Post by JeremyNicoll on Dec 13, 2018 16:18:49 GMT -5
Although I've not yet started using your product, I've been looking forward to finding the time (and energy - harder with my own health issues) to do so. I'm sorry to hear of your own problems.
I just downloaded the source and was a little surprised to find my antimalware product thinks there's a problem in "Revision.exe". I uploaded that to VirusTotal and it turns out 9 antivirus/malware program think this. See:
Jeremy: I've given up totally worrying about false virus reports. Have a look at the REVISION.BAS source, a tiny program that simply gets the current date and writes out a _Version.INC file (a whole 17 lines of code) for inclusion in the compile. I have this run by Task Scheduler once a day so I don't have to worry about updating the program's version constantly.
These AV programs are sometimes not only a joke, but a waste of peoples time chasing ghosts. If it bothers you, simply delete Revision.Bas and revision.EXE and you'll then have to edit and update _Version.INC manually.
All I can say is that what's in the distribution is clean. I've never had a virus infection, but I've certainly had VirusTotal wave flags at me over the years, all of them false.
I want to thank you for this product and all the work you put into it. When I retired from IBM I couldn't find an editor that came close to SPF. SPFlite provided all the functionality I was so used to. Between this and ooRexx, I have maintained my sanity. Good luck in your retirement and prayers for Robert.
I wanted to update you on the problems I had with Windows 10 and assigning SPLite to open txt files. I worked with Microsoft support and they got absolutely nowhere. I ended up restoring my pc to it's original Windows 7 build and am reluctant to upgrade it again to windows 10. I do have a windows 10 laptop that allowed me to assign .txt to open with SPFlite, but any text files using my own assigned extensions will not allow me permanently change them to open with SPFlite. I think Bill Gates should worry less about saving the world and return to save his company.
Hello George, hello Robert, i want to thank you for this excellent editor. I'm an old (62 years) IBM system programmer and use it since many years for my work. For the future all the best to you both !
Jeremy, most AV products will flag SPFLite, not because they think there is anything "wrong" with it, but because its usage is comparatively so low that it doesn't have enough public history to conclude it's safe, so if they can't do that, they issue a warning as a default standard policy, just to be on the safe side. I get a warning all the time from Windows Defender. All I do is click on the "more info" button and then "install anyway".
I have installed literally hundreds of SPFLite versions over the years and have never seen it bring along a single virus. I know AV warnings can make people nervous, but you can safely ignore this one.
Post by JeremyNicoll on Dec 14, 2018 11:30:06 GMT -5
Robert, really that's not the case here. The problem, for a start, wasn't in SPFLite itself, or its installer, but instead in one small compiled BASIC program supplied with SPFLite's source. Moreover, if you look at the classes of detection - eg on the VirusTotal URL I posted above (though something on this forum tries to indirect that and it doesn't work for me; I had to c&p the actual URL to get it to work), you'll see that 7 of the 9 detections imply that a heuristic made the (guess) that there was a problem in that .exe.
I expect that the real issue will be that someone somewhere else has used that flavour of BASIC to write some malware, and the signature that's misidentifying Revision.exe might well identify any (or a subset of) all programs compiled with the same compiler.
I should mention that I help to provide 'knowledgeable user' support for one specific antimalware program.
Well, there is a small program supplied with SPFLite called KeyboardTest.exe, and sometimes that gets flagged too. I wrote it in MS C, and it is flagged because it is rarely seen by AV products. So it's not just being written in BASIC that triggers it. In fact, you can do a google search for KeyboardText.exe and find many discussions about whether it's safe to install and use or not, and how to "safely remove this malware program". It's not malware.
Jeremy: I think Robert is very correct in noting that it's the low usage that triggers these. Other developers on the PowerBasic forums are frequently 'hit' with false reports on their products. PowerBasic, good as it iss, is still a very minor development language. It's a real pain for them as some of their customers are companies who have policies that simply will not allow software to be installed at all if there are AV warnings outstanding.
To all the others, many thanks for your kind words and good wishes.
Post by JeremyNicoll on Dec 14, 2018 12:00:35 GMT -5
Low usage makes sense if it means that the av people haven't paid enough attention to the code that the PowerBasic compilers generate, but it's hard apart from that to see why that wouldn't mean that every development programmer in the world (using any language) would have every one of their own projects (all of which would be unique when they've just been compiled) flagged all the time.
I know less than beans about how AV software does it's job, but just the idea of heuristic analysis leaves me cold.
Hmmm, this looks like it might be similar to that other nasty we saw in some other program somewhere else so lets flag it just to be on the safe side.
When that kind of process has incorrectly hit your own software many, many times, and wasted many hours trying to placate your users, it's hard to have any faith that heuristic checking is performing a worthwhile task.
Post by JeremyNicoll on Dec 14, 2018 12:38:11 GMT -5
I agree with you... and it's why I report false positives to av companies whenever I find them. I've reported this one too. I think in fact this problem - although seen in 9 av products - is possibly mainly an issue in BitDefender, who licence one of their av engines to several other companies. If they can be persuaded to finesse the heuristic (blind guess) in this case things will improve a lot.
Regarding Robert's tale of KeyboardTest.exe, perhaps the problem there is that it uses the same APIs as either keyboard loggers or things that inject virtual keypresses into the system... and you can see why perfectly legitimate use of those APIs would get flagged in the same way as malware that uses them. One of the problems is av software that doesn't explain why it thinks something is iffy. Another common issue is code that monitors keypresses - indistinguishable from key loggers - but also a necessity for any app that's going to sit and legitimately respond to user-defined keyboard shortcuts.
In the case of KeyboardTest, it uses extremely simple and straightforward API calls to get the keyboard status bits, and just does ordinary printf() calls to display them. It is very plain-Jane code, nothing proprietary, no special user or 3rd party vendor libraries - nothing. It's barely 100 lines of C code. It's not even slightly devious.