Jump to content
xarc

From Symantec

Recommended Posts

Guest Orlando

why ?

 

mozillafirefox201011091.th.png

 

Some download from our section of malware "detections" or "false positive" can contain viruses, so the automatic protection of norton could block this site, this possibility isn't to exclude.

 

Thanks, I'll report this FP to Norton. Also F-secure in the past blocked this forum, but now this is fixed.

Orlando

Share this post


Link to post
Share on other sites

I guess in their opinion have right ... and why ?

just because files are posted here on forum (to the public) and not here

for the future don't let people to upload potentially virus files and for the moment erase all that could be malware files

my opinion

Share this post


Link to post
Share on other sites
Guest Orlando

I guess in their opinion have right ... and why ?

just because files are posted here on forum (to the public) and not here

for the future don't let people to upload potentially virus files and for the moment erase all that could be malware files

my opinion

 

If you post a malware here in the forum you can have a detailed explanation, some site offer malware free but the important is the use not the download. If you send the file by the previous site, you can't receive the explanation and you don't say if it's a malware or not. In the forum is more quickly. I think we change nothing in the future. The user who download the malware is the caouse if happen something not us.

 

Orlando

Share this post


Link to post
Share on other sites

If you post a malware here in the forum you can have a detailed explanation, some site offer malware free but the important is the use not the download. If you send the file by the previous site, you can't receive the explanation and you don't say if it's a malware or not. In the forum is more quickly. I think we change nothing in the future. The user who download the malware is the caouse if happen something not us.

 

Orlando

 

"some sites offer malware free" are this forum that kind of site ?

"The user who download the malware is the caouse if happen something not us" the user must be protected ... not all users forum are specialists.

 

I know you have good intentions Orlando ...

Share this post


Link to post
Share on other sites
Guest Orlando

"some sites offer malware free" are this forum that kind of site ?

"The user who download the malware is the caouse if happen something not us" the user must be protected ... not all users forum are specialists.

 

In this case I mean that if an attacker wants to take malware easly, certainly he doesn't come here. This forum does not distribute malware free, but only provides a detailed analysis to provide the utmost professionalism and precision.

 

"The user who download the malware is the caouse if happen something not us" the user must be protected ... not all users forum are specialists.

 

If a user downloads a malware to enable it he must accept 2 or 3 steps, this malware aren't exploits so only you can activate them (the links where you can download malware we can stop and delete). However, I realize that there must be protection for less experienced users (I don't recommended for those inexperienced to download malware).

 

I will speak with the team to resolve this, maybe we can add a new rule on the handling of malicious files.

 

Orlando

Share this post


Link to post
Share on other sites
Guest Orlando

For add a new thing, I have reported this to Norton. I'm waiting their complete and detailed report on the nature of false positive.

 

Orlando

Share this post


Link to post
Share on other sites

why ?

 

mozillafirefox201011091.th.png

 

 

It was a mistake, they have since fixed it. FP's amongst AV vendors are regrettably pretty common. They fixed it as soon as I told them about it.

 

 

Best,

al

Share this post


Link to post
Share on other sites

i found this in the download section.

because yestardy i decides to reinstall immunet.

 

take a look at child cafety. lol. Strange.

 

http://img204.imageshack.us/img204/9307/lolazi.jpg

 

 

Oh Boy, well that's the problem with user provided reputation systems. They are easily gamed and all too often they cause as many problems as they solve. Same goes for user submitted URL blacklists. I do not have a better solution in hand but people need to treat these things with a reasonable amount of skepticism.

 

al

Share this post


Link to post
Share on other sites

but you can set special groups and only this groups are able to download, like at mbam forum.

 

maybe you're right .... but if they provide links from theirs computers or from anywhere else ?

 

For add a new thing, I have reported this to Norton. I'm wating their complete and detailed report on the nature of false positive.

 

Orlando

 

 

It was a mistake, they have since fixed it. FP's amongst AV vendors are regrettably pretty common. They fixed it as soon as I told them about it.

 

 

Best,

al

 

it must be started few days ago ... because from time to time I check the forum ...

I will tell you if they will drop this attention from forum.

 

LE: forgot to put a link from them LINK

it seems is not directly addressed to forum this problem ... I apologies if I misleading you ... it was not intentionally.

 

 

Oh Boy, well that's the problem with user provided reputation systems. They are easily gamed and all too often they cause as many problems as they solve. Same goes for user submitted URL blacklists. I do not have a better solution in hand but people need to treat these things with a reasonable amount of skepticism.

 

al

 

agree ... anyone can set the reputation without knowing what it does that site. (even the competition :))

Share this post


Link to post
Share on other sites

agree ... anyone can set the reputation without knowing what it does that site. (even the competition :))

 

It's because Immunet uses ask.com, lot of users don't trust them, especially in some countries. Many web sites have the same reputation only because of their sponsors, worst if they have a FP on it.

Share this post


Link to post
Share on other sites
Guest Orlando

Now all of this is fixed, a Norton Italian interlocutor told me that was a false positive on the model of the heuristic automatic of safe web. The important thing is that it is now resolved.

 

Orlando

Share this post


Link to post
Share on other sites

It's because Immunet uses ask.com, lot of users don't trust them, especially in some countries. Many web sites have the same reputation only because of their sponsors, worst if they have a FP on it.

 

The FP had nothing to do with ASK. The detection was actually a string match. They were looking for a particular string in our bootstrapper binary. The main product (with optional toolbar) was marked as Trusted by them. We actually got around the detection (while waiting for Symantec to fix it) by changing the string and re-posting our binary.

 

al

Share this post


Link to post
Share on other sites

On this case, no it's not because of ask. I just said that if you have an FP on a sponsor people will set worst score on wot like you can see with windows live plus for example.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...