On Wednesday 10 June 2009 17:34:38 Zero3 wrote: > Matthew Toseland skrev: > > On Tuesday 09 June 2009 15:51:08 Zero3 wrote: > >> Matthew Toseland skrev: > >>> What can we do to avoid trouble with antiviruses? Would it help to > >>> install a service under LocalSystem rather than creating a new user? > >> (We are talking Windows here, btw.) > >> > >> Not sure. We *are* messing around with the user's system quite a bit. It > >> is indeed not normal practice to create a new, password-expire-less, > >> hidden user with access to logon as a service in the background. And > >> then running a custom internet-enabled service under it. I can > >> understand why some antivirus products gets suspicious about that (not > >> justifying the silent messing around with our installation though). > >> > >> According to the AHK forums, this has happened before (and several > >> people mailed antivirus companies in order to have the false detections > >> removed, which they apparently were). > > > > Well, should we try some things such as installing as NetworkService or > > whatever? (Only on OS's where it exists i.e. not win2k). And will we be > > able to test it? And how much of it are you interested in doing? > >> - Zero3 > > Me and nextgens were discussing it quite a bit here on the mailing list > a while ago. To be honest, I don't remember what the arguments against > it were in the end (they kind of drowned in other discussions). > > If everyone is fine with whatever consequences it will have (as far as I > DO remember, the main one being that if fproxy was somehow compromised, > an attack would have much more access to the system compared to running > under a custom user), I can add it to my to-do list and do some testing.
IMHO if it improves behaviour for a common anti-virus it would be acceptable. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090610/2fa16d34/attachment.pgp>
