Recent

Author Topic: dcpcrypt trojan report  (Read 1015 times)

Curt Carpenter

  • Hero Member
  • *****
  • Posts: 547
dcpcrypt trojan report
« on: October 11, 2024, 11:55:17 pm »
I've written a small program to encrypt and decrypt a .cvs file.  My Windows10 box using Windows Defender reports that my program contains a trojan WIN32/Beatoos.Almi.  Does anyone know if this is a real threat, or a false positive?  (I am using DCPrc4, DCPsha1 specifically),

TRon

  • Hero Member
  • *****
  • Posts: 3510
Re: dcpcrypt trojan report
« Reply #1 on: October 12, 2024, 12:38:11 am »
Yes, windows is definitely a threat for your code and healthy development  :D

There is a rule of thumb: if you remove your program does windows still complain ? if no , then did you write the code yourself ? And more importantly, do you trust yourself ?

Thus it all boils down to if you are capable of producing code that is a threat for windows.

For most people that answer is usually no.

But m$ likes to suggest otherwise because it makes people insecure and invest (time and money) in security measures that actually don't do a darn thing other then to make you sleep better at night. It is a bit like donating money each time you take a flight on a plane in order to compensate for your CO2 emission.
This tagline is powered by AI

Curt Carpenter

  • Hero Member
  • *****
  • Posts: 547
Re: dcpcrypt trojan report
« Reply #2 on: October 12, 2024, 01:45:25 am »
Yes, windows is definitely a threat for your code and healthy development  :D

Yes, I quit using windows at Win2000 and would have purged my system completely if my wife wasn't an adobe addict. 

Windows11 does not see the threat.

BeniBela

  • Hero Member
  • *****
  • Posts: 918
    • homepage
Re: dcpcrypt trojan report
« Reply #3 on: October 12, 2024, 02:08:36 am »
I invented my own hashing and crypto functions to prevent that

I wonder if it actually helps

TRon

  • Hero Member
  • *****
  • Posts: 3510
Re: dcpcrypt trojan report
« Reply #4 on: October 12, 2024, 03:12:19 am »
Yes, I quit using windows at Win2000 and would have purged my system completely if my wife wasn't an adobe addict. 
Good decision (but I am biased) and... isn't adobe running (completely) in the browser already ? I thought that was the buzz a couple of years ago.

Quote
Windows11 does not see the threat.
:facepalm:

Probably because of the better and improved .... (fill in the answer of your choice) as an excuse. Speaking of which, I wonder what excuse they do come up for this  :D (sorry for the off-topic)

But in basics these kind of things is usually due to a false positive and while you can report such things so that they can remove it I personally find that rather topsy-turvy (end-user engaging and wasting time fixing their $$$ product(s)). But wasting time fixing commercial products (for free) seems to be the norm these days.
This tagline is powered by AI

Curt Carpenter

  • Hero Member
  • *****
  • Posts: 547
Re: dcpcrypt trojan report
« Reply #5 on: October 12, 2024, 06:15:39 pm »
isn't adobe running (completely) in the browser already ? I thought that was the buzz a couple of years ago.
I don't know.  It's a subscription now rather than a purchase, but I've never used it myself.

Quote from: BeniBela link=topic=68883.msg533276#msg533276
date=1728691716
I invented my own hashing and crypto functions to prevent that
I wonder if it actually helps
I've thought about that.  I'm not trying to get around the possibility of an NSA investigation after all  :).  But wanted to check if there were any known problems with the dcpcrypt unit here.   Concensus seems to be that it's a false positive.


MarkMLl

  • Hero Member
  • *****
  • Posts: 7904
Re: dcpcrypt trojan report
« Reply #6 on: October 12, 2024, 06:33:37 pm »
Yes, I quit using windows at Win2000 and would have purged my system completely if my wife wasn't an adobe addict. 

Is that the stuff they make out of cactuses? :-)

I invented my own hashing and crypto functions to prevent that

I wonder if it actually helps

Brave man. I'll go so far as to experiment with reimplementing stuff particularly if there are test vectors, but the steganographic situation in the UK's already bad and I see that as a harbinger of how it will be globally in a few years.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Khrys

  • Full Member
  • ***
  • Posts: 102
Re: dcpcrypt trojan report
« Reply #7 on: October 14, 2024, 06:48:41 am »
I've written a small program to encrypt and decrypt a .cvs file.  My Windows10 box using Windows Defender reports that my program contains a trojan WIN32/Beatoos.Almi.  Does anyone know if this is a real threat, or a false positive?  (I am using DCPrc4, DCPsha1 specifically),

This detected "trojan" should be named Beatoos.A!ml. The  !ml  suffix indicates that the "threat" was identified using machine learning, which has a high false positive rate. It's an overly cautious annoyance, basically.

Curt Carpenter

  • Hero Member
  • *****
  • Posts: 547
Re: dcpcrypt trojan report
« Reply #8 on: October 14, 2024, 06:00:10 pm »
This detected "trojan" should be named Beatoos.A!ml. The  !ml  suffix indicates that the "threat" was identified using machine learning, which has a high false positive rate. It's an overly cautious annoyance, basically.

Yes sorry, I see the "!" now.  I did not know about the !ml meaning.  I appreciate the input. 

Thaddy

  • Hero Member
  • *****
  • Posts: 16018
  • Censorship about opinions does not belong here.
Re: dcpcrypt trojan report
« Reply #9 on: October 14, 2024, 06:22:31 pm »
A slightly more involved way is keep reporting the false positive as a false positive. Evetually the machine will learn.... (It helps!)
If I smell bad code it usually is bad code and that includes my own code.

af0815

  • Hero Member
  • *****
  • Posts: 1373
Re: dcpcrypt trojan report
« Reply #10 on: October 15, 2024, 03:16:13 pm »
If the issue is reported as positive false, it will accepted. You can have the same problem in windows if you bootstrap a new fpc from source too. Sometime the process is interrupted, because the new intermediate compiler is blocked/deleted/quarantined by defender.
regards
Andreas

wp

  • Hero Member
  • *****
  • Posts: 12412
Re: dcpcrypt trojan report
« Reply #11 on: October 15, 2024, 05:40:43 pm »
My Windows10 box using Windows Defender reports that my program contains a trojan WIN32/Beatoos.Almi.
In such a case, the first action is to go to https://www.virustotal.com/gui/home/upload and have the binary checked by all the virus scanners on that site (typically more than 60). If only a few scanners detect your file as being infected you can be rather sure that there was a false alarm.

Thaddy

  • Hero Member
  • *****
  • Posts: 16018
  • Censorship about opinions does not belong here.
Re: dcpcrypt trojan report
« Reply #12 on: October 15, 2024, 05:59:18 pm »
My Windows10 box using Windows Defender reports that my program contains a trojan WIN32/Beatoos.Almi.
IIf only a few scanners detect your file as being infected you can be rather sure that there was a false alarm.
Well, that is just as silly. Poppers falciification. ONE could be right while all others are sleeping.
Such things are much more complex.
But providing code+compiler toolchain usually helps. At least in the case of MS$.
If I smell bad code it usually is bad code and that includes my own code.

 

TinyPortal © 2005-2018