You are here

f-secure + portaputty = Backdoor.Win32.Bifrose >_<

8 posts / 0 new
Last post
deezel
Offline
Last seen: 16 years 2 months ago
Joined: 2008-09-08 03:32
f-secure + portaputty = Backdoor.Win32.Bifrose >_<

Here we go with another virus warning. I wouldn't really touch anything that comes from f-secure, but the company uses it and now due to this I can't work. Wonderful.

plink gets this one:
Malicious code found in file .\portaPutty\plink.exe.

Infection: Backdoor.Win32.Bifrose.aauu

and putty gets this one:
Malicious code found in file .\portaPutty\putty.exe.

Infection: Backdoor.Win32.Bifrose.aauv

I am using the version from here: http://code.google.com/p/portaputty/downloads/list

Anyone else with this problem or is it just our virus definitions that has gone bonkers?

Edit:
Am using the version from here in the meantime, had a "fun" converting all the entries to registry format instead of how they are on *nix. At least it doesn't holler about any backdoors.

[Moved to Other Apps Support since this isn't a question regarding our PuTTY Portable.]

John T. Haller
John T. Haller's picture
Online
Last seen: 2 min 52 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Unsupported

portaputty isn't developed or supported by PortableApps.com so I've moved your post from PuTTY Portable to 'Other Apps Support'.

Sometimes, the impossible can become possible, if you're awesome!

linuxamp
Offline
Last seen: 11 years 3 weeks ago
Joined: 2006-08-31 00:01
Please add a comment on google code page

deezel,

I have already submitted this issue to the developer on Google Code's issue page.
http://code.google.com/p/portaputty/issues/detail?id=2

And just recently another user has also submitted the same bug as a separate issue.
http://code.google.com/p/portaputty/issues/detail?id=4

Would you please add your comments to one of existing issues.

Lastly, here's the developer's blog where you can comment as well.
http://potatosaladx.blogspot.com/2007/05/portaputty-060-svn7489.html

m-p-3
m-p-3's picture
Offline
Last seen: 7 months 1 week ago
Joined: 2006-06-17 21:25
I think the issue is probably

I think the issue is probably not with the PortaPuTTY software itself, but a false-positive triggered in the anti-virus detection database. Contact the anti-virus vendor, they should be able to sort it out.

linuxamp
Offline
Last seen: 11 years 3 weeks ago
Joined: 2006-08-31 00:01
Whose problem is it?

Let me first start by saying that I appreciate the work the PortaPutty developer has done to hack Putty to work without the registry.

I disagree with your statement that it's the anti-virus vendors responsibility. The argument of who should be responsible for fixing a false positive (assuming it is a false positive) can be argued forever but here's my argument for having the PortaPutty developer fix this instead of the anti-virus vendors.

1) The program is detected as either a virus or "suspicious" by more than 7 anti-virus applications. You may not have known this but even if we ignore this there are more reasons below.
http://www.portablefreeware.com/forums/viewtopic.php?p=14033&highlight=#...

2) The original, non-portable, putty does NOT trigger any warnings by the same virus scanners so it's definitely something in the portable hack that the virus scanners don't like. Again, you may not have known this but the last reason alone is strong enough to prove my point.

3) Anti-virus companies will probably NOT take action to fix a false positive in every Tom, Dick or Harry's app especially if it may lead to false negatives on real threats. I'm sure they have some criteria to decide if a program is popular enough to divert the resources needed to investigate and fix the problem. A portable hack of a mainstream app that does not cause warnings will not meet this criteria.

This being said, it appears that the developer does not respond to any communication channels so contacting the anti-virus vendors may be the last resort.

Zach Thibeau
Zach Thibeau's picture
Offline
Last seen: 2 years 1 month ago
Developer
Joined: 2006-05-26 12:08
while you make valid

while you make valid statements users here that have encountered false positives in launchers have told the antivirus companies themselves, not only are they helping themselves but also helping the developers from 1 less item to stress over

your friendly neighbourhood moderator Zach Thibeau

Bruce Pascoe
Offline
Last seen: 12 years 11 months ago
Joined: 2006-01-15 16:14
...

Most false positives actually come from AV software heuristics, not a matching virus definition. The problem is that the heuristics often detect things as "suspicious" that are actually harmless--like a command-line registry tool bundled in an NSIS installer, for instance. Because the tool's only purpose is to work with the registry, the heuristics consider it malicious.

Asking developers to work around the heuristics is out of the question.

EDIT: Also, Zach, your signature is cut off. Blum

linuxamp
Offline
Last seen: 11 years 3 weeks ago
Joined: 2006-08-31 00:01
AV vendors are better than I expected

To those of you who opposed me, you were not wrong.

I submitted the file in question to my AV provider (Avira) and they have confirmed that it is indeed a false positive and they will resolve the problem in a future update.

I still think my points 1 and 2 are valid but I was very wrong about the response I expected from the anti-virus companies. To their credit, the process was simple and without opposition.

To deezel: I recommend submitting the files to your AV vendor for checking as the other posters suggested. Portaputty may be doing something strange but it's certainly not malicious. If they don't make an effort to fix it, switch to Avira.

Log in or register to post comments