Crypt.ZPACK.Gen

Everything else that doesn't fall into one of the other categories.
Rick
Posts: 2
Joined: Wed Mar 12, 2014 6:59 am

Crypt.ZPACK.Gen

Post by Rick »

I downloaded SpiderBasic_Windows_1.00 and ran the installer. My antivirus program blocked C:\SpiderBasic\Compilers\spcompiler.exe from being installed stating that it contained TR/Crypt.ZPACK.Gen. Has anyone else received something similar?
c4s
Posts: 9
Joined: Tue Feb 25, 2014 9:29 am
Location: Germany

Re: Crypt.ZPACK.Gen

Post by c4s »

Well, unfortunately it's pretty common to get a generic, false-positive alert for development tools such as PureBasic or SpiderBasic. Just ignore it and if possible contact your antivirus vendor about it. Anyway, it's definitely not a bug.
User avatar
Arbrakaan
Posts: 91
Joined: Mon Feb 24, 2014 10:54 pm
Location: Geneva
Contact:

Re: Crypt.ZPACK.Gen

Post by Arbrakaan »

Anti-virus plague
Posted by Fred – February 13, 2013

Ironic isn’t it ? Nowaday, anti-virus are becoming more and more intrusives, and ‘thanks’ to heuristic approaches, the false positives raise a lot, while eradication or real virus are less and less common. When was your last real virus detection ? Mine was may be 5-6 years ago. Since then, i got many alerts, but all were just dumbs. Microsoft has made giant progress to counter virus spreading and execution with modern iterations of Windows (see ASLR, DEP, user mode, etc.).

My concern about anti-viruses is the famous heuristic approach which often flag legit PureBasic programs as contamined. I don’t know exactly how works an anti-virus, but I bet it builds a database with some code patterns found in real virus, and if this code pattern is found in an executable it will raise an alert. And here is really the problem: if PureBasic is used to make a trojan or a virus, then chances are high than the code pattern will be actually a purelibrary command, meaning than every other PureBasic program using this command will be flaged as well. It’s really a poor detection mechanism and I can’t understand why anti-virus maker don’t try to find other methods to detect threats. Since several years now, PureBasic programs (and even the official IDE) are regulary flagged as virus with no reasons, and such threads often popup on officials forums. I can imagine the face of a potential customer wanting install the demo version of PureBasic when a big alert saying ‘Warning Trojan.bigvirus.1337′ popup.

So what to do ? Actually a very few things can be done:
- always send false positives to the your anti-virus maker. The more they get, bigger are the chances they will improve their detection routines.
- change your anti-virus. well, some are better than other. If it doesn’t work with PureBasic, you can consider it as a bad one :)

I hope it will change, somewhen. Ha, dreams…
URL : http://www.purebasic.fr/blog/?p=410
Rick
Posts: 2
Joined: Wed Mar 12, 2014 6:59 am

Re: Crypt.ZPACK.Gen

Post by Rick »

Great! Thanks for the feedback.
Post Reply