Re: A.V company - How they differentiate between true Trojan and networked application etc ?
- From: "Laksa" <doreamonsaynospam-pls1924575106571@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Oct 2006 02:21:36 +0800
Well, good to know that you are one of the veteran coder, I know what you
mean, but as I said earlier, we are just a very small team of
developer/company,
I'm not specialize in secure network type of business, nor I'm inside U.S,
Instead I'm ust a (very) small group of developer (at a develping country),
even only afford to to do part-time on some product, if the process
prolonged, it does not justify,
nor I afford the cost with the small budget and time we have. What if there
(AV company) does not listen at all from us ? (small-player).
Why not the AV company contact us for verification as the product have valid
contact information ? instead of classify the program as trojan in first
hand and need us to write to them ? Is this fair ?
API Calls are not the reason for the detection, it's based on more, you
just don't know what specifically.
For this.... I doubt most of the resposible AV company is, but not all of
them, cause my current program, even just in beta, few beta tester know, and
not make publicly download, just include the winsock API reference (even not
call), the AV threat it as Trojan, when I have removed the winsock reference
and recompile, the 'trojan' warning disappeared...
(full disclose, my NAV AV not threat it as trojan, but another popular free
AV threat it as trojan, and unfortunately, my customer, who is still
evaluating the product, used the later AV....)
I do not have long experience as you, I only have about 12 year in I.T,
wrote some device driver and little hardware design as well occasionally.
however, when I first go out of school, the AV business is just begin to
grown, networked application (and trojan) is not popular (at least for
ms-dos)
Well, as you say, complaining here is just complaining, it not help to solve
the problem in practical (at least in near future)... many thank for your
feedback... really.
just hope to have a better solution in future....
Rgds
wp
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:kIuXg.13165$pq4.8477@xxxxxxxxxxxxxxxxxxxxxxxxx
In article <u$7QClh7GHA.3604@xxxxxxxxxxxxxxxxxxxx>, doreamonsaynospam-
pls1924575106571@xxxxxxxxxxxxxxxxxxx says...
I affrair this is not possible cause:
1. It is clear that there scan for the 'pattern' for API-call.
2. My program is a commercial product, not open-source.
You can make all the excuses you want, but you still need to contact the
AV vendor and work with them to get your product off their list.
API Calls are not the reason for the detection, it's based on more, you
just don't know what specifically.
They can create a signature for your application to exclude it, but you
have to contact them.
--
spam999free@xxxxxxxxxx
remove 999 in order to email me
.
- References:
- Prev by Date: Re: A.V company - How they differentiate between true Trojan and networked application etc ?
- Next by Date: Re: ***NEED HELP PLEASE***
- Previous by thread: Re: A.V company - How they differentiate between true Trojan and networked application etc ?
- Next by thread: Re: A.V company - How they differentiate between true Trojan and networked application etc ?
- Index(es):
Relevant Pages
|
