WARNING! Virus Alert
Hi
I'm the main conceptor and developer of FinalGen.
This message is to inform you that the initial version of FinalGen was accidentally infected by a Troyan.
The viruses free version is available for download now, but if you downloaded the software before 22/03/2012, you should uninstall it immediately,
and remove the remaining files in the installation folder, if any.
You should also scan your whole system. You can scan is for free by using PANDA online active scan. (see link below)
http://www.pandasecurity.com/activescan/index/
There is still a false positive (that is, a virus detected but not a real virus). For example, AVAST blocks the DLL used by FinaGen.
I'm working to solve this problem.
I will keep you informed in my website.
I apologize for the inconvenience
Pedro Pérez
Hi
I'm the main conceptor and developer of FinalGen.
This message is to inform you that the initial version of FinalGen was accidentally infected by a Troyan.
The viruses free version is available for download now, but if you downloaded the software before 22/03/2012, you should uninstall it immediately,
and remove the remaining files in the installation folder, if any.
You should also scan your whole system. You can scan is for free by using PANDA online active scan. (see link below)
http://www.pandasecurity.com/activescan/index/
There is still a false positive (that is, a virus detected but not a real virus). For example, AVAST blocks the DLL used by FinaGen.
I'm working to solve this problem.
I will keep you informed in my website.
I apologize for the inconvenience
Pedro Pérez
First of all, thank you very much for developing this software! I am looking forward to your including more pieces for each side, and then mutiprocessor support.
Regarding the GUI, ability to enter the position through FEN will be nice.
Why do you say this? Is it because of any antivirus report? I can't find any indication of a virus.
You are posting on 21/03/12. Do you mean to say that the file will be corrected only on 22/03/12?
Regarding the GUI, ability to enter the position through FEN will be nice.
> This message is to inform you that the initial version of FinalGen was accidentally infected by a Troyan.
Why do you say this? Is it because of any antivirus report? I can't find any indication of a virus.
> The viruses free version is available for download now, but if you downloaded the software before 22/03/2012, you should uninstall it immediately,
You are posting on 21/03/12. Do you mean to say that the file will be corrected only on 22/03/12?
@Dhanish; this is a reply to an email I sent to P Perez the programmer of FinalGen concerning the virus.
The current version is perfectly safe and was released 30 hours ago. In fact it was released the 19/3/2012 french/german/spanish time.
I have indicated the 22/3/2012 because there can be time and date differences between countries and this is a way to give a valid date for all of them.
To know if you version is safe or not, you can scan the installation folder (normally program files/finalgen) by using the panda active scan only
http://www.pandasecurity.com/activescan/index/
I recommend the panda because not all antiviruses are able to detect it, and you can scan it for free.
Although the current version is safe, it can cause false positives with two or three antiviruses like AVAST. I'm currently working to solve this problem, I will communicate about this on my website.
Best Regards.
Pedro Pérez Romero
The current version is perfectly safe and was released 30 hours ago. In fact it was released the 19/3/2012 french/german/spanish time.
I have indicated the 22/3/2012 because there can be time and date differences between countries and this is a way to give a valid date for all of them.
To know if you version is safe or not, you can scan the installation folder (normally program files/finalgen) by using the panda active scan only
http://www.pandasecurity.com/activescan/index/
I recommend the panda because not all antiviruses are able to detect it, and you can scan it for free.
Although the current version is safe, it can cause false positives with two or three antiviruses like AVAST. I'm currently working to solve this problem, I will communicate about this on my website.
Best Regards.
Pedro Pérez Romero
>The current version is perfectly safe
NOT CORRECT! THE VERSION I DOWNLOADED JUST 3 DAYS AGO (April 4) IS EXTREMELY DANGEROUS! DO NOT USE IT!
Anyone who has run it now has a badly infected system, I am sorry to say. The version of FinalGen at
http://www.mtu-media.com/finalgen/home_ing.php
presents you a zip file download. Inside the zip file is an executable setup program. The setup program passes all the multi-engine virus detection sites (virustotal.com, virscan.org, virusscan-jotti.org etc) showing no infection.
If you run it, you will get a FinalGen directory with over 120 DLL files.
However, ALL OF THESE DLL FILES ARE INFECTED WITH VIRUSES.
The packing mechanism within the setup file is very malicious, because it manages to encode/hide the malware so it itself passes the multi-engine AV checkers. So having run the setup, DO NOT RUN FINALGEN but you need to recompress the DLLs (.7z, RAR, zip) and submit that file. This is what you will get:
Retested by https://www.virustotal.com on April 7, 2012
AntiVir TR/Kazy.43678.6
Avast Win32:Malware-gen
BitDefender Gen:Variant.Rimecud.3
Comodo TrojWare.Win32.Monder.GEN
Emsisoft Win32.SuspectCrc!IK
F-Secure Gen:Variant.Rimecud.3
GData Gen:Variant.Rimecud.3
Ikarus Win32.SuspectCrc
McAfee Artemis!E60A7C5DD845
McAfee-GW Artemis!2327C788DD1A
TheHacker W32/VBNA.a
The FinalGen and uninstall executables are themselves uninfected. But if you run FinalGen, the malware inside the DLLs will be run. If you have a really good AV program running (most are not good enough), it may protect you. Or it may not.
I have preferred safety and have manually erased FinalGen from all my systems.
I do not know whether this infection is deliberate/malicious or not, I hope it is not.
WARNING REPEAT - THE FINALGEN PACKAGE IS VERY BADLY INFECTED WITH CLEVER (as setup appears uninfected) MALWARE. RUN IT AT YOUR OWN PERIL!
Thank you for the warning. That damn ICGA strikes again.
> Thank you for the warning.
You are welcome. A program or collection of processes that is designed to normally be left running for a long time, like an EGTB generator, is the ideal environment in which to conceal the most malicious of malware, the sort that only performs its evil deeds (be they corruption of data, theft of data or hijack of machine) when triggered by some rare, innocent combination of external conditions.
> That damn ICGA strikes again.
We share a sense of humor. :)
> Retested by https://www.virustotal.com on April 7, 2012
Thanks for the warning, but you could have included a link to the results and not just the home page, you know.
>you could have included a link to the results and not just the home page, you know
Correct, I could have.
Here it is (note, it is of the RAR'd .exe and .dll files contained in the FinalGen directory generated by the setup):
https://www.virustotal.com/file/f839d0152dae29f8fbdbbae780f25509c9d112770b6559c8be41f86191263ccf/analysis/1333821864/
If you need your driveway sweeping too, in a specified north-westerly direction, or other services performed for you gratis, please be so kind as to let me know.
>Emsisoft Win32.SuspectCrc!IK
In reality it could be something usual like creating files and folders. Often used by malware, but we have a working program here!
Here's example of file aadd1.dll and this part of it could look "suspicious" to Emsisoft's Antimalware, but carry no harm:
CloseHandle CreateDirectory CreateFile DeleteFile GetFileAttributes GetLastError ReadFile Sleep WriteFile GetFileSize KERNEL32.dll AADD1.dll principal
Hi mexicanstandoff
You don't have to be alarmed by all these virus reports. As I have said before, the current version is safe.
The problem of false positives occurs frequently when you develop in assembly language. You can search on the internet. False positives are not rare and even occur more often than real positives.
As per my understanding, Virus total did not report any virus about the setup files, but on the dll and exe files. That means that all these antiviruses allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.
Making a program that plays chess is a hard labour. Finding an algorithm to make a program as fast as possible is even harder and had taken several years. I would not have make all these efforts if my only purpose was to infect people with all sort of viruses.
As I have said in my web site, I am working to solve this problem. This has cost me a lot of headache these last weeks. Finally, I have found out how to prevent the false positives, but the impacts on the code are considerable, and it will take some weeks to perform all non regression tests.
Meanwhile, if you don't trust the current version, you can wait for the next release 1.1.
Best Regards
Pedro Pérez
You don't have to be alarmed by all these virus reports. As I have said before, the current version is safe.
The problem of false positives occurs frequently when you develop in assembly language. You can search on the internet. False positives are not rare and even occur more often than real positives.
As per my understanding, Virus total did not report any virus about the setup files, but on the dll and exe files. That means that all these antiviruses allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.
Making a program that plays chess is a hard labour. Finding an algorithm to make a program as fast as possible is even harder and had taken several years. I would not have make all these efforts if my only purpose was to infect people with all sort of viruses.
As I have said in my web site, I am working to solve this problem. This has cost me a lot of headache these last weeks. Finally, I have found out how to prevent the false positives, but the impacts on the code are considerable, and it will take some weeks to perform all non regression tests.
Meanwhile, if you don't trust the current version, you can wait for the next release 1.1.
Best Regards
Pedro Pérez
BTW, it is a fantastic program. Thanks.
I was going to do work on my own tablebase generator, but now I won't, as yours covers many of my needs.
I am still trying to figure out how you have made it use so little space and run so quickly! It is very impressive :)
I was going to do work on my own tablebase generator, but now I won't, as yours covers many of my needs.
I am still trying to figure out how you have made it use so little space and run so quickly! It is very impressive :)
> That means that all these antiviruses allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.
Well, it's certainly much more serious than if the antivirus warned you about the installer so I don't follow your logic.
Why >120 DLLs?
Thanks for responding - and FG sure looks like a program I want to run! :)
With all due respect, I don't know you. Further, I know (by your own admission) you inadvertently distributed a virus to the downloaders of the first version of your program.
I would be a bigger fool than I am were I not cautious, please think about that.
Almost correct. virustotal did not report any problem with .exe's, only with .dll's.
W-H-A-T ????
It is more serious, not less. As Vempele has already observed, correctly.
I ran the setup file in a sandbox under a debugger. So I know it did nothing malevolent, or at least if it tried to, I did not notice and it was unsuccessful.
The first (but not only) guess as to the cause is that the malware insertion mechanism is more subtle, as they only show up when unpacked. So, maybe within FinalGensetup.exe there is not only standard packing (MS, zip, 7z whatever) but also some extra obfuscation or encryption.
Of course. But as I keep on writing, you can be an inadvertent, innocent victim - as you already admitted with the first version, which did contain a virus or other malware.
How are you so confident you have cleared your system entirely of infection? No backdoor left open? Just relied on what google said about removal? As an MC programmer, as I am, you will appreciate that what is known about the virus is only superficial until it has been disassembled or decompiled and the code carefully examined and fully understood. This is too time-consuming and is rarely done (except for highly vectored infections). Without such knowledge, it may be possible that all its traces have not been removed, as it has left high-latency (i.e., their mischief does not start immediately) legacy programs around.
Some post-2008 viruses I've read about are really fiendish. While my interest is theoretical, it has kept me 100% safe for many decades. Thus:
I will gladly do that, please be quick. :)
And your hard work is appreciated, especially from a fellow assembly programmer. The kids who work only with high-level languages do not have a clue, usually, of the levels of problems "we" face. We are a dying breed, because for most applications, our speed and size are not advantages, and C-family compilers have got very, very good since the days of Kernighan & Ritchie.
B.T.W. Within FG, are you attempting to bypass the system at any stage, say to address fixed storage (e.g. HDD) more efficiently?
B.T.W.2. Please consider reducing the .dll count. I don't understand the need for this. From the very high compression the better algorithms (e.g. 7z) produce on the DLLs, I guess you may have various tables there. Is there a technical reason for this multiple DLL approach, or is it historic?
>You don't have to be alarmed by all these virus reports. As I have said before, the current version is safe.
With all due respect, I don't know you. Further, I know (by your own admission) you inadvertently distributed a virus to the downloaders of the first version of your program.
I would be a bigger fool than I am were I not cautious, please think about that.
>Virus total did not report any virus about the setup files, but on the dll and exe files
Almost correct. virustotal did not report any problem with .exe's, only with .dll's.
>allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.
W-H-A-T ????
It is more serious, not less. As Vempele has already observed, correctly.
I ran the setup file in a sandbox under a debugger. So I know it did nothing malevolent, or at least if it tried to, I did not notice and it was unsuccessful.
The first (but not only) guess as to the cause is that the malware insertion mechanism is more subtle, as they only show up when unpacked. So, maybe within FinalGensetup.exe there is not only standard packing (MS, zip, 7z whatever) but also some extra obfuscation or encryption.
>Making a program that plays chess is a hard labour. Finding an algorithm to make a program as fast as possible is even harder
>and had taken several years. I would not have make all these efforts if my only purpose was to infect people with all sort of viruses.
Of course. But as I keep on writing, you can be an inadvertent, innocent victim - as you already admitted with the first version, which did contain a virus or other malware.
How are you so confident you have cleared your system entirely of infection? No backdoor left open? Just relied on what google said about removal? As an MC programmer, as I am, you will appreciate that what is known about the virus is only superficial until it has been disassembled or decompiled and the code carefully examined and fully understood. This is too time-consuming and is rarely done (except for highly vectored infections). Without such knowledge, it may be possible that all its traces have not been removed, as it has left high-latency (i.e., their mischief does not start immediately) legacy programs around.
Some post-2008 viruses I've read about are really fiendish. While my interest is theoretical, it has kept me 100% safe for many decades. Thus:
>Meanwhile, if you don't trust the current version, you can wait for the next release 1.1.
I will gladly do that, please be quick. :)
And your hard work is appreciated, especially from a fellow assembly programmer. The kids who work only with high-level languages do not have a clue, usually, of the levels of problems "we" face. We are a dying breed, because for most applications, our speed and size are not advantages, and C-family compilers have got very, very good since the days of Kernighan & Ritchie.
B.T.W. Within FG, are you attempting to bypass the system at any stage, say to address fixed storage (e.g. HDD) more efficiently?
B.T.W.2. Please consider reducing the .dll count. I don't understand the need for this. From the very high compression the better algorithms (e.g. 7z) produce on the DLLs, I guess you may have various tables there. Is there a technical reason for this multiple DLL approach, or is it historic?
I suspected the virus was real because someone reported it. It was detected by Panda Scan.
It could not be detected by my former antivirus (ad-aware). This is the reason why it was infected.
I was convinced it was real because no virus was detected after recompilation (I had not changed the program sources), and the resulting files were smaller than the infected ones.
It could not be detected by my former antivirus (ad-aware). This is the reason why it was infected.
I was convinced it was real because no virus was detected after recompilation (I had not changed the program sources), and the resulting files were smaller than the infected ones.
> It was detected by Panda Scan.
Most likely it was a false alarm. I don't think that you can include a virus in your program without your knowing it, unless perhaps your computer is already infected with a virus which modifies the executables after you create it.
> I was convinced it was real because no virus was detected after recompilation
You should try some site such as virustotal which will scan your file with all popular antiviruses and give you a report.
Anyway, thank you very much for your program. It is wonderful that there is not much of a RAM requirement for generation compared to that of Nalimov. In case you do not have time to develop it, I hope you consider making it open source. After all, the commercial viability is limited, as there may be only a handful of users interested in this program.
Freezer can make use of the Nalimov bases. Unfortunately, current developers cannot get the license to use them, unless perhaps you join hands with ChessOK like Houdini. The Gaviota bases are another option. Then, positions which end in five men, the result can be taken directly from the base and added, which may improve the performance in some cases.
> Most likely it was a false alarm
In my case, it most certainly NOT a false alarm. See my post above, there are >100 infected DLLs!
The version of FinalGenSetup.exe I tested, and which is filled with malware, has CRC32 of 4B98E4B2, file size 4415648 and creation date 9:38 am March 20, 2012. It is still the "current" version per the FinalGen website.
The authors/designers have confirmed an earlier version is infected, but claim the current version is fine (which is not true, as I have proven with 11 different AV engines reporting trojans/viruses/worms).
Use my method of determining infection - that is, do not merely submit the Setup program to the multi-engine checkers - it passes OK - but also submit the re-zipped DLL files that it creates.
I would treat ALL versions of FinalGen with extreme suspicion.
This is probably very bad news for all those running FinalGen right now... who knows who has got what information from your systems, especially as they will be Windoze ones, or what has been corrupted.
Actually, you dont know that they are infected. SOME antivirus programs say it is, and they dont even agree on what the virus is
I trust my Eset Nod32 a lot, and it is a lot sensitive to viruses. there are many many cases where antiviruses just make it wrong.
I trust my Eset Nod32 a lot, and it is a lot sensitive to viruses. there are many many cases where antiviruses just make it wrong.
>they dont even agree on what the virus is
More nonsense... As I wrote, but you were unable to understand, I submitted a RAR file which contained all the executables. The order in which the various AV programs process the contents of the archive differs, no surprise there. As each engine reports back only one item of malware to (say) virustotal per submission, which file they encountered first will differ.
I suggest you use google, but then, you don't want to hear sound advice, and look up what some of them do.
Enjoy your infected system, and learn not to shoot the messenger. Thank you in advance...
To make it simple.
you trust SOME antiviruses. The MAJORITY is not reporting something.
So the question is simple. Are you an antivirus expert, and examined the file and saw this is not a FALSE alarm? If NOT, then you should not claim with such certainty that there is a virus
Do you even understand how many false alarm some of those program give?? (especially those free ones)
Would you bet your life that this is not a false alarm??
If not, then the correct phrasing should be..."there might be a problem with a virus because....."
As simple as that.
you trust SOME antiviruses. The MAJORITY is not reporting something.
So the question is simple. Are you an antivirus expert, and examined the file and saw this is not a FALSE alarm? If NOT, then you should not claim with such certainty that there is a virus
Do you even understand how many false alarm some of those program give?? (especially those free ones)
Would you bet your life that this is not a false alarm??
If not, then the correct phrasing should be..."there might be a problem with a virus because....."
As simple as that.
>Are you an antivirus expert, and examined the file and saw this is not a FALSE alarm?
No, yes, yes, respectively.
(I am not an antivirus expert. I am a virus expert).
Could you please tell us, how you know its NOT a false alarm?
Edit: I am sure you dont have an answer on that. and i am not expecting an answer
Edit: I am sure you dont have an answer on that. and i am not expecting an answer
Disassembly of the (alphabetically) first .dll file produced by the setup program.
You talk of theoretics. If you decompile, if you find malware code and can explain of what it does... But no one did it yet.
My guess of why so many antivirus kits think of them to be infected is that these DLLs seems to be more independent from the parent executable,
like writing chess tablebase files by themselves, not just returning data like a function.
And having lots of data to write on HDD they probably using some direct write algorithms,
leaving windows file cache alone. Or what ever, IDK.
My guess of why so many antivirus kits think of them to be infected is that these DLLs seems to be more independent from the parent executable,
like writing chess tablebase files by themselves, not just returning data like a function.
And having lots of data to write on HDD they probably using some direct write algorithms,
leaving windows file cache alone. Or what ever, IDK.
>If you decompile, if you find malware code and can explain of what it does... But no one did it yet
Two errors.
1. It is not "decompile", but disassemble. Much of what I saw was in handwritten machine code, produced by an assembler, not the output from a compiler's code-generator.
2. "no one did it yet" - I did. I found some unusual calls to storage media. Not enough on their own to flag, but when combined with what made me look inside (virus signature matchups per 11 AV programs, including the two best ones).
I just don't get the hostility. Is there something I don't know here? The contents of my PC are sensitive and valuable. If there's even a 1% chance of malware running, then I won't chance it. Paranoids will go much further than I do.
The average person here has a half dozen machines doing nothing but working on chess problems, so it's an acceptable risk.
>The average person here has a half dozen machines doing
>nothing but working on chess problems, so it's an acceptable risk.
Thank you for explaining. That does make perfect sense to me.
I have many machines too, but only one very powerful one, not in the R.Cluster league but also not absurdly far behind. But it is not chess-dedicated, and so I would not risk it for an 11/42.
>I found some unusual calls to storage media.
OMG, where!? Do you think... it could be... assembler?!
>OMG, where!? Do you think... it could be... assembler?!
Parser failure at offset 0000002Ch
(to avoid doubt, that is a reference to making sense of what you wrote)
Okies, now I clearly see that your dissembler is infected. But what makes FinalGen responsible? Doubts?
> I just don't get the hostility
The hostility is from the way you actually are writing and responding. Read what you write calmly and try to understand how you will characterize some writing that way..
> I found some unusual calls to storage media
should i cry or should i laugh.
Eset Nod32, has a great "watch" system. Any strange action is monitored and Finalgen doen't act strange
>If there's even a 1% chance of malware running
this is very different in claiming that there is 100% malware with bold letters and markup.
Someone to take you seriously, you have to present facts. Some Antiviruses claiming its a virus, no big deal. Have seen that thousands of times and it was a false alarm again and again.
It happened with adobe products, after an update, and it was (ofcourse) a false alarm.
So writing , that.. because of this and that, the program MIGHT have a virus is logical. Your way is.... And the way you respond (read an see you answers and how you respond to people) explains the hostility
Thanks for explaining the hostility. The question was rhetorical, but thanks anyway.
Neither? But if you're system is infected, which I've seen nothing to suggest is not the case, neither is effective strategy.
I stated the DLL contained unusual calls. Did I suggest that these were executed regularly? (Or at all)? I did not, because I could not know, without first fully disassembling and understanding FinalGen, a non-trivial operation for which I would charge at least $120K.
Hint to putative virus-writers of the data-corruption genre. Smarter usually to be subtle, and to decrease the probability of early, behavior-based detection by doing little but doing it well. You catch/damage more with honey than with vinegar (literally true, if hardware is concerned, as bee sh!t plays hell with motherboards) as you get the useful backups too. The only downside is that propagation may be curtailed, and as zero-day passes and awareness increases, damage may be not too bad.
>> I found some unusual calls to storage media
>should i cry or should i laugh.
Neither? But if you're system is infected, which I've seen nothing to suggest is not the case, neither is effective strategy.
>Eset Nod32, has a great "watch" system. Any strange action is monitored and Finalgen doen't act strange
I stated the DLL contained unusual calls. Did I suggest that these were executed regularly? (Or at all)? I did not, because I could not know, without first fully disassembling and understanding FinalGen, a non-trivial operation for which I would charge at least $120K.
Hint to putative virus-writers of the data-corruption genre. Smarter usually to be subtle, and to decrease the probability of early, behavior-based detection by doing little but doing it well. You catch/damage more with honey than with vinegar (literally true, if hardware is concerned, as bee sh!t plays hell with motherboards) as you get the useful backups too. The only downside is that propagation may be curtailed, and as zero-day passes and awareness increases, damage may be not too bad.
> 2. "no one did it yet" - I did. I found some unusual calls to storage media. Not enough on their own to flag, but when combined with what made me look inside (virus signature matchups per 11 AV programs, including the two best ones).
I'm sorry, but You are the one who made an accusation, so the burden of proof is on your side... So far you didn't prove anything, you just showed some signs of paranoia.
I am not saying that FG is an innocent false positive, nor that it contains any malware (I had not analyzed the code). But please consider my experience in this field (I was doing reverse engineering work for an AV company for almost 4 years) and I know very well how much false positives are reported just to be on the safe side. Especially on sites like virustotal where they receive 'special' editions of AV software where the heuristic detection is custom-made to be very paranoid. But worst of all is the reputation based flagging. I think it is a Symantec invention - if a new piece of software isn't well established enough yet (we talk of 10000+ active users), it automatically rises a suspiciousness flag. For small communities - like the computer-chess community - it is often impossible to gain a positive reputation.
My personal rule of thumb is: scan the suspicious file with Eset Nod32, and if they say it is OK, trust them. They have one of the biggest catch-rate and very low false positive issues [according to tests made by http://www.virusbtn.com ].
I don't want to promise anything but if I can spare some time, I will download FinalGen and will take look at the DLL files myself. But not sooner than the next weekend.
> My personal rule of thumb is: scan the suspicious file with Eset Nod32, and if it says it is OK, trust them.
Well, the other day I was infected by a Trojan that turned my computer into a SPAMbot that would send email all day and night as soon as it was connected to the Internet, and Nod32 failed to find anything, just like Kaspersky, Panda and others. Only AVG was able to detect it (not able to heal it but I could do it manually after it told me the worm's name), so if it's something obscure, chances are several antivirus won't detect it (false negatives?)
>> My personal rule of thumb is: scan the suspicious file with Eset Nod32, and if it says it is OK, trust them.
> Well, the other day I was infected by a Trojan that turned my computer into a SPAMbot that would send email all day and night as soon as it was connected to the Internet, and Nod32 failed to find anything, just like Kaspersky, Panda and others. Only AVG was able to detect it (not able to heal it but I could do it manually after it told me the worm's name), so if it's something obscure, chances are several antivirus won't detect it (false negatives?)
Of course, such things do happen. Every AV software can be tricked (most often by zero-day threats). To minimize damages in such cases I would recommend using a firewall. Put a limit on outbound SMTP traffic, or even better - disable it entirely except for your email client.
>I'm sorry, but You are the one who made an accusation
You seem to be overlooking the little fact that 11 AV engines, including several of the best ones, had made the accusation.
Would you, as a developer, release to the general public software with that level of false positives? In a morass of DLL files?
Especially where the supplied Setup file passes the scrutiny of all 42-44 AV engines (total between the three main multi-engine sites), suggesting (among other possible, innocent explanations) that the components have been custom-packed or encrypted to prevent early detection even though zero-day has long since passed?
And further, when the only preceding release had a proven malevolent payload, as admitted by the publisher?
A publisher, unknown to us before hand, who had been made aware of the deficiencies of his AV protection in this most embarrassing way? And who stated he considered that an anti-adware freebie a sufficient defence against general malware??
But still went ahead and distributed this as the successor release?
What would Occam's Razor suggest to you, given all of the above?
On the strength of your performance at induction here, Richard, would you concur that Critter's a damned sight better at chess than you are at logic?
Uly said:
>>Well, the other day I was infected by a Trojan
>>and Nod32 failed to find anything, just like Kaspersky, Panda and others
Quite so, Uly.
>Of course, such things do happen.
Quite the philosopher, now.... No help after the fact, is it? Or to you is it "paranoia" when exhibited before the event, but wisdom when it is displayed after, by which time irreversible data corruption may have occurred?
>I would recommend using a firewall
Which might prevent data leakage or spambottage, but will do S.F-A. to prevent subtle or other file corruption.
It's down to risk perception, I guess. I have a sandbox environment that is relatively slow (by reference to the machine upon which it runs) but gives safety akin to that of a stand-alone isolano PC.
Unknown source? Assume malware until proven innocent. Clearly, Richard thinks this is paranoia on my part. His perception will be amended once a good 'un gets him, relying as he claims on a single AV. Nothing like experience to teach - but expensive. Please keep backups of Critter development, as I enjoy it.
There's the potential for a really nice analysis tool if you could add a feature to critter where it had the ability to calculate solution time to PV endgame positions and actually solve them when appropriate. The method that FG uses to present the solutions space is also intriguing.
I second BfL's suggestion.
I noticed that FinalGen says it takes a huge amount of space to store a solution, even though most of the solution is not going to be visited. Is it possible to allow some kind of pruning? I think a useful solution could be stored that was 2 orders of magnitude smaller (say, if move A mates in 20 and move B mates in 25, nothing is actually stored for move B.)
I'm surprised to hear this from you! I think it's great having the alternatives around, just to answer the inevitable what if questions that arise, and even to allow me to improve my own endgame play (I can play one side and look at the other side's optimal moves). Anyway, the definition of a huge amount of space is rapidly growing, with three terabyte drives now going for less than $200 (and it would be less if Thailand wasn't flooded).
> I'm surprised to hear this from you!
Well, I'm the guy running around with only 2.8GB free of disk space, so using FinalGen is just our of my reach
But, yeah, a solution of a game doesn't require to know all permutations, a weakest solution of a position would only store a given line and wouldn't even need to store the moves up to mate! If a position can be trivially won, it could be pruned. Moves of the opponent would only lead to the position of deciding advantage.
So I'd imagine some soft of "microbitbases" built on the fly of some endgame could be constructed faster and use less space than what FinalGen is doing, even if they only showed "White wins after this move, and I can't show you how white wins with moves other than this line, but I can show you how it leads to a decisive advantage against anything the opponent tries" (at least for decided positions.)
I think Stockfish does something like this, when in some endgame it shows a 80.00 eval which means "I'm sure I'm winning, though I can't show you a line up to mate", and as at that point the game is solved, it doesn't matter if Critter shows a suboptimal line that wins.
if you think Pedro.the developer,is trying to infect you with the software,is easy,stop using it...but please,stop with spam and bothering us with false positive about antivirus that even his mothers doesnt know who they are
edit:i isolated that program and *dll's,and saw if they open new processes,or try to acces to internet,and none of them do it...so,as Pedro stated,are fañse positive...stop with chain-messages
edit:i isolated that program and *dll's,and saw if they open new processes,or try to acces to internet,and none of them do it...so,as Pedro stated,are fañse positive...stop with chain-messages
On 2012-03-23 19:12 Barnard wrote:
but then wrote elsewhere:
Well, unlike you, I am a programmer, and a first-rate one too. Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms, never distributed them, for sure, but just to see what was possible.
It isn't one or two AV programs - it is 11 different ones.
Avira
AntiVir
Avast
BitDefender
Comodo
Emsisoft
F-Secure
GData
Ikarus
McAfee
McAfee-GW
TheHacker
As to the nonsense you've written that you don't see them opening other processes or accessing the internet - what relevance is that? They don't need to - just gradually corrupt a few 10000 files in a subtle way. And maybe they wait for some set of operational conditions before misconduct commences - till April 11, maybe, or till your HDD free space, rounded to the nearest Gb, is an exact multiple of 17 Gb, or till anything else a smart person can think of.
I have no view as to whether Pedro & Company are victims themselves, or perpetrators. It is irrelevant. What do you know of "Pedro"? What makes you think you even know who is at the other end? Did you know that "gullible" is a made-up word that does not even exist in proper dictionaries?
A little knowledge is a dangerous thing. Thank you for the demonstration... Your system is badly corrupted, but as you want to keep your head in the sand, that's your issue and not mine. People with your attitudes ensure that virus-writers remain motivated! ;)
> im not a programmer, but
but then wrote elsewhere:
>stop bothering us with false positive about antivirus that even his mothers doesnt know who they are
>i isolated that program and *dll's,and saw if they open new processes,or try to acces to internet,and none of them do it..
>.so,as Pedro stated,are fañse positive...stop with chain-messages
Well, unlike you, I am a programmer, and a first-rate one too. Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms, never distributed them, for sure, but just to see what was possible.
It isn't one or two AV programs - it is 11 different ones.
Avira
AntiVir
Avast
BitDefender
Comodo
Emsisoft
F-Secure
GData
Ikarus
McAfee
McAfee-GW
TheHacker
As to the nonsense you've written that you don't see them opening other processes or accessing the internet - what relevance is that? They don't need to - just gradually corrupt a few 10000 files in a subtle way. And maybe they wait for some set of operational conditions before misconduct commences - till April 11, maybe, or till your HDD free space, rounded to the nearest Gb, is an exact multiple of 17 Gb, or till anything else a smart person can think of.
I have no view as to whether Pedro & Company are victims themselves, or perpetrators. It is irrelevant. What do you know of "Pedro"? What makes you think you even know who is at the other end? Did you know that "gullible" is a made-up word that does not even exist in proper dictionaries?
A little knowledge is a dangerous thing. Thank you for the demonstration... Your system is badly corrupted, but as you want to keep your head in the sand, that's your issue and not mine. People with your attitudes ensure that virus-writers remain motivated! ;)
i've been using FinalGen for almost 2 weeks now, and i have no reports from AVG that there is any suspicious activity.
I'm no expert, but i would have thought that a first rate programmer like you would not use some of the trash AVs that you have used.
i will have no qualms about continuing to use this great piece of kit
I'm no expert, but i would have thought that a first rate programmer like you would not use some of the trash AVs that you have used.
i will have no qualms about continuing to use this great piece of kit
Thanks for the compliment.
But, I only use one of the AVs that listed positives.
The reports are as generated by multi-engine anti-malware checking sites, of which virustotal is a well-known one.
I agree, if indeed there is malware in there, it's probably too late for you to do anything about it.
Attitudes like these act as excellent motivators for virus writers...
But, I only use one of the AVs that listed positives.
The reports are as generated by multi-engine anti-malware checking sites, of which virustotal is a well-known one.
>i will have no qualms about continuing to use this great piece of kit
I agree, if indeed there is malware in there, it's probably too late for you to do anything about it.
Attitudes like these act as excellent motivators for virus writers...
>What do you know of "Pedro"?
i know more about him,than about you;at least i know his name,where he lives and where he works;i not even know your name
>People with your attitudes ensure that virus-writers remain motivated! ;)
>Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms
Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms
virus creators like you?
you appart than a virus creator,are a guy with a double moral,and a turncoat,that when is your interest makes virus,and when you want aparent be a good person,demonize to the virus creators
your principles are zero,and you only move by interest...go to bother other,and leave me alone...i preffer 1000 times my system infected,than an advice by one person without principles like you...so bye,im going to leave you alone,you can answer me or not,i dont mind,im not going to answer you anymore,you dont deserve my time
>i preffer 1000 times my system infected
Your wish is already granted.
Here is what is disturbing to me-
I will take the authors word for its face value. He states that his software version initially contracted a Trojan- and then goes on to say that he is working on cleaning it up. Then, next, states a newer version is clean. However, others report that there virus scans are picking up a warning.
Now! I don't care what anyone says-that sends up a red flag to me that this guy may not have cleaned up his product.
I will take the authors word for its face value. He states that his software version initially contracted a Trojan- and then goes on to say that he is working on cleaning it up. Then, next, states a newer version is clean. However, others report that there virus scans are picking up a warning.
Now! I don't care what anyone says-that sends up a red flag to me that this guy may not have cleaned up his product.
+1, Arrière Pensée. I agree, disturbing red flag.
Another red flag you do not mention is that in the note from pPerez that you quote, he refers to a single DLL file as if the second version of FinalGen had only 1 DLL file supplied in its distribution package. BUT there were >120 DLLs produced by the second version's setup. So why use the term "the DLL"? Does he not know his program has 120 DLLs? Or are they just created by the Setup, which I confirm is itself made by a package-generator, and it is well known that package-generators available via the usual ways (emule, bit torrent) are almost all payloaded?
Another strange effect is I have received many hate Messages about this. Curious from the phenomenological/psychological standpoint to get such an emotional response to the most respected AV engines declaring infection...
While I am quite confident the developer is innocent, and can be a victim, I do not want to make myself a victim too... many commenting here seem to want to be victims, though, some need re their arrières perhaps? (This is how source codes get stolen, btw. I can write a small book on the subject).
Please see my post of Date 2012-04-08 07:17 in response to someone else who noted anomalous statement re dates quoted by the developer, where I remark on some additional red flags that to me are a little disturbing....
Another red flag you do not mention is that in the note from pPerez that you quote, he refers to a single DLL file as if the second version of FinalGen had only 1 DLL file supplied in its distribution package. BUT there were >120 DLLs produced by the second version's setup. So why use the term "the DLL"? Does he not know his program has 120 DLLs? Or are they just created by the Setup, which I confirm is itself made by a package-generator, and it is well known that package-generators available via the usual ways (emule, bit torrent) are almost all payloaded?
Another strange effect is I have received many hate Messages about this. Curious from the phenomenological/psychological standpoint to get such an emotional response to the most respected AV engines declaring infection...
While I am quite confident the developer is innocent, and can be a victim, I do not want to make myself a victim too... many commenting here seem to want to be victims, though, some need re their arrières perhaps? (This is how source codes get stolen, btw. I can write a small book on the subject).
Please see my post of Date 2012-04-08 07:17 in response to someone else who noted anomalous statement re dates quoted by the developer, where I remark on some additional red flags that to me are a little disturbing....
You've detected the peculiar statement re dates...
btw, the world takes 24 hours, give or take, to perform one rotation. Not 72 hours as the earlier developer email implied:
>The current version .... was released the 19/3/2012 french/german/spanish time.
>I have indicated the 22/3/2012 because there can be time and date differences
>between countries and this is a way to give a valid date for all of them.
In fact, this final version of FinalGensetup.exe (CRC32 of 4B98E4B2, file size 4415648) was compressed into the distribution .zip bearing a creation date of 9:38 am March 20, 2012, CET (as that is where the program supposedly comes from).
The zip file itself, obviously, has an even later timestamp, as the contents have to be created before they are compressed.
So how is that compatible with the statement by pPerez that the current version was released on March 19, 2012 CET ?? How can it be released before it is created?
Further, as already observed, 9 am CET on March 20 would be March 20 everywhere on earth except from a few islands in the east Pacific, where it would be March 19. Not March 21/22/23 etc. as pPerez wrote...
Developer using Ad-Aware as AV? (It was conceived as anti-adware, as the name tells you, only later some AV features added, and repackaged, it is not regarded seriously). Releasing version 1 software with admitted malware-payload? Even then, releasing version 2 with (IMO) even worse payload (11 AVs, including the best-on-test one, Avira), and concealed so the setup file does not reveal any infection? Then saying that this concealment was in fact a good sign??? (As refuted by Vempele, Date 2012-04-08 14:12, and myself). Then his claim that version 1 is infected but version 2 guaranteed safe is convincingly refuted by fhub, Date 2012-04-08 17:28...
The creator of this apparently beautiful program must by definition be very intelligent.
So why so many oddities?
I like mysteries.
This qualifies.
I'm not a programmers-so I have no idea what any of that means. But, I am not interested in having to go through formatting my hard drive over a software program I easily do without. Until I see conclusive evidence to the contrary - I'll stay clear.
>I have no idea what any of that means
You are too modest, so please don't insult me with such falsity. I have been reading the highly entertaining arguments you and 4-5 others have made against the anti-R/anti-V lynchmob, and you are quite capable of fine reasoning.
For one thing, even as a distinguished non-programmer I am sure you are aware the earth didn't need c3 days (March 19 to 22) to spin around once, let alone less than once, and are also aware that someone smart enough to write an endgame tablebase generator of a new variety also knows these basics about our geoid.
>Until I see conclusive evidence to the contrary - I'll stay clear
That is my reward, then! "If I have saved but one life, I have saved the whole world." As some Bronze Age nonsense book says, anyway.
Powered by mwForum 2.27.4 © 1999-2012 Markus Wichitill