Viruses?
Moderator: Moderator Team
Viruses?
I am new to ReactOS. Downloaded 0.4.13, ran it through virustotal and saw 6 potential infections;
https://www.virustotal.com/gui/file/5bd ... /detection
I realized these may be false positives, so I downloaded the latest GCC release build I could find (end of April, ever since then the buildbot seems to be failing the GCC release builds), and scanned that one... 8 potential infections;
https://www.virustotal.com/gui/file/0eb ... /detection
Could anyone from the ReactOS team confirm that these are false positives? And to have the GCC builds fixed would be great too.
Btw, what is preferred, the GCC or the MSVC builds?
https://www.virustotal.com/gui/file/5bd ... /detection
I realized these may be false positives, so I downloaded the latest GCC release build I could find (end of April, ever since then the buildbot seems to be failing the GCC release builds), and scanned that one... 8 potential infections;
https://www.virustotal.com/gui/file/0eb ... /detection
Could anyone from the ReactOS team confirm that these are false positives? And to have the GCC builds fixed would be great too.
Btw, what is preferred, the GCC or the MSVC builds?
Last edited by R on Thu May 21, 2020 10:42 am, edited 1 time in total.
-
- Posts: 15
- Joined: Mon Mar 16, 2020 4:04 am
Re: Viruses?
Hello "R",
I can´t speak for the ReactOS team, but as you built ReactOS from the sources there hardly can be any infections -- assuming your build-machine is clean. So common sense clearly tells these must be false positives. I assume some scanners report malware, because some "Microsoft system files" don´t match known check-sums,
I can´t speak for the ReactOS team, but as you built ReactOS from the sources there hardly can be any infections -- assuming your build-machine is clean. So common sense clearly tells these must be false positives. I assume some scanners report malware, because some "Microsoft system files" don´t match known check-sums,
Hard to fix anything if nothing is broken.
Re: Viruses?
Thank you. However;
1) The fact that one can build from source has nothing to do with whether there can be a virus in the code or not. It is completely and utterly unrelated. All it means that one can read the source themselves, but that is complex work, and even then, viruses can easily be hidden behind complex code. I will wait for the ReactOS team to speak.
2) There is most definitely something broken with GCC release builds. What makes you say there isn't? Check the daily builds and you will see what I mean. The last release (not debug!) build of a release level build was at the end of April, as stated.
I am an open source specialist.
1) The fact that one can build from source has nothing to do with whether there can be a virus in the code or not. It is completely and utterly unrelated. All it means that one can read the source themselves, but that is complex work, and even then, viruses can easily be hidden behind complex code. I will wait for the ReactOS team to speak.
2) There is most definitely something broken with GCC release builds. What makes you say there isn't? Check the daily builds and you will see what I mean. The last release (not debug!) build of a release level build was at the end of April, as stated.
I am an open source specialist.
Last edited by R on Thu May 21, 2020 10:42 am, edited 1 time in total.
- binarymaster
- Posts: 481
- Joined: Sun Nov 16, 2014 7:05 pm
- Location: Russia, Moscow
- Contact:
Re: Viruses?
So it's up to you to check the code.
I'm one of core team developers, I don't see a reason to hide viruses in the ReactOS source code.
Before doing any claims, perform the detailed analysis on your own, especially behavior analysis. Otherwise you are not a specialist.
by Stas'M | https://github.com/binarymaster
- EmuandCo
- Developer
- Posts: 4730
- Joined: Sun Nov 28, 2004 7:52 pm
- Location: Germany, Bavaria, Steinfeld
- Contact:
Re: Viruses?
Whoever believes in virus scanner results is no specialist. One sentence, one answer.
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
If my post/reply offends or insults you, be sure that you know what sarcasm is...
If my post/reply offends or insults you, be sure that you know what sarcasm is...
Re: Viruses?
When the ISO is analysed by these scanners, usually you will get the list of the files (in the ISO) that the scanners think they contain a virus.
So you can then look at their source code in our repo, to see whether they contain weird-looking code.
So you can then look at their source code in our repo, to see whether they contain weird-looking code.
-
- Posts: 531
- Joined: Thu Jan 10, 2013 6:17 pm
- Contact:
Re: Viruses?
Think about this for a second though; what would a virus hidden in an OS be infecting? The OS itself? To what end?
I can't say why there hasn't been a release build since then (there have been some changes to the build process recently), but you are aware that a "release" build is basically just a slightly smaller, less useful version of a debug build, right? The only time a "release" build is really notable is when it's an official, version-numbered release.
Re: Viruses?
All ReactOS releases so far (available on sourceforge) are debug builds.
- EmuandCo
- Developer
- Posts: 4730
- Joined: Sun Nov 28, 2004 7:52 pm
- Location: Germany, Bavaria, Steinfeld
- Contact:
Re: Viruses?
Release builds are broken quite often and were broken very often in the past. Why? Simple. No one needs release aka NO debug builds in Alpha state. No one cares to test if they are broken as long as the debug ones work fine. When you use a release build and report a bug with them, help is quite hard to provide. In short: Use Debug builds
Btw... R, I wait for a explaination what makes you a 'specialist' in open source matters. Maybe you chose the wrong word as non native speaker or something. Otherwise I'd like to see your references + what makes you think a virus scanner is a omnipotent holy grail of malware detection.
Btw... R, I wait for a explaination what makes you a 'specialist' in open source matters. Maybe you chose the wrong word as non native speaker or something. Otherwise I'd like to see your references + what makes you think a virus scanner is a omnipotent holy grail of malware detection.
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
If my post/reply offends or insults you, be sure that you know what sarcasm is...
If my post/reply offends or insults you, be sure that you know what sarcasm is...
Re: Viruses?
Good point. As Raymond Chen of Microsoft would say, malicious code in the OS is already on the other side of the airtight hatchway so such code doesn't need a virus to smuggle it in.karlexceed wrote: ↑Thu May 21, 2020 4:20 pmThink about this for a second though; what would a virus hidden in an OS be infecting? The OS itself? To what end?
Re: Viruses?
I know what release builds are. And, for one, they are faster and more optimized then debug builds which contain all debug instrumentation - whether that just be dev based asserts or debug symbols, but no matter what, the binaries will be bigger. Often debug builds also crash easier then release builds due to the debug assertions present (which are not there in optimized).
I have not as yet seen any satisfactory answer or guarantee in this thread. A fair number of statements just seem to be jesting at me instead of addressing the question - not a good first impression it would seem.
I was quite excited when I learned about ReactOS but my enthusiasm is lessening by the minute.
I have not as yet seen any satisfactory answer or guarantee in this thread. A fair number of statements just seem to be jesting at me instead of addressing the question - not a good first impression it would seem.
I was quite excited when I learned about ReactOS but my enthusiasm is lessening by the minute.
Last edited by R on Fri May 22, 2020 6:18 am, edited 1 time in total.
Re: Viruses?
Oh, and why would a virus in a OS... Do you not know about vbox and other VM env's breakout possibilities? Do you not know that you will be exposing your data to this OS...? It makes more sense for someone evil to build a malicious virus into an OS (if they can) then into an app.
I had no intention of running this as my main interface bur rather in vbox or qemu. But before I expose my data to this OS, I would like to be sure, and sorry but I do give some credit to virustotal reporting so many issues inc as a result of major scanner engines.
I had no intention of running this as my main interface bur rather in vbox or qemu. But before I expose my data to this OS, I would like to be sure, and sorry but I do give some credit to virustotal reporting so many issues inc as a result of major scanner engines.
Last edited by R on Fri May 22, 2020 6:19 am, edited 2 times in total.
- EmuandCo
- Developer
- Posts: 4730
- Joined: Sun Nov 28, 2004 7:52 pm
- Location: Germany, Bavaria, Steinfeld
- Contact:
Re: Viruses?
Well, what reaction do you expect? You accuse us to willingly spread malware in our system to infect the testers! (In a system barely running stable for a few hours, so you call us stupid, too!) And you expect a friendly and polite answer? Don't make me laugh!
This is our baby and you call it infested with malware because some useless heutristics say so! You got your answer! Three long term core members said the same. No malware, no "viruses", no nothing except our code and the typical stupid false positives. If you wanna know more, use your expertise you still did not prove us to check the files it laments about! That's what open source means, you can read the code, you can get any information off it and you are free to use it for your ideas and projects.
As we don't do this in any commercial way, there won't be ANY guarantee for anything. If you tinker with it and your cat evaporates or accidentally transforms into 235-Uranium, it's your problem and not ours. We warn ppl to not use it on their main systems, we warn them of possible data loss and we call it alpha state. All for a reason! If you claim that we spread viruses, prove it. We say no and we share the code in public as proof. Your turn!
If you dislike trust so much, use a secondary PC for tests. Or even better, trust in open source as an expert you profess to be!
And don't you dare to claim that you don't accuse anyone for anything. Reread your posts and then you maybe will realize what you do.
This is our baby and you call it infested with malware because some useless heutristics say so! You got your answer! Three long term core members said the same. No malware, no "viruses", no nothing except our code and the typical stupid false positives. If you wanna know more, use your expertise you still did not prove us to check the files it laments about! That's what open source means, you can read the code, you can get any information off it and you are free to use it for your ideas and projects.
As we don't do this in any commercial way, there won't be ANY guarantee for anything. If you tinker with it and your cat evaporates or accidentally transforms into 235-Uranium, it's your problem and not ours. We warn ppl to not use it on their main systems, we warn them of possible data loss and we call it alpha state. All for a reason! If you claim that we spread viruses, prove it. We say no and we share the code in public as proof. Your turn!
If you dislike trust so much, use a secondary PC for tests. Or even better, trust in open source as an expert you profess to be!
And don't you dare to claim that you don't accuse anyone for anything. Reread your posts and then you maybe will realize what you do.
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
If my post/reply offends or insults you, be sure that you know what sarcasm is...
If my post/reply offends or insults you, be sure that you know what sarcasm is...
- Fraizeraust
- Posts: 234
- Joined: Thu Jan 05, 2017 11:46 am
- Location: Italy
- Contact:
Re: Viruses?
Do you realize malware scanners can and DO bring false positives, right? Specifically the malware scanners that base upon malware signatures which aren't perfect and some that even check if certain DLL or executable files are signed by Microsoft, otherwise they are marked as untrusted.
As others have pointed out if you claim you're an open source specialist then go examine the ReactOS source code.
a.k.a. GeoB99 -- ReactOS Kernel developer -- My Wiki page
Re: Viruses?
Once again, this will be a repeat, but the more the merryier. There is a reason why open source code tends to be more secure. It's because people can review all of the code to make sure people aren't adding new malicious code to the secure code. As already stated, because this is a legally reversed engineered Windows OS, there will be miss matches in between the two to prevent us from getting sued. These differences can be flag falsely as malicious because of slight differences and are obviously not signed by Microsoft.
I have a good test for you to try to prove your credibility. Install WINE on linux, and set the version to Windows XP/2003. Then run the virus scanner and what ever apps you were testing. You will either think we are correct, or all open source code is malicious.
I have a good test for you to try to prove your credibility. Install WINE on linux, and set the version to Windows XP/2003. Then run the virus scanner and what ever apps you were testing. You will either think we are correct, or all open source code is malicious.
Who is online
Users browsing this forum: No registered users and 21 guests