Login / Register  0 items | $0.00 NewWhat is KVR? Submit News Advertise
aquilyzer
KVRer
 
21 posts since 30 Mar, 2005

Postby aquilyzer; Sun Oct 08, 2017 12:43 am Virustotal found something in ZIP and Setupfiles, False Positivies?

Was thinking about to test the player version, but this prevents me:
https://www.virustotal.com/#/file/7182a ... /detection

All versions have something, not sure if this are false positives.
lqb
KVRist
 
63 posts since 9 Feb, 2004

Postby lqb; Sun Oct 08, 2017 7:19 am Re: Virustotal found something in ZIP and Setupfiles, False Positivies?

Hey there,

rest assured that these are false positives, but believe me, this topic never gets old.

A scanner that returns "packed" simply recognized the file as compressed and cannot uncompress it. Unless this is true for multiple scanners it does not mean anything. On the other hand, a scanner that returns a "heuristic" result as a positive means it has absolutely not a shred of a clue what is going on, which is about as useful as a middle-age witch burning.

All releases and builds of Resonic and Resonic Pro are always double-checked before release and digitally triple-signed (!) as proof of origin:
  • the executable and DLL files contain a high-security digital code signing certificate
  • the setup version (MSI) is also signed with the same certificate to keep things consistent
  • the main executables and some DLLs also contain Software Taggant certificates which are an industry standard specifically made for virus scanners (that prefer to exist in the present) in order to add another layer of security to identifying the origin and assessing the safety of the file
When you check your downloads and files, or run the setup, the signer should always read "Liqube Audio". You can right-click files and select the "Digital Signatures" tab to verify the origin. See the attached screenshot.

To sum this up:

Unless the digital signatures on the files are broken (in which case someone has meddled with the file), or multiple high-quality AV scanners report the same (or very similar) thing, you can safely disregard these results.
We put all our time into this project, and our goal is to create something awesome. We certainly don't want to compromise the relationship with our users and customers.
Resonic is, was, and will always be free of malicious content or intentions, including malware and comparable things. We also have and always will respond to random company's offers to integrate our software with their ad-ware wrappers for monetization with a heartfelt "f*ck off."

Low-end AV scanners (e.g., TrendMicro) should really have no right to exist these days. They report false positives despite whenever something looks remotely packed, which Resonic is, as part of the licensing system that protects our work, or when their random number generator decides that it's another great day to scare users.

It's worth mentioning that we also had our share of battles with the likes of Symantec, who for example have an infrastructure so questionable it is almost impossible to get rid of false positives, unless you're lucky and your report hits the right worker at the right time.

I hope this answers your concerns sufficiently. Any other question you may have, please always feel free to get back to me.

Cheers, Tom
You do not have the required permissions to view the files attached to this post.
liqube · resonic · pro + player
aquilyzer
KVRer
 
21 posts since 30 Mar, 2005

Postby aquilyzer; Sun Oct 08, 2017 10:08 am Re: Virustotal found something in ZIP and Setupfiles, False Positivies?

Ok, good to know. I always recheck downloaded files via multi scanners like virustotal. Maybe you should report them as false positive as often as you can, so you will atleast try to reduce the results. I'm sure, i'm not the only one, who firstly don't want to install / try it, when this report pops up. Anyway, thank you for your reply.
lqb
KVRist
 
63 posts since 9 Feb, 2004

Postby lqb; Sun Oct 08, 2017 11:19 am Re: Virustotal found something in ZIP and Setupfiles, False Positivies?

aquilyzer wrote:Ok, good to know. I always recheck downloaded files via multi scanners like virustotal. Maybe you should report them as false positive as often as you can, so you will atleast try to reduce the results. I'm sure, i'm not the only one, who firstly don't want to install / try it, when this report pops up. Anyway, thank you for your reply.

While it is undoubtedly important to make sure no false positives are being reported it is virtually impossible to do. To be honest, we have given up on TrendMicro and some others. For every single new file we released we had to file separate reports on several sites.

The major AV producers seem to have finally accepted the Taggant certificate recently, which took them ages (many years now) considering that they have agreed upon this system in the first place. But you know, nothing is permanent when it comes to that.

All I can suggest to users is to stay away from questionable brands and stick to reliable AV scanners that do not slow down the system too much (and they do.) This is likely something Pro audio users don't want in the first place.

Resonic is a highly optimized application for a very specific purpose of handling large amounts of files smoothly. Simply because of that I would recommend serious users to make sure they add a folder scan exclusion/exception for the Resonic install location in their AV scanner (whichever one it may be) anyways, which makes sure the scanner does not interfere with Resonic's optimizations constantly, ensuring the best possible performance.
A few words on this here: https://resonic.at/faq#slowstartup

Cheers, Tom
liqube · resonic · pro + player

Moderator: lqb

Return to Liqube