Jump to content

From Symantec

xarc

By xarc,
in Immunet General Forum

Recommended Posts

Guest Orlando

Guest Orlando

Posted
Posted

why ?

 

mozillafirefox201011091.th.png

 

Some download from our section of malware "detections" or "false positive" can contain viruses, so the automatic protection of norton could block this site, this possibility isn't to exclude.

 

Thanks, I'll report this FP to Norton. Also F-secure in the past blocked this forum, but now this is fixed.

Orlando

Link to comment
Share on other sites
xarc Newbie

xarc

Posted
  • Author
Posted

I guess in their opinion have right ... and why ?

just because files are posted here on forum (to the public) and not here

for the future don't let people to upload potentially virus files and for the moment erase all that could be malware files

my opinion

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

I guess in their opinion have right ... and why ?

just because files are posted here on forum (to the public) and not here

for the future don't let people to upload potentially virus files and for the moment erase all that could be malware files

my opinion

 

If you post a malware here in the forum you can have a detailed explanation, some site offer malware free but the important is the use not the download. If you send the file by the previous site, you can't receive the explanation and you don't say if it's a malware or not. In the forum is more quickly. I think we change nothing in the future. The user who download the malware is the caouse if happen something not us.

 

Orlando

Link to comment
Share on other sites
xarc Newbie

xarc

Posted
  • Author
Posted

If you post a malware here in the forum you can have a detailed explanation, some site offer malware free but the important is the use not the download. If you send the file by the previous site, you can't receive the explanation and you don't say if it's a malware or not. In the forum is more quickly. I think we change nothing in the future. The user who download the malware is the caouse if happen something not us.

 

Orlando

 

"some sites offer malware free" are this forum that kind of site ?

"The user who download the malware is the caouse if happen something not us" the user must be protected ... not all users forum are specialists.

 

I know you have good intentions Orlando ...

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

"some sites offer malware free" are this forum that kind of site ?

"The user who download the malware is the caouse if happen something not us" the user must be protected ... not all users forum are specialists.

 

In this case I mean that if an attacker wants to take malware easly, certainly he doesn't come here. This forum does not distribute malware free, but only provides a detailed analysis to provide the utmost professionalism and precision.

 

"The user who download the malware is the caouse if happen something not us" the user must be protected ... not all users forum are specialists.

 

If a user downloads a malware to enable it he must accept 2 or 3 steps, this malware aren't exploits so only you can activate them (the links where you can download malware we can stop and delete). However, I realize that there must be protection for less experienced users (I don't recommended for those inexperienced to download malware).

 

I will speak with the team to resolve this, maybe we can add a new rule on the handling of malicious files.

 

Orlando

Link to comment
Share on other sites
alfred Newbie

alfred

Posted
Posted

i found this in the download section.

because yestardy i decides to reinstall immunet.

 

take a look at child cafety. lol. Strange.

 

http://img204.imageshack.us/img204/9307/lolazi.jpg

 

 

Oh Boy, well that's the problem with user provided reputation systems. They are easily gamed and all too often they cause as many problems as they solve. Same goes for user submitted URL blacklists. I do not have a better solution in hand but people need to treat these things with a reasonable amount of skepticism.

 

al

Link to comment
Share on other sites
xarc Newbie

xarc

Posted
  • Author
Posted

but you can set special groups and only this groups are able to download, like at mbam forum.

 

maybe you're right .... but if they provide links from theirs computers or from anywhere else ?

 

For add a new thing, I have reported this to Norton. I'm wating their complete and detailed report on the nature of false positive.

 

Orlando

 

 

It was a mistake, they have since fixed it. FP's amongst AV vendors are regrettably pretty common. They fixed it as soon as I told them about it.

 

 

Best,

al

 

it must be started few days ago ... because from time to time I check the forum ...

I will tell you if they will drop this attention from forum.

 

LE: forgot to put a link from them LINK

it seems is not directly addressed to forum this problem ... I apologies if I misleading you ... it was not intentionally.

 

 

Oh Boy, well that's the problem with user provided reputation systems. They are easily gamed and all too often they cause as many problems as they solve. Same goes for user submitted URL blacklists. I do not have a better solution in hand but people need to treat these things with a reasonable amount of skepticism.

 

al

 

agree ... anyone can set the reputation without knowing what it does that site. (even the competition :))

Link to comment
Share on other sites
Shaoran Newbie

Shaoran

Posted
Posted

agree ... anyone can set the reputation without knowing what it does that site. (even the competition :))

 

It's because Immunet uses ask.com, lot of users don't trust them, especially in some countries. Many web sites have the same reputation only because of their sponsors, worst if they have a FP on it.

Link to comment
Share on other sites
Guest Orlando

Guest Orlando

Posted
Posted

Now all of this is fixed, a Norton Italian interlocutor told me that was a false positive on the model of the heuristic automatic of safe web. The important thing is that it is now resolved.

 

Orlando

Link to comment
Share on other sites
alfred Newbie

alfred

Posted
Posted

It's because Immunet uses ask.com, lot of users don't trust them, especially in some countries. Many web sites have the same reputation only because of their sponsors, worst if they have a FP on it.

 

The FP had nothing to do with ASK. The detection was actually a string match. They were looking for a particular string in our bootstrapper binary. The main product (with optional toolbar) was marked as Trusted by them. We actually got around the detection (while waiting for Symantec to fix it) by changing the string and re-posting our binary.

 

al

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...