An important message to users of 40H utility tools

Discussion of anything and everything relating to chess playing software and machines.

Moderators: Harvey Williamson, bob, hgm

Forum rules
This textbox is used to restore diagrams posted with the [d] tag before the upgrade.
Post Reply
Norm Pollock
Posts: 1029
Joined: Thu Mar 09, 2006 3:15 pm
Location: Long Island, NY, USA
Contact:

An important message to users of 40H utility tools

Post by Norm Pollock » Sun Dec 13, 2015 3:37 am

Hi,

I was recently informed that the latest version of Avast anti-virus was turning up a warning/suspiciion about the 40H programs. This was NOT corroborated by AVG and many other A/V programs.

However I investigated it further and found out that a compacting program that I have been using (exe32pack.exe) for many years without prior incident, was the cause of the problem. I removed it, and recompiled all 80 programs. The new executables have all passed analysis by all the 50+ A/V programs on virustotal.com (an excellent site).

The download site is

http://www.hoflink.com/~npollock/chess.html

-Norm

Charly
Posts: 1064
Joined: Wed Jul 23, 2014 2:30 pm
Location: Bretagne
Contact:

Re: An important message to users of 40H utility tools

Post by Charly » Sun Dec 13, 2015 7:49 am

Hi,

Many thanks for your tools !

Avira anti virus was always warning me with the previous version of 40H and put all the files in quarantine. (this was still true few weeks ago).

Now I'm with Trend Micro internet security, and I downloaded the new version of 40H utility tools.

I launched a scan and no problem was detected with the new anti virus.

So, many thanks !
Brittany from the sky :
https://youtu.be/nR9eU_tVbxE

Ferdy
Posts: 4296
Joined: Sun Aug 10, 2008 1:15 pm
Location: Philippines

Re: An important message to users of 40H utility tools

Post by Ferdy » Sun Dec 13, 2015 1:01 pm

Thanks.
I can't access the link so far.

Norm Pollock
Posts: 1029
Joined: Thu Mar 09, 2006 3:15 pm
Location: Long Island, NY, USA
Contact:

Re: An important message to users of 40H utility tools

Post by Norm Pollock » Sun Dec 13, 2015 1:54 pm

Based on virustotal.com two days ago, only about 1 in 11 anti-virus programs consider "exe32pack.exe" to be a potential threat. It supposedly could be used to clandestinely hide a virus/malware. And as mentioned with Avira, Avast also puts threats into quarantine.

Check out virustotal.com . Every download should be analyzed there before use. If this incident teaches us one thing, it is that you should not just go by 1, 2 or 3 anti-virus programs, it is better to go by 50+.

The compacting program was used to compact each executable from 5M to 1M. When first used, hard drives had much smaller capacity so that was a factor. Now I'm assuming everyone has at least a 500G drive and file size is not an issue.

Ironically, the 5M executable loads and executes faster because the 1M had to also unpack itself before execution. Another irony is that the "7z" files used to download are 60% smaller even though the individual files are 500% bigger.

mar
Posts: 2195
Joined: Fri Nov 26, 2010 1:00 pm
Location: Czech Republic
Full name: Martin Sedlak

Re: An important message to users of 40H utility tools

Post by mar » Sun Dec 13, 2015 3:40 pm

Norm Pollock wrote:Based on virustotal.com two days ago, only about 1 in 11 anti-virus programs consider "exe32pack.exe" to be a potential threat. It supposedly could be used to clandestinely hide a virus/malware. And as mentioned with Avira, Avast also puts threats into quarantine.
This is the reason why I stopped using executable compressors a long time ago.
Unfortunately packers are very popular among idiots who write malware.

AV vendors have to maximize true positive/false positive ratio, they also need to scan fast, this is why I guess they detect by signature in this case.
Even when using heuristics it's impossible to emulate several layers of "protection" in time budget (you can't spend a minute scanning a single executable), also it's possible to fool emulators.
This is why it becomes more and more popular to use behavioral analysis as well which can bypass any such protection.
The drawback is that this dynamic analysis only triggers when you run the process and when it does something suspicious.

tttony
Posts: 263
Joined: Sat Apr 23, 2011 10:33 pm
Contact:

Re: An important message to users of 40H utility tools

Post by tttony » Sun Dec 13, 2015 5:08 pm

First time I read about exe32pack.exe, searching with google, I can't find the official website, also it seems an old program

If you want to use an excutable packer, I recommend UPX --> http://upx.sourceforge.net/ it's open source, I dont know if AV detect as virus but it does the job compressing the .exe files

Jesse Gersenson
Posts: 584
Joined: Sat Aug 20, 2011 7:43 am
Contact:

Re: An important message to users of 40H utility tools

Post by Jesse Gersenson » Mon Dec 14, 2015 9:05 pm

tttony wrote:First time I read about exe32pack.exe, searching with google, I can't find the official website, also it seems an old program

If you want to use an excutable packer, I recommend UPX --> http://upx.sourceforge.net/ it's open source, I dont know if AV detect as virus but it does the job compressing the .exe files
UPX also triggers anti-virus programs. Komodo was using upx during it's recent 9.3 release and a number of people wrote saying it caused their anti-virus program to reject the file.

Post Reply