I've seen it happen reasonably often: I write an application in Delphi and when I compile it, the virus-scanner tells me that I've created a virus and then immediately deletes the executable again. It's annoying but reasonable easy to fix by doing a full rebuild, deleting the *.dcu files first and sometimes by simply waiting.
It happens with Delphi 6, 7, 2005 and 2007, as far as I know. And Symantec, Kaspersky, McAfee and NOD32 have all been guilty of reporting these false positives. I know it's because Delphi adds timestamps to its DCU files and these timestamps end up in the final executable and apparently appear to be part of some random virus signature.
I don't want to disable the virus-scanner, not even for a single folder or file. And I'm not really for a solution, but am wondering about the following:
Do these false positives also occur with other compilers?
Does it also happen with .NET executables?
Do others also notice similar problems with Delphi?
Do these false positives also occur
with other compilers?
Yes, this is has been a common problem in the past for AutoIt as addressed in this forum post "Are my AutoIt EXEs really infected?". In most cases including AutoIt it stems from poor heuristic practices. Since AutoIt uses the free and open UPX compressor, it is often mistaken for malicious code that also uses UPX.
The best (and possibly only) thing you can do is report these mistakes, so they can refine their heuristics or at least white list your app.
Below is a list of contact information for some popular anti-virus companies. They all claim to appreciate submissions as it helps them make their product better.
AntiVir - Contact
A2 (A-Squared) - Contact (email address)
Avast! - Contact
AVG - Contact
BitDefender - Contact
BullGuard - Contact
CA Anti-Virus - Contact
ClamAV - Contact
ClamWin - Contact
Comodo - Contact
ESET's Nod32 - Contact
eSafe - Contact (login required)
Fortinet - Contact
F-PROT - Contact
F-Secure - Contact
G-Data - Contact
Kaspersky - Contact
McAfee - Contact (email address)
Norman - Contact (email address)
Panda Anti-Virus - Contact
Sophos - Contact
Symantec (Norton) - Contact
Vipre - Contact
Windows Live OneCare - Contact
ZoneLabs - Contact
Turns out there is a great list of AV software on wikipedia, called 'List of antivirus software'. It is more complete than my list above.
A member of the Autoit Forums made a great script to e-mail a false positive to a huge list of AV vendors to automate this process a bit.
Sounds more like a heuristic screw-up to me. Do you have heuristics turned on (some scanners may refer to it as "virus-like code")? The chances that time stamps would equate to "a portion of some virus signature" seems too small to be happening all the time.
When I used to run a virus scanner, I never saw this problem with D6 or D7.
There is indeed Delphi virus in the wild, see http://www.sophos.com/blogs/sophoslabs/?p=6117
Yes, my team has experienced this maybe half a dozen times in 2-3 years with Sophos in a corporate environment. So, very rarely, but it does happen.
Our IT cretin started off demanding I review all the 1.5M lines of code in our app to "make it go away", but he didn't get too far pursuing that line...
To be fair, he was initially concerned that our clients might also receive such a warning, but we've only ever seen it triggered when building an exe from the IDE on a developer's PC, never on a release build exe on a test box or elsewhere.
Personally, it happens so rarely we don't worry about it.
I've had it happen to me with deployed code. The next update to the scanner solved the problem. Some cretin wrote a virus using the same compiler and the signature was part of the runtime library, not actually in the hostile code.
This is not that uncommon when using non-standard compilers or when doing fancy low-level stuff: I remember creating false positives when I dabbled in OS-development: AntiVir didn't like some of my flat binaries.
Recently, there's been a post about such a problem at the tinyCC mailing list regading AVG.
I've never seen this, having done lots of C++ and .NET development with Visual Studio (from version 1.5 to 2010).
I've only seen this happen with assemblers. For example, MASM32 actually warns people that it might trigger virus scanners since the EXEs are so small (and/or some viruses are written in assembly). My McAfee scanner flagged some of the example programs as viruses.
This should only happen for virus scanners that have a "looks suspicious" analysis mode.
In some apps, if I use RtlVclOptimize.pas, the Avira antivirus tell that I have created a virus.
plus to what others'v said, modern anti-virus programs rise virus-alert if your programs uses some "suspicious" APIs too ( like URLdownloadFile or other API hooking related ones).
if you google "delphi RAT FUD API undetectable" you'll find many interesting topics .
Some antivirus programs even flag a batch file as a virus and can't be convinced that it isn't. Quite annoying, if that file is part of a third party library and the virus warning is triggered every time TortoiseSVN checks it out. I ended up disabling the virus scanner, deleting the file and doing a commit. (Without disabling the scanner, I could not even do that :-( )
If you have problems with false positives, there is VirusTotal online service that can help you check your file against number of antivirus engines.
It's free service and currently it can run antivirus check with almost 40 antivirus engines.
A couple of years back, everytime we updated the GNU Linker from mingw sources and started distributing it with our compiler, we got some reports that virusscanners classified ld.exe as virus. (.exes writing .exes ...)
I would not call it a "false positive", because, strictly speaking, it is not false and the antivirus software is not "guilty" of anything in any way.
I am 99% sure, that this is the heuristic analysis acting up (I bet it detects your executable as something along the lines of win32.virus.generic - note the generic, this is a sign, that this is not in its signature db, but rather was detected by the heuristics) and, with being heuristic and all, it does not give you any kind of guarantee, that whatever it finds is malicious, it just kind of makes it known to you, that the executable is suspicious from its point of view.
The easiest solution to this would be just adding an exception for your file by name (it is always the same name, correct?). If you are uncomfortable with this, you should, probably, make your antivirus software prompt you before taking action so you can make it skip your file manually.
In general, I've found coding in windows with antivirus software somewhat irritating (don't do it much nowadays, but still), especially if the said software is in "paranoid mode". Irritating as it is, though, it is unavoidable (IMO).
I remember another weird one:
A file was being flagged as suspect. The only thing is the file was an .OBJ! An .EXE that contained the code the .OBJ contained wasn't considered a problem.
It happened to me too. Hooking keyboard will trigger almost any heuristic scanning AV software to report a key logger. There are probably many other system calls which will trigger it too.
Solution - try to redesign your code or contact the AV manufacturer to include your software into exception list.
VS Platform toolset 2010 renders my simple program to be detected as virus.
Changing the toolset to VS 2013 solves it.
It just creates a HttpWebRequest and writes the result to a file.
Related
from one of the stackexchange questions Here,its proved that we can decompile the iphone application to its source,Now here comes the question how can we protect the ipa file/iphone application from cracking to its source?i have already verified this answers
here 1
method 2
but sad thing is it fails to protect the code,any updates to prevent app to source code
You can't really.
The iOS runtime on the device needs to be able to interpret the binary, so the binary has to be there, unencrypted and ready to run.
You could obfuscate it, by running it through a tool that scrambles method names, property names and so on. .NET and Java have tools that do this but I'm not aware of any for Objective-C, so I think you're on your own.
(Tools like anticrack, the one you linked to, will work for a short time until someone comes up with a way to reverse what anticrack does - but because your app eventually has to be there in a format the runtime is ready to run, all you can do is make it more difficult. It's like the age-old arms race of pirates vs protection mechanism in desktop applications).
This has been much discussed. Generally, you make more money spending time improving or promoting your app, then spending time trying to prevent it from being cracked in any way.
I'm nxj beginner.
I have some questions about bluetooth communication between PC and brick.
First, when bluetooth communication occurs, where is the birthplace processing this datas?
In other words, I want to know whether these datas will be processed on CPU or brick.
Second, what is exact roles CPU and brick in bluethooth communication?
That means what is processed on CPU and what is processed on brick.
I have searched almost web site but I can't find this anywhere.
Please help me. Thanks.
You can see it in the package structure.
lejos.nxt.*
This package contains classes running on the NXT-brick. All code in this package will be compiled for the brick and will run on the brick.
lejos.pc.*
Here the difference is not that clear. This is java-code you compile for personal computer. So most code runs on your computer. But some classes (e.g: RemoteMotorController) only send messages to the NXT-brick which gives commands to the motors.
lejos.pc.comm provides API's that allow you to communicate/control the nxt robot from the PC.
When importing the the libs to an Android project, it allows you to build an instance of the same environment used on a pc, but within android.
I agree it can be tough finding some things out. It would be great if there was as stronger lejos presence on SO
This question is months old and has remained un-answered I actually have a lot of questions about it myself, but I might be able to provide some insight for utter novices.
when using bluetooth with Android and NXJ robots, you use either lejos.pc.comm or lejos.NXJ.
Both provide APi's to do almost the same thing, but work a little differently. I don't know nearly enough about the NXJ api, but I do know that it is the one that lets you manipulate the robot much more effectively, such as outputting data to it's LCD screen, which you can't do with the pc.comm api
As far as I can tell, the pc.comm API uses both Android Bluetooth API's and it's own protocols to allow communication with Lego LCP commands.
(I want to come back to this, but I'm writing a dissert on the topic so I'll try to update it in a couple of days. Seems not many are interested though, shame)
I was halfway through developing an iOS app but have sadly lost the development files (it's a long story). I have the latest version still on my iPhone. Is there some way of recovering it or even just part of it for use in Xcode?
Thanks.
In theory you can decompile the binary, which should be backed up in your iTunes backup. It is not a simple process, and if you encrypted the binary you should maybe just give up. The result of the decompilation will be nothing like what you started with -- rather it will be a bunch of cryptic C functions that don't necessarily make sense but which will compile back to your app. You might get something usable. Assuming that you actually are able to decompile and rebuild your app, the challenge you will face is in the future -- maintaining/updating cryptic code.
So my advice is to check the possibility of local backups/checkins (as per other answers here). You might try undeleting the files from your hard drive (DON'T save any more files to your disk, just download undelete software and try it). Short of those things, you can take to heart the advice of my Comp Sci 101 professor. I quote:
Don't fret - it's always easier the second time around.
Good luck.
If you have Time machine enabled on your mac you may want to look in there. But other than that I don't think so.
I've come to a crazy idea to use Google event tracking in Delphi desktop application. I want to track users behaviour workflow to make application better. But it's in javascript.
Is it possible somehow to do it directly from application? Or do I need for example to make a webpage which communicates with Google event tracking API and application sends REST queries to that webpage?
Or maybe I can do it without javascript at all and directly from application?
You should be very careful with this, and warn your users.
Though software running locally is a different thing than software running from a web-site in a browser, the interconnectedness of software is increasing. So is the general feeling in the public on what is right and not to communicate.
For instance, a lot of software 'phones home' to check for the latest version without even asking permission to their users. I can understand that some users have a problem with that, but it indicates the general opinion on this is shifting. The vendors can track usage statistics based on that 'phone home' alone.
I'm not sure if the Google Event Tracking would be the best way to solve usage tracking from a desktop application, but the general idea (collecting usage statistics and error information) can work out very well.
Software from big vendors have been getting usage statistics from their software for years, and they ask their users up-front if sending statistics is OK, and at the time of an error, each time ask them if that is OK too.
In fact the book "Why Software Sucks ... and What Can You Do About It" and presentations from David Platt explains really well how to do this and how to communicate this to your users.
You need to do this in a very anonymous way, and you can because basically you are interested in these things:
what is the largest percentage of errors
what is the largest percentage of features used
what is the smallest percentage of features not used
As long as you communicate percentages, it is clear to explain to your users that the data will be very non-specific.
On the other hand: being able to focus on the actual errors can improve your software a lot.
The errors communicated back to you can contain much detail, so you need to either strip that detail out, or be very upfront with your users indicating which details are being sent to you when communicating individual errors.
--jeroen
I developed my own solution (I called it 'softmeter') to do exactly this. It is a dll that will do all the REST queries to Google Analytics.
There is sample Delphi code that wraps the DLL in a Delphi class so sending an event is simple as
dllSoftMeter.sendEvent('Conversion events', 'Donate clicked', 1);
If you do not mind using 3rd party libraries, you can use it.
In fact I found that most software using it, is Delphi made software.
Here is a more extended sample of the Delphi code for the implementation.
https://www.starmessagesoftware.com/blog/track-delphi-pascal-gui-application-google-analytics
You will need of course to get consent from the end-user.
It's almost a year ago that I asked this question on SO:
Menu Accelerator Keys Not Showing Up (Delphi 2009)
The Delphi programmers here at StackOverflow were superb with their answers, and within 16 hours, I was able to conclude that this was a bug in the VCL of Delphi 2009 that was not there in Delphi 4.
So at that time I reported it on Embarcadero's Quality Central, Report # 68816 with the title: "Menu Accelerator Keys Not Showing Up".
I gave it a Severity of "Serious / Highly visible problem", and I think I was detailed in the description, even giving a link back to the StackOverflow question where they could get more info and screen shots.
It was noticed by someone at Embarcadero about two and a half weeks later, and under the Resolution Comments the comment added was that it was "Promoted to internal database".
I'm not sure what the "internal database" is - probably a bug repository - but that does not tell me at all what the status of my bug report is, since it is now over 10 months later and there is no indication of any progress happening at all. The status of the question is still "open" and its resolution is still listed as "None".
I would like to elevate the urgency of this bug report somehow. How can I do this?
The bug is marked "High" in the internal database. There are two higher priority settings for bugs - Must Fix (roughly, should be fixed for next release) and WUpdate (should be fixed for next update) - so it appears that in the judgement of the QA folks for the VCL, there are higher priority bugs.
Even though I'm an employee, I'm on the development side, so I generally don't deal with customer service requests directly. Probably the best way of raising the bug's priority is having lots of people vote on it, and generally convincing the product area community beta tester leads to include it in their highest priority bug lists.
First to help you: Till this will get fixed, you can do an interceptor class. See here for details. Basically you must copy the Delphi 2009's unit in your directory and change the problematic part using the old source from Delphi 4 (if you have it) - a diff tool would help here - and/or by reading the Microsoft's documentation.
And to answer to the title of your question:
Make noise and hunt for votes in Embarcadero's forums: .non-technical & .qualitycentral are the most appropriate. But don't cross-post.
Provide a solution and include it in your report. (In the body - if is small - as attachment if is big)