Lazarus

Installation => Windows (32/64) => Topic started by: dbaxter on October 02, 2018, 04:47:42 am

Title: BitDefender doesn't like Lazarus 2.0
Post by: dbaxter on October 02, 2018, 04:47:42 am
Installed the release candidate for 2.0 and BitDefender deleted it:
"The file d:\lazarus2.0\startlazarus.exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean."

Now I would expect this is a false positive, so do you folks have a contact at BitDefender, or is it up to us users to alert them?
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: wp on October 02, 2018, 09:11:16 am
AFAIK there is nobody among the devs who has special contacts to antivirus companies. Please report it yourself.

I once had BitDefender, too, but gave it up when they introduced some "intelligence" feature which deleted fpc and several related utilities. I had tried to report it, but the process to create a proper report was very complicated. Therefore I replaced BitDefender by Windows Defender.

The least thing that you must do with any antivirus: Put the Lazarus and your project folder incl all subfolders on the white-list of the scanner. But BitDefender was even ignoring that.
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Thaddy on October 02, 2018, 09:49:22 am
Usually such companies (except the brainless ones) correct such false positives very quickly provided:
- a good but short description
- exact OS, compiler version etc.
- links on how to obtain the compiler(s) from the official website. (no fpcdeluxe here, because it has indirection)

The more concise, but detailed your report is, the quicker they will fix it.
We used to have many problems with KOL, most of it was corrected by most companies after I explained in detail that they were fingerprinting a framework instead of fingerprinting true malware. (Which admittedly KOL used to be used for a lot.)
The lazy ones just fingerprint the major compilers, e.g. from GNU, Microsoft, Intel and AMD.
Note it also helps if you mention that fingerprinting those is not "heuristics" which they will try to tell you as a first response if any response.....
There is nothing fishy in the startup code of the FPC compilers nor is there in the RTL.

Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Ñuño_Martínez on October 03, 2018, 10:36:55 am
I'm not sure why but most anti-malware software don't like Pascal programs (both Delphi and Free Pascal).  I think is something about debugging and optimization techniques.  Both Avira and Avast antiviruses (almost) always detect my creations as potential malware.  I never have problems with GCC's C compiler (MinGW).
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: af0815 on October 03, 2018, 03:08:35 pm
Normal Avira accepts the reported positive false and my positive false are gone.
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Ñuño_Martínez on October 05, 2018, 11:23:44 am
I know, but it is quite annoying that every Pascal program is detected as possible harm but C ones don't...  >:(
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Thaddy on October 05, 2018, 11:40:45 am
I know, but it is quite annoying that every Pascal program is detected as possible harm but C ones don't...  >:(

The problem is going on for years. At some point some repair it and subsequently there are regressions in newer versions.
It probably requires a community action of *some scale* from both the Delphi and FPC community to teach them a lesson.
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: 440bx on October 05, 2018, 03:51:49 pm
It probably requires a community action of *some scale* from both the Delphi and FPC community to teach them a lesson.
Stop using their product(s). Companies understand the "money scale" or, better yet, use VMs.  Got a virus ?... just restore the most recent clean snapshot.  No wasting money on antiviruses and no machine slow down.   
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Thaddy on October 05, 2018, 05:39:19 pm
It probably requires a community action of *some scale* from both the Delphi and FPC community to teach them a lesson.
Stop using their product(s). Companies understand the "money scale" or, better yet, use VMs.  Got a virus ?... just restore the most recent clean snapshot.  No wasting money on antiviruses and no machine slow down.   
No that's not the issue:
The technical issue is that Pascal startup code allocates input/output and memory management, whereas C family compilers do not do that. They rely on their libraries to link that in.
Simply ignoring these idiots is not possible. Sometimes they fix it (like Avira, Avast and even bitdefender many times did!!!) but they ALWAYS regress at some point, because they do not understand that the Pascal compilers carry a lot more default code into their startup code. So we, - whom for a large part of the community are computer scientists or professionals (a lot of us!) - should take collective action.
Microsoft, for instance, fixed the cause. The commercial ones fixed the symptoms....

What doctor do you prefer...
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: marcov on October 05, 2018, 05:45:37 pm
Or simply exclude all open source development related directories. Problem solved :-)
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Thaddy on October 05, 2018, 05:48:00 pm
Or simply exclude all open source development related directories. Problem solved :-)
Nope. There's a lot of intentional "open source" that does fancy things like image manipulation (your area) that when compiled without thought renders your program a virus....Intentionally: they know noobs...

After a while that original source goes away, but these source codes keep creeping up. Damage done...
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: marcov on October 05, 2018, 05:54:16 pm
Or simply exclude all open source development related directories. Problem solved :-)
Nope. There's a lot of intentional "open source" that does fancy things like image manipulation (your area) that when compiled without thought renders your program a virus....Intentionally: they know noobs...

And you think these kind of antivirusses catch that. Ha! And note that your download dir is still searched (iow the binary snapshots in .zip format)

Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: Thaddy on October 05, 2018, 07:44:07 pm
Marco, these antivirusses use a windowed unpack. You know what that is.
Title: Re: BitDefender doesn't like Lazarus 2.0
Post by: RAW on October 05, 2018, 09:03:06 pm
The main problem isn't LAZARUS or FREE PASCAL...
The main problem is that in 2018 people still think Antivirus-Software is a good solution to get a secure OS.
What a shame ...  :)

In this world full of lies people need to start to challenge everything and of course in particular the use of AV-Software.
I know it won't happen any time soon...

BTW: Thanks, I didn't realize that there is something like LAZARUS 2.0 ...  :)