-
🏆 Texturing Contest #33 is OPEN! Contestants must re-texture a SD unit model found in-game (Warcraft 3 Classic), recreating the unit into a peaceful NPC version. 🔗Click here to enter!
-
It's time for the first HD Modeling Contest of 2024. Join the theme discussion for Hive's HD Modeling Contest #6! Click here to post your idea!
When faulty detection routines in Antivirus software lead to bans
- Status
- Joined
- Sep 24, 2005
- Messages
- 4,821
Doesn't make sense at all in the context of it being prophetic news. How is it prophetic?
- Joined
- Mar 21, 2016
- Messages
- 2,985
It means that in the future more bans might happen, because of false positives when some software (like for example, video games) is scanned by antivirus software.
While static analysis provides much information already, nothing compares to actually *running* the code itself, while capturing events in real-time with software like the ones by SysInternals or NirSoft (Process Explorer, Process Monitor, SmartSniff (with WinPcap)...). Because doing so can be a bit tedious, running the code in an online sandbox, like for example the one from Malwr.com (note: still offline atm), is something I personally suggest and recommend to the average user.
When it comes to signatures only, antivirus software is inefficient. Heuristics do not work that great overall imho. In fact, any method using any kind of "fuzzy logic" is imho flawed somewhere. For facts about the detection of zero-day exploits and other brand-new threats, I suggest visiting Dynamoo's blog. After some reading, one will realize that his/her antivirus is of no use against new threats, until said threats are discovered and properly analyzed by trained researchers.
About faulty detection routines, here is one of the weirdest cases that I personally experienced myself. One day, I was batch-compressing a huge quantity of video game data with 7-Zip, thanks to a third-party tool. I have to mention here that said game data was not designed to run on a PC. At one point, Avira detected malware and prompted for user action. What Avira detected as being malware was... the temporary file that was still being created by 7-Zip in order to build the final compressed archive. Crazy, huh? What was the probability for this to happen? One in a million?
Likewise, I am pretty sure I remember reading that one of the *installation* files in the CD/DVD-ROM(s) (?) of Söldner: Secret Wars used to be detected by some antivirus software as being malware (virus?), when the game was first released commercially back in 2004. Can someone please confirm this one?
While static analysis provides much information already, nothing compares to actually *running* the code itself, while capturing events in real-time with software like the ones by SysInternals or NirSoft (Process Explorer, Process Monitor, SmartSniff (with WinPcap)...). Because doing so can be a bit tedious, running the code in an online sandbox, like for example the one from Malwr.com (note: still offline atm), is something I personally suggest and recommend to the average user.
When it comes to signatures only, antivirus software is inefficient. Heuristics do not work that great overall imho. In fact, any method using any kind of "fuzzy logic" is imho flawed somewhere. For facts about the detection of zero-day exploits and other brand-new threats, I suggest visiting Dynamoo's blog. After some reading, one will realize that his/her antivirus is of no use against new threats, until said threats are discovered and properly analyzed by trained researchers.
About faulty detection routines, here is one of the weirdest cases that I personally experienced myself. One day, I was batch-compressing a huge quantity of video game data with 7-Zip, thanks to a third-party tool. I have to mention here that said game data was not designed to run on a PC. At one point, Avira detected malware and prompted for user action. What Avira detected as being malware was... the temporary file that was still being created by 7-Zip in order to build the final compressed archive. Crazy, huh? What was the probability for this to happen? One in a million?
Likewise, I am pretty sure I remember reading that one of the *installation* files in the CD/DVD-ROM(s) (?) of Söldner: Secret Wars used to be detected by some antivirus software as being malware (virus?), when the game was first released commercially back in 2004. Can someone please confirm this one?
Last edited:
Spell Reviewer
- Joined
- Jan 18, 2005
- Messages
- 27,192
Old news, very old news.
Back in the early days of World of Warcraft thousands of people were banned incorrectly for using an antivirus application. They quickly reversed the bans.
To prevent cheating they monitor what applications are running along with the game. Any which interact with the game are investigated. When they identify a hack they add it to a ban list and all users who were detected as using it are banned. Occasionally they accidently add a legitimate application to this ban list and everyone who uses it gets banned. They are quick to notice this mistake and fix it by reversing all the bans for that application, but not all the other bans for other applications.
Back in the early days of World of Warcraft thousands of people were banned incorrectly for using an antivirus application. They quickly reversed the bans.
To prevent cheating they monitor what applications are running along with the game. Any which interact with the game are investigated. When they identify a hack they add it to a ban list and all users who were detected as using it are banned. Occasionally they accidently add a legitimate application to this ban list and everyone who uses it gets banned. They are quick to notice this mistake and fix it by reversing all the bans for that application, but not all the other bans for other applications.
- Joined
- Mar 21, 2016
- Messages
- 2,985
Well, imho they are quick to notice such mistakes because people complain, probably sometimes with vehemence, in the Blizzard forums.
Historic recurrence - Wikipedia
History repeats itself...
Historic recurrence - Wikipedia
Last edited:
- Status