INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Norton Power Eraser false positive  (Read 2405 times)

jherbert

  • World Citizen
  • ***
  • Posts: 120
Norton Power Eraser false positive
« on: June 06, 2014, 01:40:10 am »

Just wanted to let you know that norton power eraser (which is designed to remove malware and some rootkits) flags jriver files as "bad".

Please see attached image for details.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72444
  • Where did I put my teeth?
Re: Norton Power Eraser false positive
« Reply #1 on: June 06, 2014, 06:42:21 am »

Please report it to Norton.  It's their error.
Logged

jherbert

  • World Citizen
  • ***
  • Posts: 120
Re: Norton Power Eraser false positive
« Reply #2 on: June 06, 2014, 11:52:02 pm »

Jim, actually you should care, because your current and potential customers are led to believe there is something wrong with jriver.

I am perfectly fine with the false positive, while less experienced users might not be. In  addition symantec would rather listen to you than they would listen to me.

But of course the choice is yours. Just wanted to be helpful.
Logged

Frobozz

  • Citizen of the Universe
  • *****
  • Posts: 641
  • There is a small mailbox here.
Re: Norton Power Eraser false positive
« Reply #3 on: June 07, 2014, 12:29:54 am »

Jim, actually you should care, because your current and potential customers are led to believe there is something wrong with jriver.

I am perfectly fine with the false positive, while less experienced users might not be. In  addition symantec would rather listen to you than they would listen to me.

But of course the choice is yours. Just wanted to be helpful.

Symantec would rather listen to their paying customers than some small software developer.  If Symantec's paying customers complain and stop using the product they might, just might, care.  A software company like JRiver doesn't have the resources to dedicate someone to contacting every AV company after every build to make sure their latest release and past releases aren't flagged as malicious.

I just checked every exe and dll included in build 19.0.137 at VirusTotal and nothing was detected as malicious.  Yet apparently Norton Power Eraser is detecting something as malicious.  What is JRiver supposed to do?  It's not their fault that AV signature based detection is dead.  See http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/ Signature based detection is dead.  The malware you want to be detected knows how to evade signature and heuristic detection.  So what use is signature based detection as a security measure?  It's dead Jim.  Dead.  It's not JRiver's fault and not their responsibility to be chasing that tail round and round and round to satisfy a security industry based on a broken security technology.
Logged

jherbert

  • World Citizen
  • ***
  • Posts: 120
Re: Norton Power Eraser false positive
« Reply #4 on: June 07, 2014, 05:56:48 am »

@jimh, @froboz: Do not get me wrong. I am not blaming jriver for anything. I had my share with reporting something to symantec as a customer, so I am done with that. My point is pretty somple: If somebody with less it experience then myself than myself stumbles upon this, he or she might as well panic and spread the word.

So i thought I might inform jriver of the situation to give them a way to solve that with symantec (hey, we are a software company with thousands of installation, what the hell is giong on here). Symantec HAS the channels to listen to developers in these situations, as false positives are pretty common. Maybe there is something in the code that triggers power cleaner. I don't know, I do't care. Just tried to be helpful.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72444
  • Where did I put my teeth?
Re: Norton Power Eraser false positive
« Reply #5 on: June 07, 2014, 06:45:47 am »

I appreciate that you are trying to be helpful.

If anyone wants to learn about how poorly some antivirus programs can perform, they could read a little of this thread:

http://yabb.jriver.com/interact/index.php?topic=86096.0
Logged

glynor

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 19608
Re: Norton Power Eraser false positive
« Reply #6 on: June 07, 2014, 08:43:50 am »

I was going to post the Krebs article but Frobozz already did.  AV detection is a mess, but I wonder what Power Eraser is "detecting".  That's not really an AV application, it is a remover, which probably has different assumptions (you aren't running a remover unless you probably know you're already infected, so it can afford to be more aggressive).

For the record, though:
Media Center 19.exe: https://www.virustotal.com/en/file/ba6904ca49be60e944f27f1e76659df319c86ec32b292ce00a59203b97b0c6fd/analysis/
JRShellExt.dll: https://www.virustotal.com/en/file/0da999e78c563ee0ff53e0b2aae29d26627cf485171f7700f024e29d4de8d388/analysis/
Logged
"Some cultures are defined by their relationship to cheese."

Visit me on the Interweb Thingie: http://glynor.com/
Pages: [1]   Go Up