When faulty detection routines in Antivirus software lead to bans

Status
Not open for further replies.

pyf

pyf

Level 32
Joined
Mar 21, 2016
Messages
2,985
Is it old news? Is it new news? Is it prophetic news?
Is the post below about Diablo 2? About Warcraft 3? About any video game?
Does said post make any sense at all?
Is the one who wrote it a trusted source of information?
...
...
... you decide.

by: Mark Chandler

December 22[, 2017] (Edited)

Afternoon,

Our latest attempt to thwart the use of third party bots and hacks had some unintended repercussions; we encountered issues on Mac and with some anti-virus programs causing accounts and keys to be incorrectly flagged as violating terms of use.

To ensure that no one is unfairly banned we will be reversing the bans which should be completed this afternoon.

Sorry for the inconvenience and happy holidays,

Classic Games


Source
 
Level 22
Joined
Sep 24, 2005
Messages
4,821
Doesn't make sense at all in the context of it being prophetic news. How is it prophetic?
 

pyf

pyf

Level 32
Joined
Mar 21, 2016
Messages
2,985
It means that in the future more bans might happen, because of false positives when some software (like for example, video games) is scanned by antivirus software.


While static analysis provides much information already, nothing compares to actually *running* the code itself, while capturing events in real-time with software like the ones by SysInternals or NirSoft (Process Explorer, Process Monitor, SmartSniff (with WinPcap)...). Because doing so can be a bit tedious, running the code in an online sandbox, like for example the one from Malwr.com (note: still offline atm), is something I personally suggest and recommend to the average user.

When it comes to signatures only, antivirus software is inefficient. Heuristics do not work that great overall imho. In fact, any method using any kind of "fuzzy logic" is imho flawed somewhere. For facts about the detection of zero-day exploits and other brand-new threats, I suggest visiting Dynamoo's blog. After some reading, one will realize that his/her antivirus is of no use against new threats, until said threats are discovered and properly analyzed by trained researchers.


About faulty detection routines, here is one of the weirdest cases that I personally experienced myself. One day, I was batch-compressing a huge quantity of video game data with 7-Zip, thanks to a third-party tool. I have to mention here that said game data was not designed to run on a PC. At one point, Avira detected malware and prompted for user action. What Avira detected as being malware was... the temporary file that was still being created by 7-Zip in order to build the final compressed archive. Crazy, huh? What was the probability for this to happen? One in a million?

Likewise, I am pretty sure I remember reading that one of the *installation* files in the CD/DVD-ROM(s) (?) of Söldner: Secret Wars used to be detected by some antivirus software as being malware (virus?), when the game was first released commercially back in 2004. Can someone please confirm this one?
 
Last edited:

Dr Super Good

Spell Reviewer
Level 64
Joined
Jan 18, 2005
Messages
27,241
Old news, very old news.

Back in the early days of World of Warcraft thousands of people were banned incorrectly for using an antivirus application. They quickly reversed the bans.

To prevent cheating they monitor what applications are running along with the game. Any which interact with the game are investigated. When they identify a hack they add it to a ban list and all users who were detected as using it are banned. Occasionally they accidently add a legitimate application to this ban list and everyone who uses it gets banned. They are quick to notice this mistake and fix it by reversing all the bans for that application, but not all the other bans for other applications.
 

pyf

pyf

Level 32
Joined
Mar 21, 2016
Messages
2,985
Well, imho they are quick to notice such mistakes because people complain, probably sometimes with vehemence, in the Blizzard forums.

Old news, very old news.

Back in the early days of World of Warcraft thousands of people were banned incorrectly for using an antivirus application. They quickly reversed the bans. [...]
History repeats itself...

Historic recurrence - Wikipedia
 
Last edited:
Status
Not open for further replies.
Top