Recent

Author Topic: What viruses containing Lazarus?  (Read 3115 times)

EmperorOfKeyboard

  • New Member
  • *
  • Posts: 17
  • That is why people who are afraid to look inside t
What viruses containing Lazarus?
« on: January 27, 2020, 07:12:57 pm »
I installed Lazarus for Win32 and check it on virustotal.com. All files except Lazarus.exe itself shown 0-2 detections, mostly Electric Gambit or Crowd, which kicks falcons. Unfortunately my Safati cannot show normal main page of virustotal. Please write which viruses containing Lazarus.exe - it's enough curiously.

marcov

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7928
Re: What viruses containing Lazarus?
« Reply #1 on: January 27, 2020, 07:15:16 pm »
So report them all as false positives. It is not logical that 90% of the antiviruses would miss them, so obviously they are false.

For more information just search for virus on the forum. Short summary: common antivirusses have more false positives on less popular toolchains.

Many are also confused by debug info, as stripping and resubmitting will show.

Handoko

  • Hero Member
  • *****
  • Posts: 3354
  • My goal: build my own game engine using Lazarus
Re: What viruses containing Lazarus?
« Reply #2 on: January 27, 2020, 07:38:42 pm »
@EmperorOfKeyboard

As long as the checksum of the installation binary hasn't changed, it should be okay. If the downloaded binary has different checksum, the computer (used for downloading) probably has infected by virus.

EmperorOfKeyboard

  • New Member
  • *
  • Posts: 17
  • That is why people who are afraid to look inside t
Re: What viruses containing Lazarus?
« Reply #3 on: January 27, 2020, 07:49:20 pm »
So report them all as false positives. It is not logical that 90% of the antiviruses would miss them, so obviously they are false.

For more information just search for virus on the forum. Short summary: common antivirusses have more false positives on less popular toolchains.

Many are also confused by debug info, as stripping and resubmitting will show.
I do not deny it's false, I just want name of this false positives, curios. I think it's of corse because lazarus.exe is BIG, when other exe-dlls small (lesser 100 kb). 4 antiviryses versus 0 mostly, 1 often (egambit), 2 unfrequently.

EmperorOfKeyboard

  • New Member
  • *
  • Posts: 17
  • That is why people who are afraid to look inside t
ALSO I deleted Lazarus inner folder
« Reply #4 on: January 27, 2020, 08:13:19 pm »
I suddenly Startlazarus.App. :D

How can restore it? Reinstall?

Lazarus working without it. Is it folder important?
« Last Edit: January 27, 2020, 08:19:46 pm by EmperorOfKeyboard »

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 5962
    • wiki
Re: What viruses containing Lazarus?
« Reply #5 on: January 27, 2020, 09:14:37 pm »
About startlazarus.

When you install Lazarus (running install as admin), the "Lazarus.app" may be installed into a location to which your user has no access.

When you install packages, the Lazarus.app gets rebuild. But as user you may not be able to replace the global installed lazarus.app.
Therefore the new build will be in your user folder ~/.lazarus/

StartLazarus, makes sure the correct lazarus is started.

If you have write access (as the user, who runs/uses Lazarus) to the global install location, then your rebuild happens there. In that case you do not need StartLazarus.

Otherwise you can start the correct Lazarus build from the correct location yourself.

---
I may have missed some details, the above is what happens on Win and Linux. It should be the same on Mac, but I do not use Mac....



There is a StartLazarus.lpi in the IDE folder. You can open the project, and rebuild it.

If you want a small-ish (smaller than otherwise) build, make sure you build without debug info, or strip it.


If you are on windows, ignore the *.app folders.

You will have the exe.
The *.app folders are for Mac users.

Bart

  • Hero Member
  • *****
  • Posts: 3636
    • Bart en Mariska's Webstek
Re: What viruses containing Lazarus?
« Reply #6 on: January 28, 2020, 10:27:18 am »
I couldn't resist.

Quote
What viruses containing Lazarus?

Since when do viruses contain Lazarus?
Do they need it so they can alter their own code on the target machine?
Does it make those viruses cross-platform?

 O:-) O:-) O:-)

Bart

marcov

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7928
Re: What viruses containing Lazarus?
« Reply #7 on: January 28, 2020, 11:14:58 am »
I do not deny it's false, I just want name of this false positives, curios.

We don't put anything in, it is all in the detection that is too granular/generic. But the internals of the antivirus engines are secret, so external parties like us can't do much there.

Quote
I think it's of corse because lazarus.exe is BIG, when other exe-dlls small (lesser 100 kb). 4 antiviryses versus 0 mostly, 1 often (egambit), 2 unfrequently.

Maybe, maybe not. But maybe is is for other reasons. As said the engine internals and tradeoffs are not public.

The only things that are somewhat clear is that debug info confuses them, and the smaller (rarer) the toolchain, the more false positives.

This leads me to believe that they handtune the virusdefinitions for popular toolchains (probably because they are in testsuites they test on).

Anyway, whatever which way, we can't do anything, if this interests you, you need to take it up with the antivirus companies.
« Last Edit: January 28, 2020, 07:17:37 pm by marcov »

af0815

  • Sr. Member
  • ****
  • Posts: 459
Re: What viruses containing Lazarus?
« Reply #8 on: January 28, 2020, 11:30:33 am »
Normaly i have to send the positive false to the AV Company and it normally accepted and fixed in the next definition update.

A lot of positive false is found by 'generic' algorythmen. I see it if you upx a normal prg. After the upx it is suddenly flagged as a virus :-)
regards
Andreas

EmperorOfKeyboard

  • New Member
  • *
  • Posts: 17
  • That is why people who are afraid to look inside t
Re: What viruses containing Lazarus?
« Reply #9 on: January 28, 2020, 08:42:43 pm »
Stop laughing at me! I even on native language speak not very. :P

I asked if you want (if you have, I know, everybody now have 128 and 256 bit computers with terebytes of RAM) check your Win32 lazarus.exe on virustotal. I use "old-brovsers" page, and it writes:
Alibaba
Jiangmin
Rising
TACHYON
4 of 73 detected.
Whel I had luck loading virustotal/giu, I got not only which engine detected, but also WHAT was detected, like "WBR, send-suspic-file.pl v2 Program.Freemake.254" for Freemake Video Corventon by DrWeb. (They say it's not false. :D)

Bart

  • Hero Member
  • *****
  • Posts: 3636
    • Bart en Mariska's Webstek
Re: What viruses containing Lazarus?
« Reply #10 on: January 28, 2020, 08:49:28 pm »
It all comes down to whom you trust.
Either you trust us: no virus in official lazarus download,
or you trust them: throw away lazarus/fpc, re-install windows (since it will be comprimized now by the virus).

It's up to you.

Bart

marcov

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7928
Re: What viruses containing Lazarus?
« Reply #11 on: January 28, 2020, 08:55:02 pm »
I asked if you want (if you have, I know, everybody now have 128 and 256 bit computers with terebytes of RAM) check your Win32 lazarus.exe on virustotal. I use "old-brovsers" page, and it writes:
Alibaba
Jiangmin
Rising
TACHYON
4 of 73 detected.

Then ask them what means. What is in a binary that triggers those?

Quote
Whel I had luck loading virustotal/giu, I got not only which engine detected, but also WHAT was detected, like "WBR, send-suspic-file.pl v2 Program.Freemake.254" for Freemake Video Corventon by DrWeb. (They say it's not false. :D)

Good, now ask for details. And submit to the other 69 to ask why they didn't detect.

EmperorOfKeyboard

  • New Member
  • *
  • Posts: 17
  • That is why people who are afraid to look inside t
Re: What viruses containing Lazarus?
« Reply #12 on: January 29, 2020, 07:30:29 am »
I asked if you want (if you have, I know, everybody now have 128 and 256 bit computers with terebytes of RAM) check your Win32 lazarus.exe on virustotal. I use "old-brovsers" page, and it writes:
Alibaba
Jiangmin
Rising
TACHYON
4 of 73 detected.

Then ask them what means. What is in a binary that triggers those?

Quote
Whel I had luck loading virustotal/giu, I got not only which engine detected, but also WHAT was detected, like "WBR, send-suspic-file.pl v2 Program.Freemake.254" for Freemake Video Corventon by DrWeb. (They say it's not false. :D)

Good, now ask for details. And submit to the other 69 to ask why they didn't detect.
Sent to Tachyon, all others closed or have so much directions, that on their sites no info about AV.

[offtop]How good laws we have! For example, one program for remote administrating was considered harmful and trojan because in description was words "after installation you can spy your employees". That program was forbidden.  :D

I can serch criminal code: there was very suitable formulation like "if program shall considered harmful". Indeed, some quirky lawyers may demand expertise, but all independent expertises are already bought. 8-)[/offtop]

Thaddy

  • Hero Member
  • *****
  • Posts: 9637
Re: What viruses containing Lazarus?
« Reply #13 on: January 29, 2020, 09:32:45 am »
Good, now ask for details. And submit to the other 69 to ask why they didn't detect.
:D Well proposed.
I am more like donkey than shrek

MaxCuriosus

  • New Member
  • *
  • Posts: 33
Re: What viruses containing Lazarus?
« Reply #14 on: January 29, 2020, 10:18:02 pm »
May I suggest using Tails OS for downloading stuff and a stand-alone "air tight" computer for developing stuff?