kkrunchy "virus"
category: general [glöplog]
We made our last 64k demo (and probably the next) with kkrunchy. (GREETS to farbrausch!)
Unfortunately, a program which is designed to irreversibly compress 200k programs down to 64k has become rather popular with virus writers.
"ephemera" and its 64k demoscene siblings are a "virus".
How about a scene.org "officially signed" SSL key?
Even malwarebytes, which is a bloody useful shitware removal program tried to remove my own bloody demo :-)
Unfortunately, a program which is designed to irreversibly compress 200k programs down to 64k has become rather popular with virus writers.
"ephemera" and its 64k demoscene siblings are a "virus".
How about a scene.org "officially signed" SSL key?
Even malwarebytes, which is a bloody useful shitware removal program tried to remove my own bloody demo :-)
and what exactly would warezkiddies stop from taking the exact same tool with the SSL key to sign their keygens/cracks/viruses?
4k and 64k intros will "always" be marked as virus/suspicious because it's simply easier for the anti-virus companies to do so than to actually investigate the files. At Scene.org we get many a "DUDE! You're hosting VIRUSES!!1111" e-mails every month. The only way to affect this is to report them as false positives to the respective software manufacturer (of the anti-malware) and hope they wake up.
i wouldn't mix keygen/cracks with virus guys. But yea virus scanners have a real issue nowadays...without a unpack routine they tag everything as virus lately. NOD and Sophos are the worst in my eyes.
Just because a tool is used by virus authors doesn't mean its a virus.
And a signature will change nothing as it will leak sooner than themida or vmp.
just get used to it that most virus scanners simply tag anything as virus they can't unpack. Use virustotal.com to see if its a false positive or not.
Just because a tool is used by virus authors doesn't mean its a virus.
And a signature will change nothing as it will leak sooner than themida or vmp.
just get used to it that most virus scanners simply tag anything as virus they can't unpack. Use virustotal.com to see if its a false positive or not.
the demoscene is kinda 'virus'. now spread it again. It's nearly rotted out. -.-
Quote:
hope they wake up
The scene is too small for that to happen.
maybe it would help if there were easy uncompress tools/algos made availabe or even send to the anti-virus companies, so they dont have to sandbox and run the exe to check its content...
but then again i think they may just not care.
but then again i think they may just not care.
they might, as soon as they are convinced that a 4k/64k demo is a non-replacable software used by their clients for their everyday work routines.
well...
well...
"The execution of this application is not approved.
Please only use approved applications to ensure the proper function of your computer, such as Microsoft Word, Microsoft Excel, Microsoft Minesweeper or applications developed by our certified partners.
Thank you for your co-operation"
Please only use approved applications to ensure the proper function of your computer, such as Microsoft Word, Microsoft Excel, Microsoft Minesweeper or applications developed by our certified partners.
Thank you for your co-operation"
"This file is too damn cool for your computer"
a) don't use antivirus software. It tends to cripple computers anyway.
Or,
b) write a utility that does something semi-useful. Then sell it for €10 online, but make sure there's a trial version for download which is packed with kkrunchy. Wait a while, then send strongly-worded emails to Norton, Kaskersky, Trend Micro and so on, explaining how you just discovered that they are falsely accusing you of distributing malware, that you have lost a lot of revenue as a result, and demand that they cease and desist because you're losing revenue. They may whitelist just your application, but if so then change enough of it in the next version that it gets flagged again because of kkrunchy. Rinse and repeat. Eventually, accuse them of "playing games" with you, and start demanding compensation for their "smear tactics". Works better if your utility is anti-virus related, as then you can claim that they're trying to suppress fair competition with slander. Maybe eventually they'll stop checking for the kkrunchy signature.
Or,
c) Deal with it.
Or,
b) write a utility that does something semi-useful. Then sell it for €10 online, but make sure there's a trial version for download which is packed with kkrunchy. Wait a while, then send strongly-worded emails to Norton, Kaskersky, Trend Micro and so on, explaining how you just discovered that they are falsely accusing you of distributing malware, that you have lost a lot of revenue as a result, and demand that they cease and desist because you're losing revenue. They may whitelist just your application, but if so then change enough of it in the next version that it gets flagged again because of kkrunchy. Rinse and repeat. Eventually, accuse them of "playing games" with you, and start demanding compensation for their "smear tactics". Works better if your utility is anti-virus related, as then you can claim that they're trying to suppress fair competition with slander. Maybe eventually they'll stop checking for the kkrunchy signature.
Or,
c) Deal with it.
A side-note: M$ security essentials & e*et never yell at me whenever I launch a kkrunched 4k/64k. The second one works hard on it for about 15 secs before letting it run though. I suppose you should give those a try if you are tired of your current antivirus' behavior.
I can recommend Avast as its free and not slowing my pc down. i hardly have any false positives with that.
doom: you dont even have to use kkrunchy, we've had enough problems with simply using NSIS. wrote mails, got whitelisted, changed binary, rinse, repeat.
On that note, has anyone tried a digital signature on a kkrunchied exe before? Does it even work and what does it do to the filesize?
I second Microsoft Security Essentials. I use that on my Windows 7-machine, and I don't really have any execution issues with demoscene intros at all. I don't have any issues with viruses either.
3rded, MSE on Win7 has proven to be quite helpful and not jumping ontop of every 4k or 64k i try to run.
I reckon the anti-virus companies have it right. Think about it: you run one of these kkrunchy-packed demos on your system. What happens? You watch more of them, and the number of these things on your system multiplies. Worse, you go around recommending that other people try them, infecting their systems too. Classic viral behaviour!
haha, as if.
wat?
psonice: except for a few notable exceptions (that animated mountain wallpaper comes to mind), they are not very efficient at spreading.
Heuristic scan (and of course signature scan) of AVs doesn't work on compressed/packed executable, so most of script kiddies used demoscene packer to make their malwares "undetectable"...
Linux.
*Sorry - I'll crawl back under my bridge now*
& yes I know linux is vulnerable, just not to windows executables!
*Sorry - I'll crawl back under my bridge now*
& yes I know linux is vulnerable, just not to windows executables!
say HI to antivirus. I've got once a virus alert on VGA screen dump(chars+attrs)
