages too). Number of downloads from CNET is low, number of refering users almost zero, so we have found their service useless for us. Maybe there is some effect if you use paid submission, we did not try it.

If you've noticed, CNET promote some of antiviruses, and the funny thing is that their installer does not have false detections from these antiviruses.

I repeat, to my mind, you should not focus on a false detections. They sometimes appear and sometimes disappear themselves. As per experience, I did not notice that users interests somehow decrease due to this.
It is better to focus on a making program more popular, promotion, etc.
nubcake
Posts: 5
Joined: Fri May 11, 2012 8:04 pm

Re: DOWNLOAD.CNET.COM virus scan positive!

Post by nubcake »

Customers that have "minor" computer knowledge and no idea what a packer is,complain and are not happy that scanning online my game.exe for virus,results come positive with following "infections" http://virusscan.jotti.org/de/scanresul ... 7af8bc285d

PUA.Packed.EnigmaProtector

and

Win32.SuspectCrc


the worst part is,that real Win32.SuspectCrc is serious trojan horse that is no joke and can literally destroy your OS,but my client have nothing like it and this "detected virus" appeared when i have selected "File Analyzer Deception" feature in Enigma,because i thought this would remove that annoying PUA.Packed.EnigmaProtector scan result....
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: DOWNLOAD.CNET.COM virus scan positive!

Post by Enigma »

Unfortunately, false detection sometimes happen. Nothing we can do, and this is not our fault.

As I always say, new taggant solution will appear very soon, and I hope we forget about this problem.
nubcake wrote:Win32.SuspectCrc
In this case, problem can be solved very easy, just submit the protected sample to Ikarus developers. They respond quickly enough, so if you submit the file today, tomorrow it will be clean.
For Ikarus submission look at:
http://www.softwareprotection.info/2011 ... -to-solve/
Emsisoft uses Ikarus database, so solving problem with Ikarus will solve problem with Emsisoft too.
Post Reply