Deutsch
English
There's one piece of news that has our staff gnarl like a pack of raging dogs. It's usually something along the lines of "Antivirus XY has detected a virus in our program YZ". If bad vibes could be turned into energy, we'd be able to power all of Germany! We know the story all too well. At the risk of ruining the punchline: I can assure you that these are always false alerts, we don't distribute malicious code. That doesn't stop antivirus software developers, malware scanners, operating systems or even browsers (!) from happily raising hell whenever one of our applications or applications from other developers are about to be run. To make it brief, there's a race going on, a race for trust - and millions of Dollars.
It all began so harmlessly. Bad girls and (mostly) boys wrote a couple of viruses, worms and other undesirable programs that were either a threat or just a nuisance. Good antivirus solutions had an extensive repertoire of signatures to compare these threats against and detected most of them. New threats always meant updated signatures and unless you were surfing dubious sites you were mostly in the clear as long as you had a decent antivirus program. These programs performed real time analysis, scanning files, memory and network traffic. For a while, everything was fine until the number of viruses steadily increased and variations were put out at a much faster pace.
Until then, every approach was based on an action-reaction scheme meaning that malware had to be known first before it could be detected. Whenever malicious code didn't match any of the signatures, threats went unnoticed and bad things happened. Since virus creators weren't stupid they quickly began modifying their code to hide it from antivirus programs and they did so with amazing perseverance and creativity. Soon, the Internet was flooded with malware that became a tough nut to crack for security suites. A highly lucrative market began to deteriorate and trust began to wane. That's when proactive procedures were designed to catch malicious code for which no signatures were available before it would become effective. Antivirus solution developers wanted to stay ahead in the competition.
Originally a good idea, there was a downside every police officer is familiar with: How do you recognize perpetrators unless you catch them in the act? Eventually, you'll try to guess from its behavior whether a file is malware. It's easy to see the problem with that approach when you keep the police officer in mind. This officer would have to preemptively arrest people whose behavior matches that of known criminals or who live in the same area. That's what proactive virus scanners try to do - with very mixed results. Using heuristics, behavior analysis and sandboxing, each program is carefully monitored and rated according to its potential threat level.
Not only does this help with virus detection but it also drives (Ashampoo) software developers to the edge of insanity thanks to false alerts. Lately, browsers, modern operating systems and various specialized malware scanners have joined the security game. Security sells and companies are trying to create an preserve trust, I can understand that. For us as a company, this means more false positives that we will have to report to the affected security software developer hoping that the issue will be fixed in a timely fashion. Every new software will be closely scrutinized because it doesn't have a good reputation yet. Surprisingly: Some security software developers allow you to buy a good reputation. For a handsome fee, your products will suddenly be deemed well known and highly trustworthy. Oh well.
Don't get me wrong, I do believe antivirus programs are necessary. Combined with smart users, that don't just happily click on everything, they can greatly improve computer security. Just don't trust them blindly whether it's a seemingly safe setup file or a (false) alert. If you're uncertain about files you downloaded from us, right-click the affected EXE file and select "Properties" from the appearing context menu. Then, click "Digital Signatures". If our signature is present the file was created by us and can be considered safe. I am honestly hoping antivirus software developers will continue to improve their proactive procedures to detect threats more reliably, for your sake and for ours.
what is heuristics...you explain everything so well ..please explain this
I’m happy to provide an explanation. Modern antivirus programs will execute commands of a questionable program in a virtual environment to simulate what would happen if the program were to be executed directly. The commands given by the suspicious program will then be analyzed and monitored for common malware behavior such as file replication or attempts at hiding a suspicious file. Results will be rated against a given threshold to determine the threat level. If a program’s rating lies beyond the threshold it will be deemed a threat and reported.
What constitutes common malware behavior is based on past experiences and may change over time which is one of the defining characteristics of a heuristic approach. A common heuristic approach you will be familiar with is “trial and error”.
I have a simple policy those who interfere with my privacy pay dearly as several companies already know and as do certain others as i hold the internet suppliers to these people liable it is amazing when a communications company is faced with a large bill which is payable by them for as long as the pests use there system suddenly pull the plug
Dear Mr Krumrey,
I don't expect you to print this opinion of mine but I thought to share it with you anyway. Perhaps you already know the adage about whatever Man or Woman can invent he/she can also reduce to outdated jiggerpokery this process has been going on for aeons. Many of the outbursts of new Knowledge and new practises that we have sometimes benefitted from over the last century were created by extremes of chaos which invariably sprang open Pandora's Box and then precipitately goes on to dispense to us willy-nilly with all manners of change.
An observation on Ashampoo and the name Oldenburg where your company is located. The name Oldenburg lso belonged to a learned man who taught Isaac Newton about Alchemy and Nature amongst other things. It is claimed by many that Oldenburg was The Last of The Magicians or Alchemists and Newton was The Very First Scientist but Newton also dabbled in all kinds of esoteric experimentation the majority of which we have lost all knowledge of.
No biggie. I’ll publish your opinion even though I don’t share it. :) I had to do some reading on Heinrich von Oldenburg since I never heard of him before. Quite interesting!
Dear Mr Krumrey,
An interesting paradox what with me sending you an opinion of why viruses and anti-viruses exist - and the claim by one of your readers that he has access to software which could eradicate all viruses and other malware regardless of it's basis.
I noted that you said that you yourself were willing to take a gander at this software but would it ever see the light of day. Ever seen the Film: The Man in The White Suit circa about 1955 with Alec Guinness as a scientist who invents a pure white suit which is virtually indestructible and never ever needs cleaning.
sincerely Stephen Round.
The DVD will be here on tuesday! And I really think we would release this kind of program. Worth a great annual bonus. :)
Solution is Simple: Initiate an online community dedicated to analyzing, developing, encouraging, supporting and promulgating Wholesome Standards of New Brilliant Human Character, into measureable behavior and Creative Species results. Your Name: "Ashampoo" is very indicative of the flush that's needed. You Can Do IT !!! Thanks, NJA
Really! :) We like the company name... " as clean as a shampoo"
THANK YOU FOR CARING FOR US DUMMIES .KEN
Dummies? That’s not the word I had in mind! You can’t expect everyone to know their way around computers and I frequently need to do a lot of research myself before I can write on a particular topic. Our goal is to create software for everyone, that includes computer beginners.
Unfortunately there is little interest in combatting virus's because there is too much money to be made from antivirus/malware program's. My brother has developed a means to eliminate viruses and malware but no one is interested. So we must continue to suffer.
We’re always interested in good software solutions. Feel free to contact us!
Perhaps Ashampoo software gets these false-positives because there's a fair amount of ad popups in it. Interesting about 'buying a reputation' it is easy to see why some programs are more expensive than others, not necessarily from a quality point of view. Reputations come and go. Quality of product is the strongest driver of sales. Ashampoo is certainly value for money, good useful and resilient software. Looking forward to it improving further, still the odd feature I wish for. When we see completeness in one piece of software we are likely to spend out on another from the same vendor. Keep it coming AShampoo.
We don’t encounter this issue any more frequently than other software developers but they don’t write blog articles about it. :)
"Gnarl like a dog." Hmm. Dogs snarl and growl. Gnarls are knotty growth areas on trees and the like. According to my dictionary, "gnarl" is a noun. Your simile seems to need a verb.
Hey, you are the one who mentioned the (grammar) police. :-)
Thanks. We’ll look into that. ^^
Thanks for an informative article. And no, I don't agree about the articles being to long to reach a point. It certainly helps us who aren't as tech savvy as some others to be able to follow the reasoning and then logic as to why and how to protect and combat our systems against malware. Thanks for not losing sight that your not just writing these articles for computer experts.
Good article. Usually the virus software will note suspicious behavior and inform you that it will block it within a period of time unless you give permission to allow it. The originating program is listed so you make an informed decision.
I would like to know which security software allows you to buy a good rating. I'd like to make sure I never depend on them to protect my computer. And, seriously, I would really appreciate it if you would post those product names in a response to this comment. (This is not a rhetorical request.)
I've already experienced the problem with Ashampoo products being flagged as containing malware, and you say that "smart" people will pick up on it and the rest of us will blindly follow the advice of the antivirus crew.
Some of us pay for our antivirus suites, and we rely upon them to inform us of problems.
After all, not everyone is going to spend time learning scripts or know exactly what virus signatures are all about.
In fact, I'd venture to say that a lot of people, from what I've seen, spend the majority of their time doing very simple tasks, such as emails, "Liking" things that others say or do, tweeting, Instagraming, using VoIP, Youtubing and the adventurous ones are using their computers for imaging, e.g. pictures or videos.
Now that you've mentioned that "all" we have to do is a convoluted search to find if it's harmless or malevolent, I'd imagine that script writers will end up using this knowledge to turn that against you.
(Here's where you roll your eyes and state that that's not possible, and maybe so, but that's the point, I don't know, and neither do the majority of folk).
If I'd misunderstood you, I apologize, but I'm currently sleep deprived and your article takes a long time to get to the point, somewhat like my reply.
Digital signatures are hard to forge and I am not revealing any closely guarded secrets to the bad guys here. :) I wish you a tight sleep!
I agree with what you say in the above script. The other problem is that the hackers/virus writers etc., do not come from one school of thought. In fact some might never have been to school! Ha! I think it has to be accepted that the perpertrators can come from any where in the world that has an internet connection. Some might be just jokers as they used to be years ago many others are after your life and your money. My approach-and I ain't no expert whatsoever- is to make a multi pronged attack. I have Anti-virus/firewall from one company, problem solving diagnostics from another and I also use WIN OPTIMIZER 12 of course. This way I am getting the benefits of many schools of thought. So far I am doing okay. You have to be prepared to take your computer security very seriously and hence budget for it. If someone steals 10 bucks from you then your loss is 10 bucks. If someone steals your ID they can ruin you for ever, people have had their bank accounts emptied and property sold from under them without them knowing about it.
Tread with caution people.
I get the message but please get to the point sooner. Long, drawn out articles, with bloat-size graphics, make me gnarl like a dog.