PDA

View Full Version : Scripting Runtime and AV software



Howard Kaikow
04-05-2005, 03:54 AM
In daze of yore, it was not uncommon to hear about auntie virus softare issuing false positives merely because the code included a reference to the Scripting Runtime or was using, say, a Dictionary in a normal manner.

Does this problem occur with newer AV software?

I've been messing around with a Dictionary and, thus far, NAV 2004 is not objecting. Of course, that can change anytime there is an update to the virus definitions or NAV software.

What have been folke's experience with this matter using other AV software?

Killian
04-05-2005, 07:04 AM
I've read references to this behaviour but never experienced it. I'm currently at various locales with:
McAfee VirusScan Enterprise Version 7.0.0
Norton AV (not sure version - recent)
Trust AV (not sure version - recent)
It could depend on the AV settings I suppose, but I'm thinking that this is something that got flagged a while ago and is no longer an issue.
Perhaps trying to get some confirmation from one of the virus research labs would be worthwihle?

Howard Kaikow
04-05-2005, 06:47 PM
I've read references to this behaviour but never experienced it. I'm currently at various locales with:
McAfee VirusScan Enterprise Version 7.0.0
Norton AV (not sure version - recent)
Trust AV (not sure version - recent)
It could depend on the AV settings I suppose, but I'm thinking that this is something that got flagged a while ago and is no longer an issue.
Perhaps trying to get some confirmation from one of the virus research labs would be worthwihle?

I've not seen the behavior in a loooong time, but then I have avoided use of the Scripting Runtime, except for periodic local use.

I now have a real need to use the Dictionary object for software that I will be making available at my web site. The alternative is to write my own code to do the deed, but I suspect that will execute much more slowly. Guess I should do a timing comparison.

It's not an issue of AV settings, rather it is one of faulty heuristics of virus definition signatures used by AV software.

For example, a few months ago, there was a virus definition update and NAV 2004 has since claimed that a particular .exe has a particular virus. This virus has been known about for several years, so I wonder why NAV took this long to first start reporting the file.

In this case, the .exe is from a file associated associated with a particular book, Crackerproof Your Software. Note the book is NOT worth purchasing.

So, either the recent warning is a false positive, or, and I do not rule this out due to the nature of the book, there could indeed be a virus in the file. But why did it take NAV so many years to detect the virus, as the virus was allegedly detectable by NAV a few years ago?