Not logged inRybka Chess Community Forum
Up Topic The Rybka Lounge / Computer Chess / FinalGen
1 2 3 4 5 Previous Next  
Parent - - By pPerez (*) Date 2012-03-21 13:00
WARNING! Virus Alert

Hi

I'm the main conceptor and developer of FinalGen.
This message is to inform you that the initial version of FinalGen was accidentally infected by a Troyan.

The viruses free version is available for download now, but if you downloaded the software before 22/03/2012, you should uninstall it immediately,
and remove the remaining files in the installation folder, if any.

You should also scan your whole system. You can scan is for free by using PANDA online active scan. (see link below)

http://www.pandasecurity.com/activescan/index/

There is still a false positive (that is, a virus detected but not a real virus). For example, AVAST blocks the DLL used by FinaGen.
I'm working to solve this problem.

I will keep you informed in my website.  

I apologize for the inconvenience

Pedro Pérez
Parent - - By Dhanish (***) Date 2012-03-21 15:55
First of all, thank you very much for developing this software! I am looking forward to your including more pieces for each side, and then mutiprocessor support.

Regarding the GUI, ability to enter the position through FEN will be nice.

> This message is to inform you that the initial version of FinalGen was accidentally infected by a Troyan.


Why do you say this? Is it because of any antivirus report? I can't find any indication of a virus.

> The viruses free version is available for download now, but if you downloaded the software before 22/03/2012, you should uninstall it immediately,


You are posting on 21/03/12. Do you mean to say that the file will be corrected only on 22/03/12?
Parent - - By keoki010 (Silver) Date 2012-03-22 15:47
@Dhanish; this is a reply to an email I sent to P Perez the programmer of FinalGen concerning the virus.


The current version is perfectly safe and was released 30 hours ago. In fact it was released the 19/3/2012 french/german/spanish time.
I have indicated the 22/3/2012  because there can be time and date differences between countries and this is a way to give a valid date for all of them.

To know if you version is safe or not, you can scan the installation folder (normally program files/finalgen) by using the panda active scan only
http://www.pandasecurity.com/activescan/index/

I recommend the panda because not all antiviruses are able to detect it, and you can scan it for free.

Although the current version is safe, it can cause false positives with two or three antiviruses like AVAST. I'm currently working to solve this problem, I will communicate about this on my website.

Best Regards.
Pedro Pérez Romero
Parent - - By mexicanstandoff (*) Date 2012-04-07 18:49

>The current version is perfectly safe


NOT CORRECT! THE VERSION I DOWNLOADED JUST 3 DAYS AGO (April 4) IS EXTREMELY DANGEROUS! DO NOT USE IT!

Anyone who has run it now has a badly infected system, I am sorry to say. The version of FinalGen at
http://www.mtu-media.com/finalgen/home_ing.php
presents you a zip file download. Inside the zip file is an executable setup program. The setup program passes all the multi-engine virus detection sites (virustotal.com, virscan.org, virusscan-jotti.org etc) showing no infection.

If you run it, you will get a FinalGen directory with over 120 DLL files.

However, ALL OF THESE DLL FILES ARE INFECTED WITH VIRUSES.

The packing mechanism within the setup file is very malicious, because it manages to encode/hide the malware so it itself passes the multi-engine AV checkers. So having run the setup, DO NOT RUN FINALGEN but you need to recompress the DLLs (.7z, RAR, zip) and submit that file. This is what you will get:

Retested by https://www.virustotal.com on April 7, 2012
AntiVir   TR/Kazy.43678.6  
Avast   Win32:Malware-gen  
BitDefender   Gen:Variant.Rimecud.3  
Comodo   TrojWare.Win32.Monder.GEN  
Emsisoft   Win32.SuspectCrc!IK  
F-Secure   Gen:Variant.Rimecud.3   
GData   Gen:Variant.Rimecud.3  
Ikarus   Win32.SuspectCrc  
McAfee   Artemis!E60A7C5DD845  
McAfee-GW   Artemis!2327C788DD1A  
TheHacker   W32/VBNA.a


The FinalGen and uninstall executables are themselves uninfected. But if you run FinalGen, the malware inside the DLLs will be run. If you have a really good AV program running (most are not good enough), it may protect you. Or it may not.

I have preferred safety and have manually erased FinalGen from all my systems.

I do not know whether this infection is deliberate/malicious or not, I hope it is not.

WARNING REPEAT - THE FINALGEN PACKAGE IS VERY BADLY INFECTED WITH CLEVER (as setup appears uninfected) MALWARE. RUN IT AT YOUR OWN PERIL!
Parent - - By Homayoun_Sohrabi_M.D. (***) Date 2012-04-07 19:06
Thank you for the warning.   That damn ICGA strikes again.
Parent - By mexicanstandoff (*) Date 2012-04-08 02:41

> Thank you for the warning.


You are welcome. A program or collection of processes that is designed to normally be left running for a long time, like an EGTB generator, is the ideal environment in which to conceal the most malicious of malware, the sort that only performs its evil deeds (be they corruption of data, theft of data or hijack of machine) when triggered by some rare, innocent combination of external conditions.

> That damn ICGA strikes again.


We share a sense of humor. :)
Parent - - By Vempele (Silver) Date 2012-04-07 19:42

> Retested by https://www.virustotal.com on April 7, 2012


Thanks for the warning, but you could have included a link to the results and not just the home page, you know.
Parent - By mexicanstandoff (*) Date 2012-04-07 20:21

>you could have included a link to the results and not just the home page, you know


Correct, I could have.

Here it is (note, it is of the RAR'd .exe and .dll files contained in the FinalGen directory generated by the setup):
https://www.virustotal.com/file/f839d0152dae29f8fbdbbae780f25509c9d112770b6559c8be41f86191263ccf/analysis/1333821864/

If you need your driveway sweeping too, in a specified north-westerly direction, or other services performed for you gratis, please be so kind as to let me know. :smile:
Parent - By Pia (****) Date 2012-04-08 11:17

>Emsisoft   Win32.SuspectCrc!IK


In reality it could be something usual like creating files and folders. Often used by malware, but we have a working program here!
Here's example of file aadd1.dll and this part of it could look "suspicious" to Emsisoft's Antimalware, but carry no harm:
CloseHandle CreateDirectory CreateFile DeleteFile GetFileAttributes GetLastError ReadFile Sleep WriteFile GetFileSize KERNEL32.dll AADD1.dll principal
Parent - - By pPerez (*) Date 2012-04-08 18:38
Hi mexicanstandoff

You don't have to be alarmed by all these virus reports. As I have said before, the current version is safe.

The problem of false positives occurs frequently when you develop in assembly language. You can search on the internet. False positives are not rare and even occur more often than real positives.
As per my understanding, Virus total did not report any virus about the setup files, but on the dll and exe files. That means that all these antiviruses allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.

Making a program that plays chess is a hard labour. Finding an algorithm to make a program as fast as possible is even harder and had taken several years. I would not have make all these efforts if my only purpose was to infect people with all sort of viruses.

As I have said in my web site, I am working to solve this problem. This has cost me a lot of headache these last weeks. Finally, I have found out how to prevent the false positives, but the impacts on the code are considerable, and it will take some weeks to perform all non regression tests.

Meanwhile, if you don't trust the current version, you can wait for the next release 1.1. :wink:

Best Regards

Pedro Pérez
Parent - By Regularuser (***) Date 2012-04-08 18:52
BTW, it is a fantastic program.   Thanks.

I was going to do work on my own tablebase generator, but now I won't, as yours covers many of my needs.

I am still trying to figure out how you have made it use so little space and run so quickly!   It is very impressive :)
Parent - By Vempele (Silver) Date 2012-04-08 19:12

> That means that all these antiviruses allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.


Well, it's certainly much more serious than if the antivirus warned you about the installer so I don't follow your logic.

Why >120 DLLs?
Parent - By mexicanstandoff (*) Date 2012-04-08 19:52
Thanks for responding - and FG sure looks like a program I want to run! :)

>You don't have to be alarmed by all these virus reports. As I have said before, the current version is safe.


With all due respect, I don't know you.  Further, I know (by your own admission) you inadvertently distributed a virus to the downloaders of the first version of your program.

I would be a bigger fool than I am were I not cautious, please think about that.

>Virus total did not report any virus about the setup files, but on the dll and exe files


Almost correct. virustotal did not report any problem with .exe's, only with .dll's.

>allows you to run the installation program, and after that they detect the viruses on the extracted files. This is not serious.


W-H-A-T ????

It is more serious, not less. As Vempele has already observed, correctly.

I ran the setup file in a sandbox under a debugger. So I know it did nothing malevolent, or at least if it tried to, I did not notice and it was unsuccessful.

The first (but not only) guess as to the cause is that the malware insertion mechanism is more subtle, as they only show up when unpacked.  So, maybe within FinalGensetup.exe there is not only standard packing (MS, zip, 7z whatever) but also some extra obfuscation or encryption.

>Making a program that plays chess is a hard labour. Finding an algorithm to make a program as fast as possible is even harder
>and had taken several years. I would not have make all these efforts if my only purpose was to infect people with all sort of viruses.


Of course. But as I keep on writing, you can be an inadvertent, innocent victim - as you already admitted with the first version, which did contain a virus or other malware.

How are you so confident you have cleared your system entirely of infection?  No backdoor left open?  Just relied on what google said about removal?  As an MC programmer, as I am, you will appreciate that what is known about the virus is only superficial until it has been disassembled or decompiled and the code carefully examined and fully understood. This is too time-consuming and is rarely done (except for highly vectored infections). Without such knowledge, it may be possible that all its traces have not been removed, as it has left high-latency (i.e., their mischief does not start immediately) legacy programs around.

Some post-2008 viruses I've read about are really fiendish. While my interest is theoretical, it has kept me 100% safe for many decades. Thus:

>Meanwhile, if you don't trust the current version, you can wait for the next release 1.1.


I will gladly do that, please be quick. :)

And your hard work is appreciated, especially from a fellow assembly programmer. The kids who work only with high-level languages do not have a clue, usually, of the levels of problems "we" face.  We are a dying breed, because for most applications, our speed and size are not advantages, and C-family compilers have got very, very good since the days of Kernighan & Ritchie.

B.T.W. Within FG, are you attempting to bypass the system at any stage, say to address fixed storage (e.g. HDD) more efficiently?

B.T.W.2. Please consider reducing the .dll count. I don't understand the need for this. From the very high compression the better algorithms (e.g. 7z) produce on the DLLs, I guess you may have various tables there. Is there a technical reason for this multiple DLL approach, or is it historic?
Parent - - By pPerez (*) Date 2012-03-26 19:11
I suspected the virus was real because someone reported it. It was detected by Panda Scan.

It could not be detected by my former antivirus (ad-aware). This is the reason why it was infected.

I was convinced it was real because no virus was detected after recompilation (I had not changed the program sources), and the resulting files were smaller than the infected ones.
Parent - - By Dhanish (***) Date 2012-03-27 21:23

> It was detected by Panda Scan.


Most likely it was a false alarm. I don't think that you can include a virus in your program without your knowing it, unless perhaps your computer is already infected with a virus which modifies the executables after you create it.

> I was convinced it was real because no virus was detected after recompilation


You should try some site such as virustotal which will scan your file with all popular antiviruses and give you a report.

Anyway, thank you very much for your program. It is wonderful that there is not much of a RAM requirement for generation compared to that of Nalimov. In case you do not have time to develop it, I hope you consider making it open source. After all, the commercial viability is limited, as there may be only a handful of users interested in this program.

Freezer can make use of the Nalimov bases. Unfortunately, current developers cannot get the license to use them, unless perhaps you join hands with ChessOK like Houdini. The Gaviota bases are another option. Then, positions which end in five men, the result can be taken directly from the base and added, which may improve the performance in some cases.
Parent - - By mexicanstandoff (*) Date 2012-04-07 19:13

> Most likely it was a false alarm


In my case, it most certainly NOT a false alarm. See my post above, there are >100 infected DLLs!

The version of FinalGenSetup.exe I tested, and which is filled with malware, has CRC32 of 4B98E4B2, file size 4415648 and creation date 9:38 am March 20, 2012. It is still the "current" version per the FinalGen website.

The authors/designers have confirmed an earlier version is infected, but claim the current version is fine (which is not true, as I have proven with 11 different AV engines reporting trojans/viruses/worms).

Use my method of determining infection - that is, do not merely submit the Setup program to the multi-engine checkers - it passes OK - but also submit the re-zipped DLL files that it creates.

I would treat ALL versions of FinalGen with extreme suspicion.

This is probably very bad news for all those running FinalGen right now... who knows who has got what information from your systems, especially as they will be Windoze ones, or what has been corrupted.
Parent - - By buffos (Silver) Date 2012-04-07 22:31
Actually, you dont know that they are infected. SOME antivirus programs say it is, and they dont even agree on what the virus is

I trust my Eset Nod32 a lot, and it is a lot sensitive to viruses. there are many many cases where antiviruses just make it wrong.
Parent - - By mexicanstandoff (*) Date 2012-04-08 02:25

>they dont even agree on what the virus is


More nonsense... As I wrote, but you were unable to understand, I submitted a RAR file which contained all the executables. The order in which the various AV programs process the contents of the archive differs, no surprise there. As each engine reports back only one item of malware to (say) virustotal per submission, which file they encountered first will differ.

I suggest you use google, but then, you don't want to hear sound advice, and look up what some of them do.

Enjoy your infected system, and learn not to shoot the messenger. Thank you in advance...
Parent - - By buffos (Silver) Date 2012-04-08 05:50
To make it simple.

you trust SOME antiviruses. The MAJORITY is not reporting something.

So the question is simple. Are you an antivirus expert, and examined the file and saw this is not a FALSE alarm? If NOT, then you should not claim with such certainty that there is a virus

Do you even understand how many false alarm some of those program give?? (especially those free ones)

Would you bet your life that this is not a false alarm??

If not, then the correct phrasing should be..."there might be a problem with a virus because....."

As simple as that.
Parent - - By mexicanstandoff (*) Date 2012-04-08 06:06

>Are you an antivirus expert, and examined the file and saw this is not a FALSE alarm?


No, yes, yes, respectively.

(I am not an antivirus expert. I am a virus expert).
Parent - - By buffos (Silver) Date 2012-04-08 06:12 Edited 2012-04-08 06:29
Could you please tell us, how you know its NOT a false alarm?

Edit: I am sure you dont have an answer on that. and i am not expecting an answer :smile:
Parent - - By mexicanstandoff (*) Date 2012-04-08 11:53
Disassembly of the (alphabetically) first .dll file produced by the setup program.
Parent - - By Pia (****) Date 2012-04-08 13:36
You talk of theoretics. If you decompile, if you find malware code and can explain of what it does... But no one did it yet.

My guess of why so many antivirus kits think of them to be infected is that these DLLs seems to be more independent from the parent executable,
like writing chess tablebase files by themselves, not just returning data like a function.
And having lots of data to write on HDD they probably using some direct write algorithms,
leaving windows file cache alone. Or what ever, IDK.
Parent - - By mexicanstandoff (*) Date 2012-04-08 19:29

>If you decompile, if you find malware code and can explain of what it does... But no one did it yet


Two errors.

1. It is not "decompile", but disassemble. Much of what I saw was in handwritten machine code, produced by an assembler, not the output from a compiler's code-generator.

2. "no one did it yet" - I did. I found some unusual calls to storage media. Not enough on their own to flag, but when combined with what made me look inside (virus signature matchups per 11 AV programs, including the two best ones).

I just don't get the hostility. Is there something I don't know here? The contents of my PC are sensitive and valuable. If there's even a 1% chance of malware running, then I won't chance it. Paranoids will go much further than I do.
Parent - - By Banned for Life (Gold) Date 2012-04-08 19:36
The average person here has a half dozen machines doing nothing but working on chess problems, so it's an acceptable risk.
Parent - By mexicanstandoff (*) Date 2012-04-09 02:33

>The average person here has a half dozen machines doing
>nothing but working on chess problems, so it's an acceptable risk.


Thank you for explaining. That does make perfect sense to me.

I have many machines too, but only one very powerful one, not in the R.Cluster league but also not absurdly far behind. But it is not chess-dedicated, and so I would not risk it for an 11/42.
Parent - - By Pia (****) Date 2012-04-08 20:52

>I found some unusual calls to storage media.


OMG, where!? Do you think... it could be... assembler?!
Parent - - By mexicanstandoff (*) Date 2012-04-09 02:34 Edited 2012-04-09 02:42

>OMG, where!? Do you think... it could be... assembler?!


Parser failure at offset 0000002Ch

(to avoid doubt, that is a reference to making sense of what you wrote)
Parent - By Pia (****) Date 2012-04-09 09:05
Okies, now I clearly see that your dissembler is infected. But what makes FinalGen responsible? Doubts?
Parent - - By buffos (Silver) Date 2012-04-08 21:33

> I just don't get the hostility


The hostility is from the way you actually are writing and responding. Read what you write calmly and try to understand how you will characterize some writing that way..

> I found some unusual calls to storage media


should i cry or should i laugh.

Eset Nod32, has a great "watch" system. Any strange action is monitored and Finalgen doen't act strange

>If there's even a 1% chance of malware running


this is very different in claiming that there is 100% malware with bold letters and markup.

Someone to take you seriously, you have to present facts. Some Antiviruses claiming its a virus, no big deal. Have seen that thousands of times and it was a false alarm again and again.
It happened with adobe products, after an update, and it was (ofcourse) a false alarm.

So writing , that.. because of this and that, the program MIGHT have a virus is logical. Your way is.... And the way you respond (read an see you answers and how you respond to people) explains the hostility
Parent - By mexicanstandoff (*) Date 2012-04-09 03:33
Thanks for explaining the hostility.  The question was rhetorical, but thanks anyway.

>> I found some unusual calls to storage media
>should i cry or should i laugh.


Neither? But if you're system is infected, which I've seen nothing to suggest is not the case, neither is effective strategy.

>Eset Nod32, has a great "watch" system. Any strange action is monitored and Finalgen doen't act strange


I stated the DLL contained unusual calls. Did I suggest that these were executed regularly?  (Or at all)?  I did not, because I could not know, without first fully disassembling and understanding FinalGen, a non-trivial operation for which I would charge at least $120K.

Hint to putative virus-writers of the data-corruption genre. Smarter usually to be subtle, and to decrease the probability of early, behavior-based detection by doing little but doing it well. You catch/damage more with honey than with vinegar (literally true, if hardware is concerned, as bee sh!t plays hell with motherboards) as you get the useful backups too. The only downside is that propagation may be curtailed, and as zero-day passes and awareness increases, damage may be not too bad.
Parent - - By Richard Vida (**) Date 2012-04-09 01:12 Edited 2012-04-09 01:17

> 2. "no one did it yet" - I did. I found some unusual calls to storage media. Not enough on their own to flag, but when combined with what made me look inside (virus signature matchups per 11 AV programs, including the two best ones).


I'm sorry, but You are the one who made an accusation, so the burden of proof is on your side... So far you didn't prove anything, you just showed some signs of paranoia.

I am not saying that FG is an innocent false positive, nor that it contains any malware (I had not analyzed the code). But please consider my experience in this field (I was doing reverse engineering work for an AV company for almost 4 years) and I know very well how much false positives are reported just to be on the safe side. Especially on sites like virustotal where they receive 'special' editions of AV software where the heuristic detection is custom-made to be very paranoid. But worst of all is the reputation based flagging. I think it is a Symantec invention - if a new piece of software isn't well established enough yet (we talk of 10000+ active users), it automatically rises a suspiciousness flag. For small communities - like the computer-chess community - it is often impossible to gain a positive reputation.

My personal rule of thumb is: scan the suspicious file with Eset Nod32, and if they say it is OK, trust them. They have one of the biggest catch-rate and very low false positive issues [according to tests made by http://www.virusbtn.com ].

I don't want to promise anything but if I can spare some time, I will download FinalGen and will take look at the DLL files myself. But not sooner than the next weekend.
Parent - - By Uly (Gold) Date 2012-04-09 01:18

> My personal rule of thumb is: scan the suspicious file with Eset Nod32, and if it says it is OK, trust them.


Well, the other day I was infected by a Trojan that turned my computer into a SPAMbot that would send email all day and night as soon as it was connected to the Internet, and Nod32 failed to find anything, just like Kaspersky, Panda and others. Only AVG was able to detect it (not able to heal it but I could do it manually after it told me the worm's name), so if it's something obscure, chances are several antivirus won't detect it (false negatives?)
Parent - - By Richard Vida (**) Date 2012-04-09 01:32

>> My personal rule of thumb is: scan the suspicious file with Eset Nod32, and if it says it is OK, trust them.


> Well, the other day I was infected by a Trojan that turned my computer into a SPAMbot that would send email all day and night as soon as it was connected to the Internet, and Nod32 failed to find anything, just like Kaspersky, Panda and others. Only AVG was able to detect it (not able to heal it but I could do it manually after it told me the worm's name), so if it's something obscure, chances are several antivirus won't detect it (false negatives?)


Of course, such things do happen. Every AV software can be tricked (most often by zero-day threats). To minimize damages in such cases I would recommend using a firewall. Put a limit on outbound SMTP traffic, or even better - disable it entirely except for your email client.
Parent - By mexicanstandoff (*) Date 2012-04-09 02:59

>I'm sorry, but You are the one who made an accusation


You seem to be overlooking the little fact that 11 AV engines, including several of the best ones, had made the accusation.

Would you, as a developer, release to the general public software with that level of false positives?  In a morass of DLL files?

Especially where the supplied Setup file passes the scrutiny of all 42-44 AV engines (total between the three main multi-engine sites), suggesting (among other possible, innocent explanations) that the components have been custom-packed or encrypted to prevent early detection even though zero-day has long since passed?

And further, when the only preceding release had a proven malevolent payload, as admitted by the publisher?

A publisher, unknown to us before hand, who had been made aware of the deficiencies of his AV protection in this most embarrassing way?  And who stated he considered that an anti-adware freebie a sufficient defence against general malware??

But still went ahead and distributed this as the successor release?

What would Occam's Razor suggest to you, given all of the above?

On the strength of your performance at induction here, Richard, would you concur that Critter's a damned sight better at chess than you are at logic?  :cool:

Uly said:

>>Well, the other day I was infected by a Trojan
>>and Nod32 failed to find anything, just like Kaspersky, Panda and others


Quite so, Uly.

>Of course, such things do happen.


Quite the philosopher, now.... No help after the fact, is it? Or to you is it "paranoia" when exhibited before the event, but wisdom when it is displayed after, by which time irreversible data corruption may have occurred?

>I would recommend using a firewall


Which might prevent data leakage or spambottage, but will do S.F-A. to prevent subtle or other file corruption.

It's down to risk perception, I guess.  I have a sandbox environment that is relatively slow (by reference to the machine upon which it runs) but gives safety akin to that of a stand-alone isolano PC.

Unknown source? Assume malware until proven innocent.  Clearly, Richard thinks this is paranoia on my part. His perception will be amended once a good 'un gets him, relying as he claims on a single AV. Nothing like experience to teach - but expensive. Please keep backups of Critter development, as I enjoy it. :razz:
Parent - - By Banned for Life (Gold) Date 2012-04-09 04:32
There's the potential for a really nice analysis tool if you could add a feature to critter where it had the ability to calculate solution time to PV endgame positions and actually solve them when appropriate. The method that FG uses to present the solutions space is also intriguing.
Parent - By mexicanstandoff (*) Date 2012-04-09 04:39
I second BfL's suggestion.
Parent - - By Uly (Gold) Date 2012-04-09 05:01
I noticed that FinalGen says it takes a huge amount of space to store a solution, even though most of the solution is not going to be visited. Is it possible to allow some kind of pruning? I think a useful solution could be stored that was 2 orders of magnitude smaller (say, if move A mates in 20 and move B mates in 25, nothing is actually stored for move B.)
Parent - - By Banned for Life (Gold) Date 2012-04-09 05:09
I'm surprised to hear this from you! I think it's great having the alternatives around, just to answer the inevitable what if questions that arise, and even to allow me to improve my own endgame play (I can play one side and look at the other side's optimal moves). Anyway, the definition of a huge amount of space is rapidly growing, with three terabyte drives now going for less than $200 (and it would be less if Thailand wasn't flooded).
Parent - By Uly (Gold) Date 2012-04-09 05:41

> I'm surprised to hear this from you!


Well, I'm the guy running around with only 2.8GB free of disk space, so using FinalGen is just our of my reach :wink:

But, yeah, a solution of a game doesn't require to know all permutations, a weakest solution of a position would only store a given line and wouldn't even need to store the moves up to mate! If a position can be trivially won, it could be pruned. Moves of the opponent would only lead to the position of deciding advantage.

So I'd imagine some soft of "microbitbases" built on the fly of some endgame could be constructed faster and use less space than what FinalGen is doing, even if they only showed "White wins after this move, and I can't show you how white wins with moves other than this line, but I can show you how it leads to a decisive advantage against anything the opponent tries" (at least for decided positions.)

I think Stockfish does something like this, when in some endgame it shows a 80.00 eval which means "I'm sure I'm winning, though I can't show you a line up to mate", and as at that point the game is solved, it doesn't matter if Critter shows a suboptimal line that wins.
Parent - - By Barnard (Bronze) Date 2012-04-07 22:38 Edited 2012-04-07 22:40
if you think Pedro.the developer,is trying to infect you with the software,is easy,stop using it...but please,stop with spam and bothering us with false positive about antivirus that even his mothers doesnt know who they are

edit:i isolated that program and  *dll's,and saw if they open new processes,or try to acces to internet,and none of them do it...so,as Pedro stated,are fañse positive...stop with chain-messages
Parent - - By mexicanstandoff (*) Date 2012-04-08 02:19 Edited 2012-04-08 02:30
On 2012-03-23 19:12 Barnard wrote:

> im not a programmer, but


but then wrote elsewhere:

>stop bothering us with false positive about antivirus that even his mothers doesnt know who they are
>i isolated that program and  *dll's,and saw if they open new processes,or try to acces to internet,and none of them do it..
>.so,as Pedro stated,are fañse positive...stop with chain-messages


Well, unlike you, I am a programmer, and a first-rate one too. Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms, never distributed them, for sure, but just to see what was possible.

It isn't one or two AV programs - it is 11 different ones.
Avira
AntiVir
Avast
BitDefender
Comodo
Emsisoft
F-Secure
GData
Ikarus
McAfee
McAfee-GW
TheHacker

As to the nonsense you've written that you don't see them opening other processes or accessing the internet - what relevance is that? They don't need to - just gradually corrupt a few 10000 files in a subtle way. And maybe they wait for some set of operational conditions before misconduct commences - till April 11, maybe, or till your HDD free space, rounded to the nearest Gb, is an exact multiple of 17 Gb, or till anything else a smart person can think of.

I have no view as to whether Pedro & Company are victims themselves, or perpetrators. It is irrelevant. What do you know of "Pedro"? What makes you think you even know who is at the other end? Did you know that "gullible" is a made-up word that does not even exist in proper dictionaries?

A little knowledge is a dangerous thing. Thank you for the demonstration... Your system is badly corrupted, but as you want to keep your head in the sand, that's your issue and not mine. People with your attitudes ensure that virus-writers remain motivated! ;)
Parent - - By Gambit-man (**) Date 2012-04-08 21:52
i've been using FinalGen for almost 2 weeks now, and i have no reports from AVG that there is any suspicious activity.
I'm no expert, but i would have thought that a first rate programmer like you would not use some of the trash AVs that you have used.
i will have no qualms about continuing to use this great piece of kit
Parent - By mexicanstandoff (*) Date 2012-04-09 03:02
Thanks for the compliment.

But, I only use one of the AVs that listed positives.

The reports are as generated by multi-engine anti-malware checking sites, of which virustotal is a well-known one.

>i will have no qualms about continuing to use this great piece of kit


I agree, if indeed there is malware in there, it's probably too late for you to do anything about it. :lol:

Attitudes like these act as excellent motivators for virus writers...
Parent - - By Barnard (Bronze) Date 2012-04-09 20:53

>What do you know of "Pedro"?


i know more about him,than about you;at least i know his name,where he lives and where he works;i not even know your name

>People with your attitudes ensure that virus-writers remain motivated! ;)
>Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms


Out of curiosity 15 years ago (when the internet was young) I wrote some malware that today would be called worms

virus creators like you?

you appart than a virus creator,are a guy with a double moral,and a turncoat,that when is your interest makes virus,and when you want aparent be a good person,demonize to the virus creators

your principles are zero,and you only move by interest...go to bother other,and leave me alone...i preffer 1000 times my system infected,than an advice by one person without principles like you...so bye,im going to leave you alone,you can answer me or not,i dont mind,im not going to answer you anymore,you dont deserve my time
Parent - By mexicanstandoff (*) Date 2012-04-09 23:38
:lol:

>i preffer 1000 times my system infected


Your wish is already granted.
Parent - - By RFK (Gold) Date 2012-04-10 03:32
Here is what is disturbing to me-

I will take the authors word for its face value.  He states that his software version initially contracted a Trojan- and then goes on to say that he is working on cleaning it up. Then, next, states a newer version is clean. However, others report that there virus scans are picking up a warning.

Now! I don't care what anyone says-that sends up a red flag to me that this guy may not have cleaned up his product.
Parent - - By mexicanstandoff (*) Date 2012-04-10 04:03 Edited 2012-04-10 04:19
+1, Arrière Pensée. I agree, disturbing red flag.

Another red flag you do not mention is that in the note from pPerez that you quote, he refers to a single DLL file as if the second version of FinalGen had only 1 DLL file supplied in its distribution package. BUT there were >120 DLLs produced by the second version's setup. So why use the term "the DLL"? Does he not know his program has 120 DLLs? Or are they just created by the Setup, which I confirm is itself made by a package-generator, and it is well known that package-generators available via the usual ways (emule, bit torrent) are almost all payloaded?

Another strange effect is I have received many hate Messages about this. Curious from the phenomenological/psychological standpoint to get such an emotional response to the most respected AV engines declaring infection... :neutral:

While I am quite confident the developer is innocent, and can be a victim, I do not want to make myself a victim too... many commenting here seem to want to be victims, though, some need re their arrières perhaps? (This is how source codes get stolen, btw. I can write a small book on the subject).

Please see my post of Date 2012-04-08 07:17 in response to someone else who noted anomalous statement re dates quoted by the developer, where I remark on some additional red flags that to me are a little disturbing....
You've detected the peculiar statement re dates...

btw, the world takes 24 hours, give or take, to perform one rotation. Not 72 hours as the earlier developer email implied:

    >The current version .... was released the 19/3/2012 french/german/spanish time.
    >I have indicated the 22/3/2012  because there can be time and date differences
    >between countries and this is a way to give a valid date for all of them.

In fact, this final version of FinalGensetup.exe (CRC32 of 4B98E4B2, file size 4415648) was compressed into the distribution .zip bearing a creation date of 9:38 am March 20, 2012, CET (as that is where the program supposedly comes from).

The zip file itself, obviously, has an even later timestamp, as the contents have to be created before they are compressed.

So how is that compatible with the statement by pPerez that the current version was released on March 19, 2012 CET ?? How can it be released before it is created?

Further, as already observed, 9 am CET on March 20 would be March 20 everywhere on earth except from a few islands in the east Pacific, where it would be March 19.  Not March 21/22/23 etc. as pPerez wrote...

Developer using Ad-Aware as AV? (It was conceived as anti-adware, as the name tells you, only later some AV features added, and repackaged, it is not regarded seriously). Releasing version 1 software with admitted malware-payload? Even then, releasing version 2 with (IMO) even worse payload (11 AVs, including the best-on-test one, Avira), and concealed so the setup file does not reveal any infection? Then saying that this concealment was in fact a good sign??? (As refuted by Vempele, Date 2012-04-08 14:12, and myself). Then his claim that version 1 is infected but version 2 guaranteed safe is convincingly refuted by fhub, Date 2012-04-08 17:28...

The creator of this apparently beautiful program must by definition be very intelligent.

So why so many oddities?

I like mysteries.

This qualifies.
Parent - - By RFK (Gold) Date 2012-04-10 04:49
I'm not a programmers-so I have no idea what any of that means. But, I am not interested in having to go through  formatting  my hard drive over a software program I easily do without. Until I see conclusive evidence to the contrary - I'll stay clear.
Parent - - By mexicanstandoff (*) Date 2012-04-10 05:10

>I have no idea what any of that means


You are too modest, so please don't insult me with such falsity. I have been reading the highly entertaining arguments you and 4-5 others have made against the anti-R/anti-V lynchmob, and you are quite capable of fine reasoning.

For one thing, even as a distinguished non-programmer I am sure you are aware the earth didn't need c3 days (March 19 to 22) to spin around once, let alone less than once, and are also aware that someone smart enough to write an endgame tablebase generator of a new variety also knows these basics about our geoid.

>Until I see conclusive evidence to the contrary - I'll stay clear


That is my reward, then! "If I have saved but one life, I have saved the whole world." As some Bronze Age nonsense book says, anyway. :wink:
Up Topic The Rybka Lounge / Computer Chess / FinalGen
1 2 3 4 5 Previous Next  

Powered by mwForum 2.27.4 © 1999-2012 Markus Wichitill