Windows 10 defender don't like this short program

[D.J.Peters]

If I compile this code with latest fbc32.exe (gas) as 'readQSF.exe' Defender put it in quarantine I don't know why.

Joshy

Code: Select all

type QSFChunk
  as string*4 ID
  as ulong    Size
end type  

function readBE16(byref p as ubyte ptr,byref nBytes as uinteger) as ushort
  if nBytes<2 then
    print "error: readBE16() out of memory !"
    beep:sleep:end 1
  end if
  dim as ulong ret
  dim as ubyte ptr p8=cptr(ubyte ptr,@ret)
  for i as integer = 0 to 1
    p8[1-i]= p[i]
  next
  p+=2:nBytes-=2
  return ret
end function
function readBE32(byref p as ubyte ptr,byref nBytes as uinteger) as ulong
  if nBytes<4 then
    print "error: readBE32() out of memory !"
    beep:sleep:end 1
  end if
  dim as ulong ret
  dim as ubyte ptr p8=cptr(ubyte ptr,@ret)
  for i as integer = 0 to 3
    p8[3-i]= p[i]
  next
  p+=4:nBytes-=4
  return ret
end function  

function readChunkID(byref p as ubyte ptr,byref nBytes as uinteger) as string
  if nBytes<4 then
    print "error: readChunkID() out of memory !"
    beep:sleep:end 1
  end if
  dim as string ret
  for i as integer = 0 to 3
    ret &= chr(p[i])
  next
  p+=4:nBytes-=4
  return ret
end function 


function readChunk(byref p as ubyte ptr,byref nBytes as uinteger) as QSFChunk
  if nBytes<8 then
    print "error: readChunk() out of memory !"
    beep:sleep:end 1
  end if
  dim as QSFChunk ret
  ret.ID    = readChunkID(p,nBytes)
  ret.size = readBE32(p,nBytes)
  return ret
end function



'const fileName = "guitarra.QSF"
'const fileName = "SMPL000.QSF"
'const fileName = "SMPL001.QSF"
'const fileName = "SMPL002.QSF"
const fileName = "SMPLL002.QSL"

var hFile = FreeFile()
if open(fileName,for binary,access read,as hFile) then
  print "error: can't read: '" & fileName & "' !"
  beep:sleep:end 1
end if
dim as uinteger nBytes = lof(hFile)
print "file size: " & nBytes
dim as ubyte ptr fileBuffer=allocate(nBytes)
get #hFile,,*fileBuffer,nBytes
close hFile
dim as ushort U16
dim as ulong  U32

var p=fileBuffer 
var chunk = readChunk(p,nBytes)
print chunk.id,chunk.size,nBytes
U16=readBE16(p,nBytes)
print U16,hex(U16)
U16=readBE16(p,nBytes)
print U16,hex(U16)
U16=readBE16(p,nBytes)
print U16,hex(U16)

chunk = readChunk(p,nBytes)
print chunk.ID,chunk.Size,nBytes

U32=readBE32(p,nBytes)
print U32,hex(U32)

U32=readBE32(p,nBytes)
print U32,hex(U32)

print "done ..."
if fileBuffer then deallocate fileBuffer
sleep

[jj2007]

False positive, caused by crappy heuristic scanners. Upload it to Jotti or VirusTotal to see what other AV have to say.

[xbgtc]

I had the same problem with my code one day with AVG - found out that it didn't like a bunch of @ in a string :)

[Munair]

First thing I do after installing Windows (ages ago) is disabling Defender and built-in Firewall and replacing it with ones of my own choosing for precisely this reason of false positives. Long ago I also used AVG, when it was still a good product.

[marcov]

Same, but then without the replacing.

[Munair]

The only thing I actually replace is the firewall. I still use Outpost 9, which is very much outdated by now, but so is my Windows 10 and the firewall part of Outpost is still very effective. Since I'm behind a router with built-in firewall, the one I use on Windows is primarily to control outgoing traffic.

Last AV I installed was Kaspersky, but it also has become too eager to frequently scan all my drives.

I wouldn't be surprised if Windows 11 would reject outdated security software.

[aurelVZAB]

False positive, caused by crappy heuristic scanners. Upload it to Jotti or VirusTotal to see what other AV have to say.

yes and i tesed some FB (and o2 version written in FB) programs recently
if program don't use includes or dll.s then almost fine
BUT
when i use dll or include then scanners on Virus Total go crazy..

that is a some sort of discrimination ..they don't jump on for example qb64 programs

on my computer even updated Kaspersky jump for no reason,,,that sucks

[aurelVZAB]

In this case Kaspersky not react..on my computer.

[aurelVZAB]

Just one more tip guys..
i remove Kaspersky from my pc then restart ..all fine
but when i try to compile some programs some damn thing jumping called Real Time protect
then i see that i have ON damn thing in my taskbar called McAfee Real Protect
from where i get this ???
I recently download Stinger which is supposed to be Portable App ..yes it is
but he also instal this thing without my knowlege and slow down my PC
so i search and found it hidden in Program Files then i remove it manualy
such a crap... friendly advice remove McAfee

[badidea]

Just one more tip guys..

If you get your linux setup working, then no need for crappy virus-scanners anymore.

[jj2007]

If you get your linux setup working, then no need for crappy virus-scanners anymore.

Why that? Are virus writers not interested in Linux?

[paul doe]

If you get your linux setup working, then no need for crappy virus-scanners anymore.

Why that? Are virus writers not interested in Linux?

Of course not. Since nobody uses it on desktops, where viruses and malwares thrive, it is not an attractive market, neither for virus nor antivirus makers (which are two sides of the same coin).

[caseih]

Yeah market share is a common argument, but I don't think it's a particularly strong one, especially when malware makers do target linux because it has the dominant share in the cloud. The way software is typically distributed on Linux is somewhat hostile to malware writers (some argue it's hostile to users but I see that a feature), and with the Wayland display server's security model, it's getting harder to actually steal information from you. Linux distros are embracing technologies like sandboxing and security limitations even of root processes.

Sure sometimes the bad guys actually manage to mess with repos, and sometimes they manage to to bad things right at the lowest source code level, such as fake packages in pypi, npm, etc, but that's not a linux issue; that effects all developers on all platforms and is an issue deserving of discussion and debate.

As for AV, I've never used an antivirus on Mac either. Although there are occasionally drive-by vectors through a web browser for a local malware installation but not often. But in general, both Mac and Linux offer better security for end users for a number of reasons. On both Mac and Linux software installation often comes through curated, somewhat trusted sources which definitely helps.

Basically if you keep your OS up to date, use ad blocking and privacy badger in your browser, and don't download and install software from random web sites, you can be stay pretty safe even without antivirus software. Even on Windows I only ever run Windows Defender, never a third party AV, and never use those so-called security suites that mess with the browser. Maybe I'm not adventurous enough to really worry. I tend to visit the same few sites regularly, keep up to date, insist on ublock origin and privacy badger for all browsers, and I only ever install the same dozen or so programs I use from their official sources which I know. I don't install random games from any source, have never used a Windows app from the windows store before. On Android I never install random games. Just my core set of apps I rely on every day.

But of course several people on this forum speak of running Windows 7. Can still be kept safe, but it's increasingly hard to do so even if you follow best practices.

[UEZ]

Since I mostly use my work notebook for programming, I have unfortunately also been getting false positives from the AV scanner (McAfee) for some time.
For example, my Dwitter gfx samples, which are several hundred, were suddenly detected as Trojans and since I always backup regularly, the detection rates are twice as high.
It is difficult to explain to the security officer that these are just false positives. Since then I compile the gfx application only as x64 and delete the exe afterwards to prevent it from being detected as trojan later.
Apparently this is similar with other Basic-like programming languages. The other day I compiled something in Pure Basic and the exe was detected as a Trojan, too...

[marcov]

hostile to users but I see that a feature

Yeah, hostile to users is considered a feature on Linux it seems. ;-)