Antiviruses hall of shame

Sethioz · **Posted:** 29 Aug 2008 16:13

what on earth is that Banload ? i tried wikipedia, but this is all it shows :
-banload
and from there you can go to some topic about orkut, where you can read tht it has something to do with a worm, but uTorrent IS NOT a worm ffs. ive been using it for over 2 years and no problems.

-i really hate that, when ppl just install something, DOES NOT even check any options/settings .. and then say.. OMFG !!! it is piece of junk, it doesnt work ! and trash it, without even checking if there's anything they can change and make it work just the way they want.

-i had problem with torrent programs too. my pc started to restart and gave me some blue error screen. instead of trashing the torrent program i did research on it and found the CAUSE of all that. here's the topic on my forum about those problems and solutions.
-Click here-

evan1715 · **Posted:** 29 Aug 2008 23:08

utorrent is homo because it basically is only a web application, thats why it's such a small program... it needs like 50% of ur internet just to have it open not downloading ^_^

bitorrent seems to work better for me.

i dont know how to "configure max connections"... im not very good with the whole networking subject

i assume "banload" is bandwidth load or something

seth, either way bitorrent will use less internet than utorrent...

Sethioz · **Posted:** 31 Aug 2008 01:33

i havent scanned any other torrent programs yet, but im sure that F-secure will mark them as banload too. or whtever. I will test all torrent programs i find with zonealarm and f-secure and see what will happen. ill put results up here as soon as im done with it.

out-of-topic lil bit, but i have tested most of them. azureus, bittorrent, bitcomet ..etc and so far uTorrent is FASTEST and takes less resources. when i have uTorrent open it absulutely does not effect my internet. not even a bit, msn does. taking 10kb upload even if its appear offline, but not uTorrent. i tested my download and upload speed with uTorrent running and closed. no change at all..so whtever it is, it has to be your settings. i also tested torrent programs and checked which one can download torrent fastest..and ofc winner was uTorrent.

SomaFM · **Joined:** 16 Aug 2007 06:25 **Posts:** 367

evan1715 wrote:

utorrent is homo because it basically is only a web application, thats why it's such a small program

Wrong, it's an executable like any other program. It has a webui though where the program can be controlled via another computer. It's so small because they wrote their own custom libraries, and they compact the executable using upx.

evan1715 wrote:

seth, either way bitorrent will use less internet than utorrent...

If you configure it properly, it won't use up all of your connection -- period. If you are noticing a slowdown, then you may also be running into TCP Event 4226 where Windows itself is limiting your connections (not uTorrent). There are fixes for this online for this.

evan1715 wrote:

bitorrent seems to work better for me.

Bittorent recently aquired uTorrent, if I'm not mistaken. So you're using similar code:
On December 7, 2006, ??Torrent developer Ludvig Strigeus and BitTorrent, Inc. CEO Bram Cohen announced that BitTorrent, Inc. had acquired ??Torrent. BitTorrent, Inc. has employed the code as the basis of version 6.0 of the BitTorrent client which makes it a re-branded version of ??Torrent.

aluigi · **Posted:** 31 Aug 2008 02:43

evan, as also Soma stated, I can confirm that uTorrent and BitTorrent are the same thing... not similar, they have just the exact core which is that of uTorrent 8-)

Sethioz · **Posted:** 13 Oct 2008 17:08

Zonealarm anti-virus detects:
recvtest.exe as Exploit.Win32.Aluigi.hl
and
sendtest.exe as Exploit.Win32.Aluigi.fi

Risk level - HIGH

aluigi · **Posted:** 13 Oct 2008 17:40

ah ah ah this is hilarious 8-)
for who doesn't know it, sendtest and recvtest are 2 micro tools to know how much time is needed to send a certain amount of data from a PC to another... I hope for Zonealarm that this is only a false positive otherwise means that who has added the signature (which can be Zonealarm or one of the AV companies from which they have bougth the signatures) is really an idiot even unable to do the job for which he is paid 8-)

Sethioz · **Posted:** 14 Oct 2008 13:55

sometimes such things just PISS ME THE FUCK OFF ! I mean RETARDED ppl, who just do something randomly and then ignore everything that is told to them. They just CANT see that it is not even close to a spyware, malware, trojan, exploit..etc
it's seriously stupid. I will try to contact them on my own and see if i can even get a reply out of them, but i think that getting a reply chance ..is like 0.1%.

I just want to know what kind of an idiot does such mistakes. I have suggestion for all anti-virus companys..how about they add ALL unofficial (open source...etc) tools into their black list !? It seems that anti-virus companys not even trying to stop viruses, but they simply trying to make ppl pay for official software by blacklisting GOOD tools, like Luigi's tools, so DUMB ppl think "OMG OMG VIRUS !!!!!" and delete it. so their only option is to BUY some shitty software instead of using one of the GOOD open source tools.
smells like a Evil scam to me..

Sethioz · **Posted:** 15 Oct 2008 00:47

ok here's what i found out so far:
First i contacted ZoneAlarm about it. I made a post on their forum. surprisingly they wasn't so hostile as i tought they will be.
They said that ZoneAlarm security suite uses KASPERSKY AV database.

so i contacted kaspersky labs about it and specifically asked about recvtest.exe and sendtest.exe. I also mentioned WPE pro and some other tools/programs. also it was a surprise what they answered about it:

Quote:

Hello, recvtest.c, sendtest.c, winerr.h No malicious code were found in these files. recvtest.exe_, sendtest.exe_ - Exploit.Win32.Aluigi.fi We are sorry, it is false alarm. It will be fixed as soon as possible. Thank you for your help. Please quote all when answering.

I guess that there's still hope :) at least they deal with such problems and doesn't ignore it. From ZoneAlarm forums i also got answer that lot of other anti-viruses detect them as malware too. I don't know why, but i decided that i will take a deeper look in it and start contacting anti-virus developers and point out those false positives. I will also point out those ignorants here. im sure that some other companys don't even bother to answer.

I will download all your tools Luigi and then see what else is being detected by ZoneAlarm (i think all will be, because it seems that your name is signature LOL).

aluigi · **Posted:** 15 Oct 2008 19:42

thanx a lot Sethioz, this is really interesting. well done.

It's good the fact that it was a false positive (one of the 2 possible hypotesis to which I thought) but it's very strange that a signature has taken in also some "normal" and simple tools like recvtest and sendtest.

Instead I have still received no reply from kaspersky for that thing of the "adv" I reported to them some months ago.

Sethioz · **Posted:** 16 Oct 2008 16:24

it seems that this is where it ends, because i got no reply when i reported some other tools. old good ignorance...hate that. I replyd to same message i got from KASPERSKY and added details to other tools. WPE pro and some of your tools Luigi, but so far no reply.

evan1715 · **Posted:** 16 Oct 2008 22:11

Sethioz wrote:

Risk level - HIGH

LOL

Sethioz · **Posted:** 17 Oct 2008 15:40

and yes i was right about it. still no reply ! i guess it was just one normal person, who got the mail, who actually cares what's going on in their company. in such companys all mails go into some mailing list and then lot of ppl have access to it...probably if i would send it again and again then maybe somebody would actually answer and look it again lol, but fuck that, if they so dumb.

aluigi · **Posted:** 30 Dec 2008 19:14

this is something too funny which I casually noticed yesterday when (casually) visited that stupid siteadvisor website of McAfee:

http://user.siteadvisor.com/forums/member.php?u=3398
http://user.siteadvisor.com/forums/sear ... ser&u=3398

ah ah ah seems that this bot (hard/boring for a human to do a similar huge job) is classifying as spamming any domain/website listed on the siteadvisor website and McAfee doesn't seem to have noticed it yet :)

oh, and watch also this link about another case of ineptitude from McAfee: http://www.autopatcher.com/2008/11/fake ... e-advisor/

Sethioz · **Posted:** 31 Dec 2008 08:46

lmfao ! this is just ridiculous.
as i have said before and will keep saying, it's a conspiracy. They trying to reduce hacking, piracy, cracking..etc like that.
If they throw all tools like this into bad list, then ppl think its virus and never use it.
and congrats to them, it actually works. There's LOT of ppl who ask help from me about computer stuff and then i send them some tool (also your tools Luigi) and they scan it with some piece of junk AV (or some other anti- shit) and say "OMFG its virus/trojan !!!" and never believe that its clean LMAO.
Those crappy anti-virus (anti-malware or whatever) programs also detect things, that are meant to harm OTHER computers not your own, as malware/virus/trojan..blabla.
As far as im concerned, ANTI- should protect MY computer, not other computers !!!

Also same goes for microsoft. specially about vista. vista won't allow to run half of the good tools. For example 3 of my friends had problems with TrueCrypt on vista. they said it totally screwed up by started to use all resources and lagged everything out.
so what will person do if he/she needs encryption program and TrueCrypt doesn't work ?
2 options:
1. use some alternative and EXPENSIVE piece of junk
2. use windows vista's encryption shit, which is not as safe as TrueCrypt is and i don't wonder if they even add "backdoor" into vista's encryption system so governments can decrypt data easily (just a tought about this backdoor, cuz soon they may actually do it)

Sethioz · **Posted:** 07 May 2009 23:48

ZoneAlarm (kaspersky):
tcpfp detected as Exploit.Win32.Kreedcrash.b

aluigi · **Posted:** 08 May 2009 11:08

kreedcrash??? some years ago I found some vulnerabilities in a game called Kreed but tcpfp had nothing to do with the testing (proof-of-concept) of those bugs.
so the "exploit" tag could be valid (tcpfp is a fake players proof-of-concept and the proof-of-concepts are seen as exploit by the antivirus companies, so following their "philosophy" it's ok), my only doubt was about the kreedcrash subcategory

Sethioz · **Posted:** 06 Jun 2009 08:15

Quote:

From: newvirus@kaspersky.com
Sent: Tuesday, October 14, 2008 11:02:42 PM
To: sethioz@msn.com

Hello,

recvtest.c, sendtest.c, winerr.h

No malicious code were found in these files.

recvtest.exe_, sendtest.exe_ - Exploit.Win32.Aluigi.fi

We are sorry, it is false alarm. It will be fixed as soon as possible. Thank you for your help.

Please quote all when answering.

Well guess what ? Today I downloaded sendtest and recvtest again and no surprise there...
Detected as "Exploit.Win32.Aluigi.fi"
Look at the date when i recieved this e-mail (oct.14.08). So obviously they ignored it just as i tought...shame and lame.

aluigi · **Posted:** 06 Jun 2009 20:33

oh poor recv/sendtest... they were some basic and oooold send() and recv() tools which display how much time elapsed during the sending/receiving of random data between 2 computers (one with sendtest and the other with recvtest running).
that's another proof of how these idiots don't know what they do or just use invalid and generic signatures.

Sethioz · **Posted:** 09 Jun 2009 05:32

yes indeed, but look it from the retard's point of view. if you somehow loop it you can overload your own connetion. They should add hammer, teeth, food..and such things into the list too, because if you bite your mouse's wire it will brake so your teeth are dangerous to your computer. and when you hammer your computer it will most likely get heavy damage.

lamest thing yet is that they said they will fix it, but as i expected, they didn't.

Sethioz · **Posted:** 27 Jun 2009 18:19

"TeamRetox" found this:

http://safeweb.norton.com/report/show?url=aluigi.org

this is just rediculous lmao ! trojan horse...nice. what will come next "omg Luigi has nuclear bomb hidden in his servers" ?

aluigi · **Posted:** 27 Jun 2009 18:27

the people at symantec are just complete idiots, that's also why this so called "antivirus" is considered one of the worst heavy bloatware existent able to transform a new PC in a 5 years-old PC.

interesting to notice that symantech owns SecurityFocus (for who doesn't know it, it's mailing-list called Bugtraq is used by people, included myself, in all the world to report security vulnerabilities) so it's really ridiculous that they don't have a proper classification for proof-of-concepts (the others use the "exploit" category)... because a "trojan horse" and a proof-of-concept are exactly the opposite thing.

Sethioz · **Posted:** 27 Jun 2009 18:31

actually "trojan horse" is a program that needs to be sent to your victim to gain access to the victim's computer, so i don't even see how those idiots can mark anything on your site as trojan. it is not even close to trojan.

Francis · **Joined:** 26 Apr 2008 21:50 **Posts:** 27

AntiVirus companies made a reputation in mind of who's starting to use a computer. Its a billion market, its most likely that no one need these useless bloatwared antivirus if they know how to use a computer. Its funny how "expert" advise to use "Antivirus Softwares".

SomaFM · **Joined:** 16 Aug 2007 06:25 **Posts:** 367

Common Sense 2009 is all you need!

aluigi · **Posted:** 28 Jun 2009 22:53

and also paranoia which is ever a good thing (obviously if it's not so exagerated to distort the reality ih ih ih)

Francis · **Joined:** 26 Apr 2008 21:50 **Posts:** 27

The best one about the paranoia is the annoying popup balloon

Sethioz · **Posted:** 29 Jun 2009 12:14

Soma... ZoneAlarm security suite is all you need, you should try it before saying no.
it uses kaspersky database for AV, but it has lots of other things in it. AV is not important at all, there is always unknown viruses, what zonealarm has and nothing else has, is the "program control"
even when virus gets in, it won't be able to do anything, because program control will pop up and ask/alert you if you want to allow this program to chagne this, connect, or do that..etc.
this is something i won't change, program control is a must have thing. it can also block all the annoying and retarded auto updates on software that won't allow you to disable it, OR what ive found out with program control, is that even when you DISABLE the autoupdate on some programs, it still tries to connect and check (program control shows it). ..sneaky bastards.

those retarded pop ups really are ... retarded and useless. windows is simply full of useless shit. thats why i used nlite on my windows and took out autoupdate and security center and lot more.

those "experts" are not even close to a expert, they only tell you basic shit so an idiot would feel safe. ..and they get payed for that..uhh.
its like .. sticking a candy into baby's mouth so baby would shut up, its not even important if its good candy or not. thats what those 'experts' do, they just hit you with a first thing they come up with and say its super hyper good, so they get their money and client feels safe and is like .. OMG Luigi has so many trojans, OMFG ! ..and instead of using Luigi's tools, those idiots go and buy some expensive crap haha.

aluigi · **Posted:** 29 Jun 2009 20:39

the popup baloon is not paranoia.
with paranoia I mean using minimalistic clients (like the browser without javascript, referrer, images and so on) and operating system (no active services/processes and nothing at execution) plus using only the virtual machine for the "external stuff", continuous monitoring of processes and resources and tons of other things.
that's the positive paranoia :)

SomaFM · **Joined:** 16 Aug 2007 06:25 **Posts:** 367

Sethioz wrote:

Soma... ZoneAlarm security suite is all you need

I have a PC running pfSense, and I am comfortable with just having that. Never been a huge fan of software firewalls. Used them many years ago but found myself always allowing whatever prompted me for access because it became too annoying. And when you reach that point, the software becomes useless, so I don't use them :P

For unknown programs and files that need testing I just use a virtual machine, or a computer next to me if need be.

Luigi Auriemma

Antiviruses hall of shame