[DECtalk] the grossgang folder on google drive

[Aksel Leo Christoffersen]

Hi Don,

Thank you for the information. My point about the files being on the site for a long time was, that there's then a good chance that they've been tested before hand, or by other people, who has downloaded the files. If they discovered a virus or malware, they would have plenty of time to report back, so the file could be removed.

Kind regards:
Aksel


-----Oprindelig meddelelse-----
Fra: Dectalk [mailto:dectalk-bounces at bluegrasspals.com] På vegne af Don
Sendt: 11. november 2021 01:06
Til: dectalk at bluegrasspals.com
Emne: Re: [DECtalk] the grossgang folder on google drive

On 11/10/2021 2:39 PM, Aksel Leo Christoffersen wrote:
> As fare as I know, it is quite common for virus detectors to detect programs
> as viruses, even though they aren’t. This is especially true for homemade
> installers, which isn’t signed. Atleast that’s how I understand it.

A V products work in several different ways.

Behavioral analysis attempts to catch files that cause certain behaviors
in your PC when they are "opened"/accessed.  This can be used to detect
malware in files that might otherwise not be considered vectors for
malware (e.g., PDFs) but that "tickle" bugs in other programs and
result in compromise.

[ANY file can act as a vector for malware, not just "programs"]

Passively scanning files just tries to identify known "signatures"
(sequences of bytes) inside files that are associated with instances
of malware detected (by the A V manufacturer) previously.  Often
these represent code snippets but could represent any combination
of bytes that appear consistently in infected files (but not in
uninfected files).

So, if you are unlucky enough to have a file that contains that
particular sequence of bytes, any A V product that keys off of it
will flag yours as malware.

Another A V product may let it pass because it is watching for some
OTHER signature.  Or, may simply not be aware of that particular
type of "infection".

Note that infection is misleading as malware can be deliberate, not
just "inherited"/inflicted.

Finally, you have to consider how current the file is wrt the
A V product's release.  A product that you encounter today may
have just been infected, today, by some malware that the A V product
hasn't yet learned how to detect.  So, a "negative" result actually
indicates a flaw in the detector.

I pull the drive from this computer every 6 months.  I reinstall a blank
drive and reload the image that I used to build the machine "way back when".
After 6 months sitting on a shelf, I run "current" A V products on the
shelved drive (mounting it in an external carrier) to see if anything
that I had on my machine 6 months ago is NOW detected as malware.
This gives the A V manufacturers time to catch up to the latest
malware.

Of course, there's no guarantee that they WILL catch up to all malware
so a clean bill of health doesn't ensure that drive is truly "safe".
But, it helps to increase my confidence in my web surfing habits, etc.

> I have a friend here in Denmark who makes some applications, and his
> applications, and their installers, allways gets snatched by virusdetecters,
> even though they haven’t got the slightest trace of virus in them. As I
> understand it, this is due to the programming language he uses.
>
> So, to sum up, I think you can quite safely assume that there’re are no
> viruses in the files. Otherwise it wouldn’t make sens, that they had been up
> at Jake’s site for so long.

That's specious reasoning.  Just because a file has been around doesn't
mean that it is "clean"; malware is constantly being detected that has been
in place for very long periods of time (read the headlines).

_______________________________________________
Dectalk mailing list
Dectalk at bluegrasspals.com
https://bluegrasspals.com/mailman/listinfo/dectalk