Viruses?

Ask your support questions in here

Moderator: Moderator Team

R
Posts: 2
Joined: Thu May 21, 2020 6:22 am

Viruses?

Post by R »

I am new to ReactOS. Downloaded 0.4.13, ran it through virustotal and saw 6 potential infections;
https://www.virustotal.com/gui/file/5bd ... /detection

I realized these may be false positives, so I downloaded the latest GCC release build I could find (end of April, ever since then the buildbot seems to be failing the GCC release builds), and scanned that one... 8 potential infections;
https://www.virustotal.com/gui/file/0eb ... /detection

Could anyone from the ReactOS team confirm that these are false positives? And to have the GCC builds fixed would be great too.

Btw, what is preferred, the GCC or the MSVC builds?
Last edited by R on Thu May 21, 2020 10:42 am, edited 1 time in total.

TMStreicher
Posts: 15
Joined: Mon Mar 16, 2020 4:04 am

Re: Viruses?

Post by TMStreicher »

Hello "R",

I can´t speak for the ReactOS team, but as you built ReactOS from the sources there hardly can be any infections -- assuming your build-machine is clean. So common sense clearly tells these must be false positives. I assume some scanners report malware, because some "Microsoft system files" don´t match known check-sums,
R wrote:
Thu May 21, 2020 6:25 am
And to have the GCC builds fix would be great too.
Hard to fix anything if nothing is broken. ;)

R
Posts: 2
Joined: Thu May 21, 2020 6:22 am

Re: Viruses?

Post by R »

Thank you. However;

1) The fact that one can build from source has nothing to do with whether there can be a virus in the code or not. It is completely and utterly unrelated. All it means that one can read the source themselves, but that is complex work, and even then, viruses can easily be hidden behind complex code. I will wait for the ReactOS team to speak.

2) There is most definitely something broken with GCC release builds. What makes you say there isn't? Check the daily builds and you will see what I mean. The last release (not debug!) build of a release level build was at the end of April, as stated.

I am an open source specialist.
Last edited by R on Thu May 21, 2020 10:42 am, edited 1 time in total.

User avatar
binarymaster
Posts: 375
Joined: Sun Nov 16, 2014 7:05 pm
Location: Russia, Moscow
Contact:

Re: Viruses?

Post by binarymaster »

R wrote:
Thu May 21, 2020 10:41 am
The fact that one can build from source has nothing to do with whether there can be a virus in the code or not.

I am an open source specialist.
So it's up to you to check the code.
R wrote:
Thu May 21, 2020 10:41 am
All it means that one can read the source themselves, but that is complex work, and even then, viruses can easily be hidden behind complex code. I will wait for the ReactOS team to speak.
I'm one of core team developers, I don't see a reason to hide viruses in the ReactOS source code.

Before doing any claims, perform the detailed analysis on your own, especially behavior analysis. Otherwise you are not a specialist. :|

User avatar
EmuandCo
Developer
Posts: 4439
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: Viruses?

Post by EmuandCo »

Whoever believes in virus scanner results is no specialist. One sentence, one answer. :P
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

hbelusca
Developer
Posts: 1176
Joined: Sat Dec 26, 2009 10:36 pm
Location: Zagreb, Croatia

Re: Viruses?

Post by hbelusca »

When the ISO is analysed by these scanners, usually you will get the list of the files (in the ISO) that the scanners think they contain a virus.
So you can then look at their source code in our repo, to see whether they contain weird-looking code.

karlexceed
Posts: 523
Joined: Thu Jan 10, 2013 6:17 pm
Contact:

Re: Viruses?

Post by karlexceed »

R wrote:
Thu May 21, 2020 10:41 am
viruses can easily be hidden behind complex code
Think about this for a second though; what would a virus hidden in an OS be infecting? The OS itself? To what end?
R wrote:
Thu May 21, 2020 10:41 am
The last release (not debug!) build of a release level build was at the end of April
I can't say why there hasn't been a release build since then (there have been some changes to the build process recently), but you are aware that a "release" build is basically just a slightly smaller, less useful version of a debug build, right? The only time a "release" build is really notable is when it's an official, version-numbered release.

hbelusca
Developer
Posts: 1176
Joined: Sat Dec 26, 2009 10:36 pm
Location: Zagreb, Croatia

Re: Viruses?

Post by hbelusca »

All ReactOS releases so far (available on sourceforge) are debug builds.

User avatar
EmuandCo
Developer
Posts: 4439
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: Viruses?

Post by EmuandCo »

Release builds are broken quite often and were broken very often in the past. Why? Simple. No one needs release aka NO debug builds in Alpha state. No one cares to test if they are broken as long as the debug ones work fine. When you use a release build and report a bug with them, help is quite hard to provide. In short: Use Debug builds

Btw... R, I wait for a explaination what makes you a 'specialist' in open source matters. Maybe you chose the wrong word as non native speaker or something. Otherwise I'd like to see your references + what makes you think a virus scanner is a omnipotent holy grail of malware detection.
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

middings
Posts: 1028
Joined: Tue May 07, 2013 9:18 pm
Location: California, USA

Re: Viruses?

Post by middings »

karlexceed wrote:
Thu May 21, 2020 4:20 pm
Think about this for a second though; what would a virus hidden in an OS be infecting? The OS itself? To what end?
Good point. As Raymond Chen of Microsoft would say, malicious code in the OS is already on the other side of the airtight hatchway so such code doesn't need a virus to smuggle it in.

R
Posts: 2
Joined: Thu May 21, 2020 6:22 am

Re: Viruses?

Post by R »

I know what release builds are. And, for one, they are faster and more optimized then debug builds which contain all debug instrumentation - whether that just be dev based asserts or debug symbols, but no matter what, the binaries will be bigger. Often debug builds also crash easier then release builds due to the debug assertions present (which are not there in optimized).

I have not as yet seen any satisfactory answer or guarantee in this thread. A fair number of statements just seem to be jesting at me instead of addressing the question - not a good first impression it would seem.

I was quite excited when I learned about ReactOS but my enthusiasm is lessening by the minute.
Last edited by R on Fri May 22, 2020 6:18 am, edited 1 time in total.

R
Posts: 2
Joined: Thu May 21, 2020 6:22 am

Re: Viruses?

Post by R »

Oh, and why would a virus in a OS... Do you not know about vbox and other VM env's breakout possibilities? Do you not know that you will be exposing your data to this OS...? It makes more sense for someone evil to build a malicious virus into an OS (if they can) then into an app.

I had no intention of running this as my main interface bur rather in vbox or qemu. But before I expose my data to this OS, I would like to be sure, and sorry but I do give some credit to virustotal reporting so many issues inc as a result of major scanner engines.
Last edited by R on Fri May 22, 2020 6:19 am, edited 2 times in total.

User avatar
EmuandCo
Developer
Posts: 4439
Joined: Sun Nov 28, 2004 7:52 pm
Location: Germany, Bavaria, Steinfeld
Contact:

Re: Viruses?

Post by EmuandCo »

Well, what reaction do you expect? You accuse us to willingly spread malware in our system to infect the testers! (In a system barely running stable for a few hours, so you call us stupid, too!) And you expect a friendly and polite answer? Don't make me laugh!
This is our baby and you call it infested with malware because some useless heutristics say so! You got your answer! Three long term core members said the same. No malware, no "viruses", no nothing except our code and the typical stupid false positives. If you wanna know more, use your expertise you still did not prove us to check the files it laments about! That's what open source means, you can read the code, you can get any information off it and you are free to use it for your ideas and projects.
As we don't do this in any commercial way, there won't be ANY guarantee for anything. If you tinker with it and your cat evaporates or accidentally transforms into 235-Uranium, it's your problem and not ours. We warn ppl to not use it on their main systems, we warn them of possible data loss and we call it alpha state. All for a reason! If you claim that we spread viruses, prove it. We say no and we share the code in public as proof. Your turn!

If you dislike trust so much, use a secondary PC for tests. Or even better, trust in open source as an expert you profess to be!

And don't you dare to claim that you don't accuse anyone for anything. Reread your posts and then you maybe will realize what you do.
ReactOS is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

User avatar
Fraizeraust
Posts: 233
Joined: Thu Jan 05, 2017 11:46 am
Location: Italy
Contact:

Re: Viruses?

Post by Fraizeraust »

R wrote:
Fri May 22, 2020 6:16 am
I would like to be sure, and sorry but I do give some credit to virustotal reporting so many issues inc as a result of major scanner engines.
Do you realize malware scanners can and DO bring false positives, right? Specifically the malware scanners that base upon malware signatures which aren't perfect and some that even check if certain DLL or executable files are signed by Microsoft, otherwise they are marked as untrusted.

As others have pointed out if you claim you're an open source specialist then go examine the ReactOS source code.

Jah-On
Posts: 22
Joined: Sun Dec 01, 2019 8:51 pm

Re: Viruses?

Post by Jah-On »

Once again, this will be a repeat, but the more the merryier. There is a reason why open source code tends to be more secure. It's because people can review all of the code to make sure people aren't adding new malicious code to the secure code. As already stated, because this is a legally reversed engineered Windows OS, there will be miss matches in between the two to prevent us from getting sued. These differences can be flag falsely as malicious because of slight differences and are obviously not signed by Microsoft.

I have a good test for you to try to prove your credibility. Install WINE on linux, and set the version to Windows XP/2003. Then run the virus scanner and what ever apps you were testing. You will either think we are correct, or all open source code is malicious.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests