[Invalid] virus iniside old versions
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
[Invalid] virus iniside old versions
Hello,
i tried to download old portable palemoon versions but all of them has got a virus inside named BACKDOOR etc....
I scanned them with http://www.virustotal.com
So could you tell me which old portable versions has no virus inside ?
Bye.
i tried to download old portable palemoon versions but all of them has got a virus inside named BACKDOOR etc....
I scanned them with http://www.virustotal.com
So could you tell me which old portable versions has no virus inside ?
Bye.
Last edited by Moonchild on 2013-11-29, 10:17, edited 1 time in total.
Reason: Marked invalid.
Reason: Marked invalid.
Re: virus iniside old versions
None of the available binaries have viruses.
Antivirus programs are suspicious of Pale Moon, especially the portables because they are "packed executables", because it is a non-mainstream program that by design has a main function to connect to the internet.
This will sometimes trigger so-called false positives: It will flag Pale Moon as a "backdoor" or "trojan" but usually some "generic" kind because it sees what Pale Moon does (by design) but it doesn't match a known piece of malware (see this section). Many releases of Pale Moon trigger these kinds of false positives in 1 or 2 antivirus packages out there because of overzealous or broken heuristics engines.
Antivirus programs are suspicious of Pale Moon, especially the portables because they are "packed executables", because it is a non-mainstream program that by design has a main function to connect to the internet.
This will sometimes trigger so-called false positives: It will flag Pale Moon as a "backdoor" or "trojan" but usually some "generic" kind because it sees what Pale Moon does (by design) but it doesn't match a known piece of malware (see this section). Many releases of Pale Moon trigger these kinds of false positives in 1 or 2 antivirus packages out there because of overzealous or broken heuristics engines.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: virus iniside old versions
excuse me but i am scared to catch a virus like www.virustotal.com warned me.....
Re: virus iniside old versions
You're free to believe me or not.
Virustotal only passes what you give it to a large array of different virus scanners, and relies on how good or bad those individual scanners are to give you a result. A "1 or 2" positive hits doesn't mean "it's infected". this is also why part of virustotal is a community effort to have people comment and rate the software after verification. False positives happen often. As I explained.
Virustotal only passes what you give it to a large array of different virus scanners, and relies on how good or bad those individual scanners are to give you a result. A "1 or 2" positive hits doesn't mean "it's infected". this is also why part of virustotal is a community effort to have people comment and rate the software after verification. False positives happen often. As I explained.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: virus iniside old versions
So why virustotal tells me other palemoon versions have no virus inside ??????
- Night Wing
- Knows the dark side
- Posts: 5170
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: virus iniside old versions
Maybe because VirusTotal is owned by Google and Google wants people to use it's own Google Chrome browser. Google bought VirusTotal in 2012.pierini1 wrote:So why virustotal tells me other palemoon versions have no virus inside ??????
http://www.pcworld.com/article/262047/g ... total.html
Since Pale Moon isn't recognized as a major browser (Internet Explorer, Firefox, Chrome, Safari, Opera) by the likes of Norton, McAfee, Comodo, Google, etc; it's susceptible to being classified as a false positive for malware during the installation by these companies. Anything that Google can do to steer people away from other competing browsers, Google will do it.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: virus iniside old versions
Please keep conspiracy theories out of this thread, Night Wing.
The reason is simple: AV programs will (try to) examine what a program does, depending on the way this is done and which things contribute to an internal "score" in the scanner, it may flag a binary as "infected" while it is not. Since a large portion of virus scanning is done with "pattern matching", i.e.: looking for certain patterns/sequences of bytes in a binary (called signatures), there is an element of chance there: Some builds of Pale Moon may look very close to a known signature, while others do not. If you want to know more about this, I suggest you do a search on the web with some relevant keywords about false positives. There should be plenty of documents out there explaining how it works.
As far as the "big players" go: Most AV suites get binaries sent to them of Firefox, Chrome, etc. to be put on a "whitelist", meaning an AV scanner, even if it would normally hit a false positive, will make exceptions for anything on that list (ignoring the red flag and saying it's clean). I just don't have the time to send samples to every AV out there to have them "ignore" it, if they even support it for non-mainstream software to begin with... Also, it would require me to delay my publishing because the AV companies will have to process and then push out signature updates before Pale Moon is published. I'm not going to do that.
The reason is simple: AV programs will (try to) examine what a program does, depending on the way this is done and which things contribute to an internal "score" in the scanner, it may flag a binary as "infected" while it is not. Since a large portion of virus scanning is done with "pattern matching", i.e.: looking for certain patterns/sequences of bytes in a binary (called signatures), there is an element of chance there: Some builds of Pale Moon may look very close to a known signature, while others do not. If you want to know more about this, I suggest you do a search on the web with some relevant keywords about false positives. There should be plenty of documents out there explaining how it works.
As far as the "big players" go: Most AV suites get binaries sent to them of Firefox, Chrome, etc. to be put on a "whitelist", meaning an AV scanner, even if it would normally hit a false positive, will make exceptions for anything on that list (ignoring the red flag and saying it's clean). I just don't have the time to send samples to every AV out there to have them "ignore" it, if they even support it for non-mainstream software to begin with... Also, it would require me to delay my publishing because the AV companies will have to process and then push out signature updates before Pale Moon is published. I'm not going to do that.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: virus iniside old versions
@pierini: can you please supply virustotal report URLs of alleged infected Pale Moon versions? That way I can get this out of the way immediately.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: virus iniside old versions
yes, so first of all i downloaded portable palemoon version 8.0.exe from here:
http://arcmirror.palemoon.org/store/8.x/Portable/
most exactly from here:
http://arcmirror.palemoon.org/store/8.x ... le-8.0.exe
and after virustotal scan i got this result:
antivirus = Kingsoft
result = Win32.Troj.Generic.(kcloud)
and virustotal scan report is here:
https://www.virustotal.com/en/file/5d98 ... 384547489/
http://arcmirror.palemoon.org/store/8.x/Portable/
most exactly from here:
http://arcmirror.palemoon.org/store/8.x ... le-8.0.exe
and after virustotal scan i got this result:
antivirus = Kingsoft
result = Win32.Troj.Generic.(kcloud)
and virustotal scan report is here:
https://www.virustotal.com/en/file/5d98 ... 384547489/
Re: virus iniside old versions
Virustotal: " Probably harmless! There are strong indicators suggesting that this file is safe to use. "
Also, getting a single hit in one (non-mainstream) AV on a "generic trojan" does not mean it's infected and is well within the realm of false positives. See my explanation above.
Also, getting a single hit in one (non-mainstream) AV on a "generic trojan" does not mean it's infected and is well within the realm of false positives. See my explanation above.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: virus iniside old versions
Every time I try to install Pale Moon it is automatically removed by Norton Internet Security, which seems to think Pale Moon is some sort of malware. Can anyone tell me how to prevent Norton from doing this?
- Night Wing
- Knows the dark side
- Posts: 5170
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: virus iniside old versions
Norton has had this problem with Pale Moon starting with version 4.0 when I found Pale Moon. Norton will never learn since it always classifies Pale Moon as a "heuristic virus". So, I kicked Norton to the curb and went with Avast and no more problems with Pale Moon.
Two bonuses too. You pay for Norton and I don't think Norton is any good since the computer shop where I help out at (volunteer), many HP and Dell computers come with viruses and malware with Norton and McAfee installed on them. In my opinion, Norton is a waste of good hard earned money.
One of the versions of Avast is a free version and I've never had a virus or had malware installed on my computer while using Avast. Since the free version of Avast does not contain a firewall, I use the free Comodo Firewall and these two security programs work beautifully with one another.
As for Norton, I think you'll just have to wait till more complaints come in from other users for Norton to send out another update to allow Pale Moon to install on your computer.
Two bonuses too. You pay for Norton and I don't think Norton is any good since the computer shop where I help out at (volunteer), many HP and Dell computers come with viruses and malware with Norton and McAfee installed on them. In my opinion, Norton is a waste of good hard earned money.
One of the versions of Avast is a free version and I've never had a virus or had malware installed on my computer while using Avast. Since the free version of Avast does not contain a firewall, I use the free Comodo Firewall and these two security programs work beautifully with one another.
As for Norton, I think you'll just have to wait till more complaints come in from other users for Norton to send out another update to allow Pale Moon to install on your computer.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: virus iniside old versions
Thanks for your comments, Night Wing. Until now I've been pretty happy with Norton and my subscription doesn't run out for another 9 months or so. When it does I may look at Avast. In the meantime I will contact Norton and ask for their guidance on how to ensure that the program treats Pale Moon with the respect it deserves rather than as a nasty bit of malware!
- Night Wing
- Knows the dark side
- Posts: 5170
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: virus iniside old versions
Everytime Pale Moon updates to a newer version, Norton does not update their definitions and Pale Moon will once again be classified as a "heuristic virus". Pale Moon is not a major browser in Symantec eyes and this is the main problem with Norton.
There have been 20 new updates (at least) since version 4.0 Pale Moon since Pale Moon is now on version 24 and this is why I said, Norton.....NEVER LEARNS.
There have been 20 new updates (at least) since version 4.0 Pale Moon since Pale Moon is now on version 24 and this is why I said, Norton.....NEVER LEARNS.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: virus iniside old versions
To be fair to Symantec, I've just had a very useful online chat and remote help session with a Norton support guy and he has fixed the problem for me. Maybe Pale Moon might even make it onto Norton's list of approved programs!
Re: virus iniside old versions
@Wintings: Surprised to hear Norton NIS was automatically removing Pale Moon. I run NIS 2013 (latest version 21.1.0.18) on one machine and even testing numerous Pale Moon Beta versions has caused very few problems. Occasionally Norton blocks a new Pale Moon version from accessing the internet which is an easy fix in Norton NIS via: Settings > Network tab > Smart Firewall > Program Rules > select "Allow" for all Pale Moon's entries.
Recently Norton NIS did remove another completely "legit" programme - Norton Support's "Restoring an item from the Quarantine" article fixed this.
Recently Norton NIS did remove another completely "legit" programme - Norton Support's "Restoring an item from the Quarantine" article fixed this.
Re: virus iniside old versions
Thanks for the tip on ensuring Pale moon can always access the internet, Blacklab. I too am running the latest version of NIS, so why yours likes Pale Moon and mine doesn't is a mystery! Anyway, as I said, thanks to a helpful support guy, all now seems to be fixed.