You are here

Official PA.c Releases and False Positives

1 post / 0 new
Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 7 months ago
Joined: 2006-06-18 13:55
Official PA.c Releases and False Positives

There has been a rise in the number of conversations concerning how we deal with malware [e.g. virus] reports from different vendors products.

A few points to make clear:

There has never been a true virus found in an Officially Released app from PortableApps.com , NEVER, nada, neyt.

Before apps are Officially released from this site they are digitally signed by the site owner John T Haller who has a world wide reputation in the OSS and portableapping communities. You can be sure that John has checked every app before it is signed for "cleanlinesses". And while I don't know for sure what tools he uses I'm sure he does not use just one, and in fact I would not be surprised if he uploads the files to test sites like Virus Total. If you don't trust him, or this site you can do research on our record.

So, when someone says "It's a False Positive" concerning an Official release, it probably is. "I" generally say "It is probably a False Positive" just because that is my nature and it would probably be best to put it that way to prevent needless "How do you know Arguments!!!" [note this is different from "How do you know Questions?"]

So what do you do? We do not, and should not say "Ignore it" and just leave it at that.
When I get a "Probable False Positive" [and I know it's probably a false positive because it's an Official PA.c release and I downloaded and installed it myself from the sourceforge servers] I upload the file[s] to VirusTotal and get the opinion of 41 virus checkers, 41!!!
http://www.virustotal.com/

I look at the results. Is my virus checker one of only 3 out of 41 that is showing a problem !?! That is a good sign it is a False Positive. If I am still being extra cautious I can upload a copy of the file to the vendors who are detecting a problem and tell them I think it is a false positive, I tell them where I got the file and what is for and ask them to recheck their findings. Always, it has turned out to be a False Positive and corrected by the vendor, ALWAYS!

Now what would I do if they report back, "No, our detection is correct, it IS a virus!"?!?
To tell you the truth I don't know, It's Never happened, Ever.

Your AntiMalware checker is your friend, respect it, listen to it, but don't be it's slave. False Positives happen All the time, in all products. And Don't jump on one because it's made mistakes, they all do.

So, if you AV goes off on an Official PA.c Release, don't panic. Stop, think. You know who we are, you know our rep, it Is probably a False Positive. Update the definitions of you AV product and check again. Try using another AV product [You know, that OnDemand backup scanner that all us paranoid types should have]. Upload the files to be tested. Then make a judgment. You can Always just Wait. The FP was not there yesterday, it will probably be gone the day after tomorrow.

If you are a new comer and don't know us well enough to give us a high level of trust, that's OK. Come back in a week and download a fresh copy of the app and see what happens, but don't panic, and don't feed into the trouble makers who just want to want to cause panic [ yes, we have some ].

Tim

[Note: for purposes of this topic I use Antivirus, AntiMalware, Malware, Virus interchangeably, also I am only referring to Officially Released and signed apps, not stuff that individuals have posted in the development/beta/check this out forums ]