Some one was "bad mouthing" AutoIt

[gsb]

AutoIt uses a single compiler signature. If some one writes a virus with it *all programs written with it are detected as virii* because all programs written in AutoIt carry the same signature.

...and much else arguing against any use of AutoIt.

Any Thoughts? ..words to echo echo to this guy?

Me. I am too new and uninformed to intelligently discuss.

Heck, I struggle with my every script.

gsb

[xcal]

I don't know about the technicalities, but that sounds about right, no?

http://www.autoitscript.com/forum/index.php?showtopic=34658

Edited March 21, 2007 by xcal

[gsb]

Yep... oh well. Looks like I have to keep my mouth shut on this one.

Thanks for the "heads-up" there xcal.

gsb

[Helge]

Well, doesn't this say more about the antivirus-company than it says about AutoIt ?

Just because some 14 year old kid made some devilish scripts using AutoIt, they tag all the other people's scripts as dangerous

as well... And now some guy try to tell you that's AutoIt's fault ? So, the fault isn't on the actual person who made the "virus" or

even the antivirus- companies who were stupid enough to claim that all the other scripts were bad as well ? If that's their only

solution to stop the "evil" scripts, then why not just ignore it and let the happy-ignorant people continue to blindly download and

start every unknown file they come across, so that the rest of us can do our job...?

Snøft.

Edited March 21, 2007 by Helge

[theguy0000]

Well, doesn't this say more about the antivirus-company than it says about AutoIt ?

Just because some 14 year old kid made some devilish scripts using AutoIt, they tag all the other people's scripts as dangerous

as well... And now some guy try to tell you that's AutoIt's fault ? So, the fault isn't on the actual person who made the "virus" or

even the antivirus- companies who were stupid enough to claim that all the other scripts were bad as well ? If that's their only

solution to stop the "evil" scripts, then why not just ignore it and let the happy-ignorant people continue to blindly download and

start every unknown file they come across, so that the rest of us can do our job...?

Snøft.

agreed

[mrbond007]

You could say their Ignorance is painful

[SadBunny]

Well, don't blame it all on the AV producers (only in part). I know they are easy to bash, but please read my 2cts

Because really, no-one in AV companies like mine (Norman in my case) is 'blaming' AutoIt for anything at all. And it is ofcourse not a question of ignorance, it is a question of a delicate balance between definition release speed, definition release accuracy and data security. I will try to explain a bit from the AV developers point of view, hopefully this will increase your awareness of the eggshells we AV-people have to walk on to keep as many people satisfied as possible, AND to keep viruses away as much as possible... So note:

1 - there are hundreds if not thousands of new malware variants released DAILY, especially in those families with morphing malware. It is no longer realistic to expect AV companies like mine (Norman) to make all definitions by hand, like in the good old days. There are always people looking after the definitions, but with so many new viruses and virus variants, definitions need to be created automatically too.

2 - And while they are ofcourse tested against many often-used programs, file types, applications, system files, developing environments and related files, etc., it is ofcourse literally impossible to fully test new definitions (defs) for false positives (FP's) on all possible encounters and still release them only hours after the malware is released.

3 - Many, many, many malware uses UPX compression, reducing identifyable (is that good English?) executable code to more generic-looking executable code. Autoit executables are UPX-compressed too, by default (like the sticky topic explains). This means that especially general malware defs (= defs for a whole family of malware, especially for those families with self-morphing capabilities meaning thousands of new variants in just that family daily!) CAN trigger on autoit scripts too.

4 - Fixing FP's has high prio with all AV producers. Notify them (and if possible, provide an encrypted sample) and they will generally have it fixed by the time the next update comes out. At least we do!

To go short: while it is ofcourse a fact that AV producers use defs that CAN trigger on healthy code, meaning the AV program being the actor that kills healthy code in the end, this is only in part to blame to the AV producers, but mostly to blame to the virus writers who force the AV producers to take these drastic measures to keep up with their foul work, and to rely on general defs instead of old-fashioned specific defs (meaning that false positives will occur only more and more in the near future, since self-morphing malware families are experiencing increasing popularity).

My 2 cts.

Edited March 21, 2007 by SadBunny