Perhaps a bit overly sensitive?

  • Thread starter Hurricane Andrew
  • Start date
H

Hurricane Andrew

Well, install and first scan went fine. No issues other than what I would
consider "false positives." First, it picked up on RealVNC, which is hardly
a spyware app. Then, it spotted WinPcap. Sure, I guess both of these could
be used by someone maliciously if they were installed on a system already
compromised, but then again so can Internet Explorer itself.

Perhaps toning down the "sensitivity" and reducing the false positives would
be a nice step. I can imagine some novice and intermediate users removing
everything that is found and then wondering why so many of their apps don't
work.
 
A

Andrew Z Carpenter

Hurricane Andrew said:
Well, install and first scan went fine. No issues other than what I would
consider "false positives." First, it picked up on RealVNC, which is hardly a
spyware app. Then, it spotted WinPcap. Sure, I guess both of these could be
used by someone maliciously if they were installed on a system already
compromised, but then again so can Internet Explorer itself.

Perhaps toning down the "sensitivity" and reducing the false positives would be
a nice step. I can imagine some novice and intermediate users removing
everything that is found and then wondering why so many of their apps don't
work.
Click to expand...



The VNC server has in the past been installed by the action of viruses, and
would unlikely be used be a 'home' user.

Those who are advanced enough to have installed it themselves are more than
capable of ignoring the possible threat. Those who are unaware that it
could be a threat would be glad to have it removed.
 
A

andy

Hurricane Andrew said:
Well, install and first scan went fine. No issues other than what I would
consider "false positives." First, it picked up on RealVNC, which is
hardly a spyware app. Then, it spotted WinPcap. Sure, I guess both of
these could be used by someone maliciously if they were installed on a
system already compromised, but then again so can Internet Explorer
itself.

Perhaps toning down the "sensitivity" and reducing the false positives
would be a nice step. I can imagine some novice and intermediate users
removing everything that is found and then wondering why so many of their
apps don't work.
Click to expand...

I'd rather it picked up RealVNC, as it did on my test pc. There could be
other similar remote-access tools installed on my users' PCs I wasn't aware
of.

ISTR other anti-spyware software picking up on RealVNC as well.

Andy
 
H

Hurricane Andrew

Andrew Z Carpenter said:
The VNC server has in the past been installed by the action of viruses,
and
would unlikely be used be a 'home' user.

Those who are advanced enough to have installed it themselves are more
than
capable of ignoring the possible threat. Those who are unaware that it
could be a threat would be glad to have it removed.
Click to expand...

That does make some sense, but Symantec lists only 1 virus that tires to
install the vnchooks.dll, and 1 other that uses VNC (along with telnet, open
network shares, etc. to spread). I have to conceed it is possible for
RealVNC to be a security issue, but on my work PC, I only have the viewer
installed, not the server component. The viewer component is hardly the
security threat that the server portion *could* be. It also picked up all
the related VNC documentation, simply because it was in the folder with
RealVNC in the title.

My main point was simply that you can't go flagging legitimate programs
because they *could* be a security threat. If that were the case, then many
legitimate apps would be flagged on a regular basis. IE *could* be a
security threat. So could Adobe Reader. So could some versions of WinAmp,
Windows Media Player, Quicktime, etc.

If antispyware apps do their job, and spot adware, spyware, keyloggers,
dialers, etc. on a user's PC, then any threat posed by a legitimate app
would be neutralized, and there would be no concern over it. Even in the
descption for the threat posed by RealVNC and WinPCap it says that it's a
threat only IF there are other programs on the PC that could take advantage
of it.

Further, with the rapid growth in home networking, don't be surprised if VNC
becomes more and more common for home users. I certianly use it in my home
network. Then again, would I have done so if I hadn't first run accross it
at work? Who knows...
 
S

Steve N.

Hurricane said:
Well, install and first scan went fine. No issues other than what I would
consider "false positives." First, it picked up on RealVNC, which is hardly
a spyware app. Then, it spotted WinPcap. Sure, I guess both of these could
be used by someone maliciously if they were installed on a system already
compromised, but then again so can Internet Explorer itself.

Perhaps toning down the "sensitivity" and reducing the false positives would
be a nice step. I can imagine some novice and intermediate users removing
everything that is found and then wondering why so many of their apps don't
work.
Click to expand...

Yes, WinPcap and TightVNC were detected here, too, but if you check the
details on the detections it pretty clearly explains why and in my case
the default action was to ignore them both.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

16-bit console apps, priority and idle sensitivity 0
Improvements 4
Devastating Malware/Rootkit - Invincible 1
7/7 and 2/4 False Pos. incl. Spybot, LANguard, VNC 2
Frequently Asked Questions (FAQ) Jan 24 1
Windows XP Computer Restarting over and over again... 1
Analysis of a Malware Compromise - my first malware 3
recommended prescan saturation settings (Epson 4870)? 4

Top