IWBasic - a bug or anti-virus problem

Andy · February 05, 2015, 01:42:59 AM

Hi,

I have issues with anti-virus programs flagging false positives.

I decided to try a comparison between Ebasic and IWBasic, this is what I did:

1. Created a simple program

OPENCONSOLE
PRINT "My name is Andy."
DO:UNTIL INKEY$ <> ""
CLOSECONSOLE
END

2. Typed this in Ebasic and compiled it as (for no reason) curtains.exe
3. Did the same thing in IWBasic. (both .exe's are in different folders).
4. Scanned each in turn via the Virus Total website to check for virus.

The .exe created by Ebasic only flagged 1 false positive, but the .exe
created in IWBasic got 8!

Can anyone tell my why this should be and is there anything we can do about it.

I wrote some software for someone, and I keep having to "defend" myself that
the software I wrote is clean and safe from virus / malware.

Maybe someone with both Eb and IWB could compile the above program and scan
them at the Virus Total website?

Before anyone asks, my PC is 100 percent clean.

O/S Win 7, 32 bit.

Maybe the way IWB generates .exe's is a "problem" to some anti-virus programs?

Help please...

Thanks,
Andy.

GWS · February 05, 2015, 04:22:26 AM

Hi,

Scanned as Creative, EBasic and IWBasic v2.095 exe's using Norton Antivirus - no problems found.

Regards,

Graham

Andy · February 05, 2015, 05:13:54 AM

Thanks Graham,

The virus total website scans with over 50 anti-virus programs,
it's here that I get many false positives.

Attached are the links to the scan reports.

Thanks,
Andy.

LarryMc · February 05, 2015, 07:43:50 AM

The IWB version got 8 false positives and 46 okays.

And included in the ones that said it had no virus were AVG, AVAST, McAfee, Microsoft, and Symantec.

That should tell you where the error lies. Those 8 need to update their algorthyms

Andy · February 05, 2015, 09:35:09 AM

Hi Larry,

Yes I agree, but why does the same program only give 1 false positive when written in EBasic?

Thanks,
Andy.

LarryMc · February 05, 2015, 11:43:30 AM

Different compilers and linkers.

Andy · February 06, 2015, 06:58:45 AM

Now I'm getting a false positive with Avast when I compile the
program as a console .exe file.

The PC was put through a boot time scan (i.e. scan before windows starts), all was fine.

I even took out the hard disk and scanned it with another machine, still fine.

Scanned with:
Avast
Malwarebytes
Superantispyware

There is something still not right, there must be something that EBasic is generating .exe files that the anti virus programs
are ok with, but not with IWBasic.

Anyone tried writing the above program in IWBasic and scanning it with the Virus Total website?

Seems it doesn't like the line

DO:UNTIL INKEY$ <> ""

Anyone any ideas?

Thanks,
Andy.

LarryMc · February 06, 2015, 12:49:12 PM

Change

Code Select

DO:UNTIL INKEY$ <> ""
to

Code Select

WAITCON
and see if it likes it any better...

LarryMc · February 06, 2015, 04:01:31 PM

I have sent "False Positive" reports to all 8 of those 56 virus software companies.
We'll see if, and how fast, they get it fixed.

Andy · February 07, 2015, 01:04:29 AM

SOLUTION FOUND!

This with perhaps 1 or 2 minor anti virus complaining is the solution:

1. Create a Project for your program.
2. Add $Main to the program and insert it into the project.
3. Add some Version Info in the resource.

This works for all the programs I have tried, which previously were being wrongly flagged.

Attached is a simple resource file for anyone who wants to try it.

Don't forget to rename the resource file to the same name of the .exe you want.

e.g.
Myprog.iwb - so rename the resource to Myprog.rc

You can amend the details in the resource by using notepad.

Not often all of my brain cells work together, but this is one of them!

LarryMc · February 07, 2015, 06:39:41 AM

Nice work-around.
I would have never thought of trying that.

Andy · February 07, 2015, 06:55:53 AM

Thanks Larry,

I couldn't understand why one of the projects that created a .exe file was ok, but some other programs
(single file compilations) were not.

So I compiled one as a project - still the same problem.
I looked at the difference between them and the only thing was no version / copyright info etc.
added them in, recompiled and "Bingo", problem solved.

I'm suprised the AV programs don't just tell you this rather than flagging .exe's as a virus.

I'm also suprised that after searching the Internet no one else has come across this solution, although I do know many developers in what ever language are having the same problem.

I suggest this:
If you are writting software just for yourself / friends then as long as your AV program doesn't mind then fine.

If you are writting for a client, make your programs with a project rather than a single file and include in the resource some description / version number / copyright info to help keep the false positives down.

Am I the first to find this answer??? I wonder.

Thanks,
Andy.

LarryMc · February 07, 2015, 07:09:00 AM

What you have to remember is that the 8 virus programs were all flagging your program for having the same basic type of virus.
You found a work-around for that false positive. There are 1,000s of viruses that those programs test for and new ones added almost every day. There is nothing that says your work around for this particular virus for these 8 vendors will work for every program that could ever be written with IWB with all 56 of those virus vendors. That's why I call it a "work-around" for your current problem and not a "solution" to the problem. The proper "solution" to the false positives is for those 8 vendors to fix their programs.

Andy · February 07, 2015, 07:25:14 AM

Hi Larry,

Well I did my work-around on 10 different programs, all doing different things, and being flagged with 10 different viruses.

It's taken all day to do this, scan and re-scan, but it does work.

Yes I agree, the AV companies should get their act together, it could be a marketing strategy you know, think about it:

You buy some AV program, it then flags up several things on your machine - "wow I'm glad I got it - must tell everyone".

or that just me being a cynic?

Anyway it works, but you shouldn't have to do it.

Thanks,
Andy.

LarryMc · February 07, 2015, 07:46:04 AM

The cynic in me says that that the guys that write the virus protection software by day write the virus programs by night.

Andy · February 10, 2015, 01:25:36 AM

Final note:

to Larry's last comment!

The only ones now flaggings are:
ByteHero and Comodo.

Both I have never heard of before, and don't know anyone who uses them.

They both use heuristic algorithms built into their programs (not a database) to "detect" virus / malware.

Both ByteHero and Comodo were impossible to notify about their false positives, Comodo has a submissions page for false positives, but their site does not work, and both of them haven't replied to my emails.

Don't think we need to lose any sleep over these.....but it is irratating that you can't correct them.

Andy.

IonicWind Software

News:

IWBasic - a bug or anti-virus problem

Andy

February 05, 2015, 01:42:59 AM

GWS

February 05, 2015, 04:22:26 AM #1

Andy

February 05, 2015, 05:13:54 AM #2

LarryMc

February 05, 2015, 07:43:50 AM #3

Andy

February 05, 2015, 09:35:09 AM #4

LarryMc

February 05, 2015, 11:43:30 AM #5

Andy

February 06, 2015, 06:58:45 AM #6

LarryMc

February 06, 2015, 12:49:12 PM #7

LarryMc

February 06, 2015, 04:01:31 PM #8

Andy

February 07, 2015, 01:04:29 AM #9

LarryMc

February 07, 2015, 06:39:41 AM #10

Andy

February 07, 2015, 06:55:53 AM #11

LarryMc

February 07, 2015, 07:09:00 AM #12

Andy

February 07, 2015, 07:25:14 AM #13

LarryMc

February 07, 2015, 07:46:04 AM #14

Andy

February 10, 2015, 01:25:36 AM #15