The many testimonies at the link to the Nirsoft blog surely indicate a widespread problem with false positive reports, in general. I think it's a good link to read, and the AV companies should be doing a better job here, no question.
In specific though, how are we as users supposed to know that emailer.exe (in this case) is not infected/corrupted/tampered-with? What does this file do? (I don't know) What is it's correct size and checksum? (I don't know) What about it causes it to be flagged as dangerous? (etc.) The fact of malicious attacks against AmiBroker.com has been mentioned before on this list. How is a user supposed to know that an attack has not taken place, and resulted in a corrupted distro? I know at least one other TA platform vendor that provides MD5 checksums for their distro files. When the distro matches the checksum, this makes me feel much more secure that it has not been tampered with. Could even that assurance be rendered false by a sufficiently determined criminal? Probably, but if both the file and the checksum were tampered with, it should at least be possible to compare with completely offline records maintained by the developer to determine that this had taken place. Could a file be corrupted and made to have the same size and checksum? I'll leave that question to those more expert than I. Even if so though, it's surely a much higher bar to clear. As a thought experiment - assume that a criminal organization has targeted and corrupted an AB distro to make it into malware (of some sort). Assume further that that corrupted file is on the AB server(s) and being downloaded by customers. How are we supposed to know it? What should make us suspicious? If suspicion is raised, how is corruption to be confirmed or refuted? These are questions I personally do not have a good answer for. I only know that AV programs are an important line of defense. They make me aware of things (rightly or wrongly) that I do not have the particular psychic ability to be otherwise aware of. Being simply told to ignore them, with no further explanation or evidence, is not very reassuring. --- In amibroker@yahoogroups.com, Tomasz Janeczko <gro...@...> wrote: > > Hello, > > That is FALSE positive. You should report it to anti-virus vendor that > they have bug in their program. > > You should probably read this: > http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/ > > > > Best regards, > Tomasz Janeczko > amibroker.com > > On 2010-03-20 21:53, gsmservplus wrote: > > emailer.exe file in AB directory.Kaspersky found backdoor.win32.RAdmin.bp > > trojan, criticality High > > ?????????????????????????????????????????????? > > > > is it fake or it`s realy something wrong? > > > > > > > > ------------------------------------ > > > > **** IMPORTANT PLEASE READ **** > > This group is for the discussion between users only. > > This is *NOT* technical support channel. > > > > TO GET TECHNICAL SUPPORT send an e-mail directly to > > SUPPORT {at} amibroker.com > > > > TO SUBMIT SUGGESTIONS please use FEEDBACK CENTER at > > http://www.amibroker.com/feedback/ > > (submissions sent via other channels won't be considered) > > > > For NEW RELEASE ANNOUNCEMENTS and other news always check DEVLOG: > > http://www.amibroker.com/devlog/ > > > > Yahoo! Groups Links > > > > > > > > > > >
