views:

55

answers:

3

I am setting myself up with FlashDevelop, and i went to download and install HaXe (which is the language i want to use) from this page (the windows installer), when my Windows Security Essentials said that Lineage.gen got stuck in my win32 directory from the downloaded installer (i didn't even run it yet). Did i download from the wrong site? Is it a false positive?

+3  A: 

From the front page of the official site:

It seems that the Windows Installer is reported as infected by some antivirus software. This is a false report and you can safely run the program on your system: if it happens, please contact the antivirus' vendor so they can fix the issue as soon as possible.

This isn't that unusual. Unfortunately, there's no way to be 100% sure it's safe. The site could have been hacked by a criminal cartel - but it seems unlikely to be the case. If you're worried, try to find someone else who has downloaded it recently to vouch for it.

Rushyo
A: 

Post the file to http://www.virustotal.com/ to have it checked. You'll see the results of multiple virus detection engines.

Adrian Grigore
Which might well just trigger the same false positive... or incorrectly report it as safe. Establishing trust is more reliable.
Rushyo
Interesting service, thanks for posting it; they're analyzing it right now.
RCIX
@Rushyo: they seem to test with a variety of virus scanners; here's the report: http://www.virustotal.com/file-scan/report.html?id=762bd3cfa93df48c1af9888262b74426be51006cd918bb3354e9aca5cf43ea4c-1283336712
RCIX
@RCIX Yup. And how does that help? The false positive is the problem, so more false positives aren't likely to be the solution.
Rushyo
@Rushyo: True, but it's interesting that only 20% of virus scanners report a problem and of those reporting a problem pretty much none report the same one.
RCIX
They all have different definitions for the same thing. Most of those are just 'generic trojan'. They don't use the same names for the same thing.
Rushyo
@Rushyo: ah, thanks.
RCIX
@Rushyo: It does help in some cases. It certainly has helped me in the past. If only one or two of 43 were reporting a virus, it would be pretty obvious that it must be a false positive.
Adrian Grigore
@Adrian Or those virus scanners are using certain heuristics and the others aren't, so they're detecting a virus that is fresh in the wild. A 'fresh' virus might easily be detected by one or two virus scanners but no others - especially specialised heuristic scanners. This is to be expected for a brand new, real virus. Virus scanners are a line of defence when all higher security methodology has failed, they aren't designed as a metric - relying on their results as a metric is basically rolling a die on your system's security.
Rushyo
@Rushyo: I know about heuristics in virus scanners. They are useful, but also the most common cause for false positives. Which is why I would ignore the warning if only one of 43 scanners was to report a false positive, especially if the content comes from an apparently trustworthy source.
Adrian Grigore
The point is a brand new real virus will be caught by the specialised heuristic scanners and not by the rest of them! So as a metric it is entirely useless. If it's a real virus, you'll get that result. If it's a false positive, you'll get the same result! It adds nothing except a false sense of security in your decision making process and, thus, should not be used.
Rushyo
If you trust the source then trust it on its actual merits, not because a flawed metric backed up your assumptions. That will only reinforce and amplify any flaws in your earlier security process (eg. your decision to trust it or not based on other factors).
Rushyo
@Rushyo: O my... looks like someone has a bad day... The algorithm I am following here is the most common approach to dealing with uncertain information. You get enough information from different sources and build an average. No need to start a flame war for that.
Adrian Grigore
Great. Your logic is flawed so you resort to an Ad Hominem. Ignoring that... Simple immutable fact: You cannot 'average' the information in that manner. Instead you are compounding any errors in judgement. Whilst I understand your approach may be common (or may not be, as you are asserting that without any evidence) it is not good security practice. It is, in fact, a very bad idea, for the reasons I have outlined in simple logical terms (I hope). Perhaps somebody will find what I wrote more useful than you. It's your data, I guess. For the record, I'm having a lovely day =)
Rushyo
@Rushyo: Ad Hominem? Ad Incendiarum would be more appropriate. Anyway, if averaging ratings is so bad, why are really big internet sites like Amazon or Ebay doing this?
Adrian Grigore
Apples and oranges...
Rushyo
Ok, now it's lunch I'll elaborate on that. I did not state 'averaging' was bad. I stated that in the given context it is impossible. You cannot perform an operation to take multiple data sets holding information regarding probability using conventional mathematics. Something like Bayesian methods would be required. If you use naive maths to address them, you will end up with spurious, meaningless results.
Rushyo
In essence, you're not a statistician (at least, your responses lead me to assume you're not) thus, attempting to perform statistical analysis is going to lead you to false conclusions. The origins of the field of statistics, indeed, was founded upon Pascal's probability theory. Humans unfamiliar with statistical theory are crap at probability, that's why it was invented. There's another field based upon this: Gambling. They get very rich from it.
Rushyo
Also, posted a note on your most recent blog post - Fx does indeed have the capabilities you said it didn't, you were just using a made-up HTML element. Please don't cry 'bug' about software unless you know it's broken. Extraordinary claims (ie. claiming Mozilla contributors don't know what we're doing) requires similarly extraordinarily good evidence. If you don't have that, it's usually safe to assume you've made a mistake.
Rushyo
You will find a test case demonstrating the aforementioned on your blog.
Rushyo
Oh, now you are insulted that you lost the argument, so you go picking on my blog. Go ahead, knock yourself out. I have more productive things to do that arguing with you.
Adrian Grigore
+1  A: 

If you're really worrying about the false-positive, simply use Manual Install, which the instruction is shown on the lower part of the download page.

Andy Li