Results 1 to 4 of 4

Thread: Antivirus/Anti-Spyware FALSE positives

  1. #1
    sethioz Guest

    Default Antivirus/Anti-Spyware FALSE positives

    I made this to inform zonealarm team and customers that ZoneAlarm is giving rediculously lot of FALSE positives. It even detects benchmark tools as exploits. so lets start from something really ridiculous.

    Tool names and info:

    *Sendtest and Recvtest 0.1 (sendrecvtest)
    these 2 toolz are useful to know how much time is consumed to send and receive a specific amount of megabytes of data between 2 computers (sendtest = client, recvtest = server)

    download link - http://aluigi.org/mytoolz/sendrecvtest.zip

    so how exactly this is harmful in any way ?

    Nearly all Luigi Auriemma's tools are detected as malware. WHY ? I haven't found a single tool from Luigi that is harmful to my computer in any way. All his tools are for testing and are NOT harmful in any way. can somebody here please explain in details (by pointing on Luigi's tool) how the tool is exactly harmful.

    Ok lets go on with something else.


    *WPE Pro (winsock packet editor)
    It's been detected as Sniffer.Win32.WpePro.a
    how can this tool be harmful for your computer ? why is Etherpeek or Commview not detected as malware ? because commview and etherpeek are also packet editors (also sniffers) and can do even more than WPE pro. so obviously it is FALSE positive, because WPE pro is not harmful to your computer in any way.

    *Cain & Abel
    Its been detected as "Hacker Tool" I've been using this tool for about 4 years and i assure that it is NOT harmful to your computer. Explaination in ZoneAlarm is as follows:
    "Cain and Abel are a pair of programs that retrieve password from your computer. They use a variety of methods to get your passwords, and if necessary decrypt them, including sniffing your network, and employing dictionary, cryptanalysis, and brute force attacks."
    Whoever wrote this has NO idea what he was talking about. Cain does not retrieve anything remotly. it is not harmful in any way to your computer. IT CAN NOT brute force your computer passwords. Cain is used to decrypt (bruteforce, cryptanalyze..etc) the HASHES not passwords. How can somebody even come up with something so dumb ?
    Would somebody please EXPLAIN in details how this tool is harmful to your computer ?!
    Sniff network ? so it means that ALL packet editors, such as commview, etherpeek, etherreal..etc are malware too ? How can you possibly monitor your network if everything is malware that does this ?


    Those are simply few examples, but there's a LOT more. Here is a discussion which explains in many ways that ZoneAlarm and many, many other anti-virus and anti-spyware programs are simply ridiculous !
    http://aluigi.freeforums.org/antivir...hame-t273.html

    Now if somebody is really too dumb that he/she actually uses one of those tools to decrypt his/her own password and then send it over internet or floods his/her own computer, then why not add a big hammer into that blacklist too (as malware), because when you hit your computer with a big hammer then it will obviously is dangerous to your computer.

    AntiVirus and Anti-spyware should eliminate only software that is really DANGEROUS to YOUR computer, not ridiculous things like those few examples. Also why .exe (executable) files are dangerous ? If i will rar or zip the .exe and then send it to another person, then this other person will STILL unpack and run it. so why does it even matter if it's been sent as .exe or .rar/.zip ?

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,677

    Default Re: Antivirus/Anti-Spyware FALSE positives

    Hi!
    I have moved it to off topic since the OP is more questioning the classification of riskware by software companies rather than having a specific issue with the ZA software.

    I think you should ask to the developers of antivirus software your questions.
    In this specific case to KASPERSKY Labs. used in ZA antivirus.
    See: www.viruslist.com from a classification of malware and related description (if available)

    As you noted also other security tools mark those utilities as riskware or exploit or no-a-virus.
    Aluigi exploit is detected my all major antivirus companies (Mcafee, symantec, Eset, Kaspersky, etc)

    Those tools are not malware per se but their improper use can make them as potentially dangerous (Cain&Abel, etc..)
    You can exclude those program in the advanced options of the ZA antivirus/antispyware tab (antivirus exclusions).

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    sethioz Guest

    Default Re: Antivirus/Anti-Spyware FALSE positives

    so anti-virus that is used in zonealarm is actually kaspersky ?
    can somebody provide me with an specific e-mail address i can use to contact kaspersky labs ? because as usual, they have no e-mail, only those really dumb help forms, which usually create more problems instead of solving them.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,677

    Default Re: Antivirus/Anti-Spyware FALSE positives

    Hi!yes, ZA uses the Kaspersky SDK engine.You can post at the Kaspersky forum: http://forum.kaspersky.comCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •