rejetto forum

Virus Alert about HFS

chthonic · 16 · 45339

0 Members and 1 Guest are viewing this topic.

Offline chthonic

  • Tireless poster
  • ****
    • Posts: 121
  • I own the copyright to this image... "Back Off!"
    • View Profile
things to be concerned about...

is there a reason why hfs270 needs direct access to the keyboard?
is there a reason why hfs270 needs direct access to the windows sockets?

that sort of behavior will be reported as a keylogger or trojan.


this behavior didnt show up in previous versions... at least not for me, but it did this time.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2061
    • View Profile
@chthonic

How you want to drive a car without using either a steering wheel, or a road to move. Hfs without keyboard and without sockets, would be only one limp empties :D  
« Last Edit: September 21, 2010, 07:50:42 AM by Mars »


Offline chthonic

  • Tireless poster
  • ****
    • Posts: 121
  • I own the copyright to this image... "Back Off!"
    • View Profile
WHOA!!! HI TSG  ;D


@Mars

I know the reasons why HFS "should" have that sort of access.. but the common user more than likely won't know why.

Comodo Internet Security actually scans for that kind of activity, but it doesn't explain the reason WHY ... it just gives an alert, says the activity isn't considered safe in general and then tells you that's it's OK to approve the program if it's something you use daily.

This can be confusing to an average user and they think it really is a virus or keylogger etc. There should be a simple disclaimer pointing out what type of firewall/system access HFS needs in order to function correctly.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2061
    • View Profile
WHOA!!! HI TSG  ;D


@Mars

I know the reasons why HFS "should" have that sort of access.. but the common user more than likely won't know why.

Comodo Internet Security actually scans for that kind of activity, but it doesn't explain the reason WHY ... it just gives an alert, says the activity isn't considered safe in general and then tells you that's it's OK to approve the program if it's something you use daily.

This can be confusing to an average user and they think it really is a virus or keylogger etc. There should be a simple disclaimer pointing out what type of firewall/system access HFS needs in order to function correctly.

The question about the viral alerts is approximately put once a month, there is no subject to get into a panic, in more the forum is there, it is enough to consult it to find the answer, still it is necessary to have the desire to do the research. ;)


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile
It's Comodo Internet Security that should be asked to write more clearly their alerts.
We must be able to trust a security software ... if it is unnecessarily alarmist or unclear, it's a problem.

This is not at HFS to show a reassuring message ... if someone compile HFS with a virus or a trojan, it will also produce the same comforting message.
This does not obviate the need for a robust security program.

Report this problem to Comodo Internet Security.

« Last Edit: September 21, 2010, 05:52:40 PM by SilentPliz »


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
Good security programs should alert:
"User touching input devices keyboard and mouse in front of the screen detected. Danger that some clicks opens the door to viruses and other malware, may even erase important data on disks!
Please remove user for security reasons."  ;D ;D ;D
your computer has no brain - use your own !


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile
Please remove user for security reasons ..."  ;D ;D ;D

... take three showers in bleach water, call the fire brigade ... and especially ... don't panic! ;D
« Last Edit: September 21, 2010, 07:24:45 PM by SilentPliz »


Offline chthonic

  • Tireless poster
  • ****
    • Posts: 121
  • I own the copyright to this image... "Back Off!"
    • View Profile
Good security programs should alert:
"User touching input devices keyboard and mouse in front of the screen detected. Danger that some clicks opens the door to viruses and other malware, may even erase important data on disks!
Please remove user for security reasons."  ;D ;D ;D

HAHAHAHAHAHAHA!

I am not panicking, but I am concerned about rejetto's previous posting about some fools who reported HFS as a trojan etc..

This happened to another clean program that I use regularly but despite the good record al it took was one bad report to have the download blocked.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13521
    • View Profile
i don't think you got such "warnings" because something changed in HFS, but something changed with your security software.
If you use a security software that's designed to ask you for access to any kind of resource, then you are likely to be doomed to answer correctly to its questions. :)

About automatically defying such messages, I will look into that signing thing you suggested privately as soon as i get the time. I have still no idea on how much sweat and money it takes.
Other than this, i guess we can just report false positives.


Offline chthonic

  • Tireless poster
  • ****
    • Posts: 121
  • I own the copyright to this image... "Back Off!"
    • View Profile
I do that regularly. Comodo is really good about recognizing version differences (attention: this file has changed... etc) and always asks you to re-validate if you do an update.

there are two signing programs that can be useful: XCA which is free and Simple Authority which has a limited free version and a full access version for  about $50 the last I checked... the full version will let you do a trusted CA signing etc.

Adobe Acrobat pro also allows you to create a signature file for document signing and MS has a feature that lets you create those as well.

I liked Simple Authority because it offered the most features and it was very easy to use.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2061
    • View Profile
Quote
I am not panicking, but I am concerned about rejetto's previous posting about some fools who reported HFS as a trojan etc..

it's good to report such a thing, but we are only concerned that the development of hfs, which gives no warning for most virus scanners. Most alerts are reported to us are generally a bad configuration too strict of Firewall user (as in the case of a bad self-test of hfs). While some suppliers are not able to distinguish between http server and Troyan, this is not our problem. the only thing to do in an alert is to tell your antivirus vendor that he do a mistake.

 ;)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13521
    • View Profile
if many people think you are a murderer, while you are not, and stay away from you, it's their FAULT but not just their PROBLEM, in my opinion. ;)


Offline chthonic

  • Tireless poster
  • ****
    • Posts: 121
  • I own the copyright to this image... "Back Off!"
    • View Profile
umm why do I keep getting notified of the last message on this thread? I have gotten 4 of them so far?


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2061
    • View Profile
you have to go to your profile >> Notifications and Email >> Current Topic Notifications

It corresponds to all the topics for which you receive announcements by e-mail, it is enough to delete those who annoy you.




Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13521
    • View Profile
there was some editing and deleting of posts on this topic, that may be the cause.