X3ap_bonus_pack_5.1.0.0(1).exe is a threat?

Anything not relating to the X-Universe games (general tech talk, other games...) belongs here. Please read the rules before posting.

Moderator: Moderators for English X Forum

greypanther
Posts: 7307
Joined: Wed, 24. Nov 10, 20:54
x3ap

X3ap_bonus_pack_5.1.0.0(1).exe is a threat?

Post by greypanther » Sun, 26. Nov 17, 15:13

The wonderful Norton has just told me the above file is a threat and has been removed, based on: threat name: ws reputation-1. WTF is going on? No I am not going to remove Norton at the moment either! :P
It seems another threat is from: Heur.Adv ML.B, which looking online is claimed to be a trojan malware? True or a steaming pile of? It has they say been on my PC for nearly six years! Malwarebytes spotted nothing during those six years... that is it seems from the X2TC bonus package and has been here even longer.

Norton has removed both bonus packages, the X3TC one to quarantine.
Last edited by greypanther on Sun, 26. Nov 17, 15:47, edited 1 time in total.
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Post by red assassin » Sun, 26. Nov 17, 15:38

It's almost certainly a false positive - "ws reputation-1" is Norton's file reputation based detection (i.e., how much have we seen this before etc) and Heur.Adv ML.B is a machine learning based heuristic.

You can upload it to https://www.virustotal.com/ to run it past a large set of different antiviruses if you want to get more confidence that it's a false positive.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

matthewfarmery
Posts: 3674
Joined: Fri, 9. Apr 04, 17:49
x3

Post by matthewfarmery » Sun, 26. Nov 17, 15:40

Blame Norton, that thing seems to pickup a heap of false positives. It might get good reviews, but it has a pretty bad detection engine. The steam forums have a few of such threads, and the blame is with norton.

Until norton gets better in this area, I wouldn't touch it with a ten foot bargepole.
=

greypanther
Posts: 7307
Joined: Wed, 24. Nov 10, 20:54
x3ap

Post by greypanther » Sun, 26. Nov 17, 15:40

Thank you for that Red. :)

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
mrbadger
Posts: 14226
Joined: Fri, 28. Oct 05, 17:27
x3tc

Post by mrbadger » Sun, 26. Nov 17, 16:06

Unfortunately, Third party Antivirus software is, for the most part, a waste of time these days.

Little more than a system resource hog that wastes said resources needlessly and costs money for no reason.

A legally obtained operating system, kept up to date, that is free of dodgy software (pretty easy to do these days) is more or less all you need. Windows comes with its own Antivirus toolset which works pretty well at keeping the system safe and doesn't impact system runtime speed. And don't open email attachments that are executable. But Google again do a pretty good job of screening these.

A backup system for essential files to protect those in case your system really does get hit by something bad is usually sufficient. I haven't used antivirus for I think ten years. I got hit by one virus from a usb stick on windows about 7 years back, and I downloaded a tool to deal with that at the time.

Or you could drink the coolaid and slow your system down constantly to protect against a threat that might possibly hit you once every few years, if ever (on a properly set up windows system).

Also, Norton is one of the very worst offenders in being a system resource hog.
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Post by red assassin » Sun, 26. Nov 17, 17:31

greypanther wrote:Thank you for that Red. :)

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?
As I said, that's a machine learning based heuristic - if it flagged on a new file you'd just downloaded or whatever I might be at least a bit suspicious, but when it's a trusted file you've had for years it seems unlikely it's malicious. You can likewise check it on VirusTotal to see if anything else flags it.


As mrbadger says, these days I wouldn't generally recommend running any third-party AV - a regularly updated Windows 10 and and Windows Defender is by far the most secure option. The other concern with AV he didn't mention is privacy - an AV by definition has complete freedom to dig through your files and copy anything it feels like to the mothership, so you might as well stick to one company being able to do that rather than two.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

User avatar
Morkonan
Posts: 10113
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Sun, 26. Nov 17, 18:38

The most important anti-virus is the user's own wetware.

In this case, greypanther is doing the right thing, attempting to ensure the security of his system by closely monitoring what files are allowed to install things and by using an antivirus program.

In the great scheme of things, that's good. In fact, compared to some, it's outstanding and excellent behavior. Questioning everything, even a software package obtained from a known website run by a known company the user has a long positive association with - Exemplary security practice!

That being said, Norton, once a "gold standard" in the popular anti-virus market, doesn't have the reputation it used to. Back in the day when browsers were literal sieves and a person's OS was practically as naked as a newborn baby, it was a lifesaver. Today, unfortunately, it and other large packages tend to cause more problems than they help to prevent.

Anyway, good for you, greypanther, you're doing it right. Unfortunately, it's likely that Norton isn't. It's not really doing things "wrong", it's likely just a case of mistaken identity.

Virustotal is a great way to check individual files, by the way. If you truly still have concerns, use it. It's easy, just a quick upload and let it do its stuff.

I'm a fan of running self-contained, third-party, non-resident, anti-virus software in conjunction with the standard resident protection from Windows Defender and using good "safe-surfing" practices and basic OS stewardship. (Malwarebytes is a favorite, free, anti-malware prog.)

A note: One thing that seems to be pretty common is that when a user's AV program lights up and gives them a warning, it tends to reinforce the idea that "it's working." It doesn't matter if it's a false positive or just a normal system warning - Every instance of it informing the user it is working to protect them, whether it's a legitimate warning or not, reinforces that idea. The more complex fiddly bits are in it, the more complex and thus "robust" it seems to the user, no matter why those fiddly bits are there. IOW - False positives reinforce an idea of competency. Imagine that!


PS- A related question: I used to have either a batch file or list of switch commands that would prevent Windows from forcing "Sleep Mode" during scans with Defender and other third-party AV apps. I can't find it and can't seem to locate the Microsoft thread I originally copied it from. This is a known issue that hasn't been addressed by Microsoft and it's annoying, especially when one wishes to scan drives with bajillions of files on them... Can anyone recommend a workaround so I don't have to use system-settings to prevent Sleep modes during unattended, long, scans?

Alan Phipps
Moderator (English)
Moderator (English)
Posts: 30368
Joined: Fri, 16. Apr 04, 19:21
x4

Post by Alan Phipps » Sun, 26. Nov 17, 18:56

@ greypanther: Just for information, I use fully-updated and current Norton Security and regularly load the X3 games with their BPs - all without such false-positive issues. Do you perhaps have your Norton threat detection options set to extremely low threat levels? (Obviously the lower the threat risk level having to be detected, the more checks have to be done and the greater the likelihood of false positives.)

In my role as a forum Moderator including the checking of registrations and posts with potentially dodgy links and embedded malware, I have found Norton's actual interventions and site-cautions at a 'normal' threat level to be most reassuring and effective. I haven't seen any noticeable slowdowns using it; indeed the bundled free Norton Utilities 2016 application keeps my system far cleaner and faster than it used to be. I don't have any privacy hang-ups about Norton either.

Each to their own comfort zones though, and I really don't want or need converting to any other security or privacy regime thanks. :wink:
A dog has a master; a cat has domestic staff.

User avatar
The Q
Pancake Award Winner 2017
Posts: 578
Joined: Fri, 20. Nov 09, 21:02

Post by The Q » Sun, 26. Nov 17, 19:05

X3ap_bonus_pack_5.1.0.0(1).exe is a threat?
You know what the real threat is? X2! :p





(I'm kind of disappointed that no one has made that joke yet.)
Morkonan, Emperor of the Unaffiliated Territories of the Principality of OFF-TOPIC, wrote:I have come to answer your questions! The answers are "Yes" and "Probably" as well as "No" and "Maybe", but I'm not sure in which order they should be given.
xkcd: Duty calls

User avatar
Morkonan
Posts: 10113
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Sun, 26. Nov 17, 19:34

The Q wrote:(I'm kind of disappointed that no one has made that joke yet.)
Image

User avatar
The Q
Pancake Award Winner 2017
Posts: 578
Joined: Fri, 20. Nov 09, 21:02

Post by The Q » Sun, 26. Nov 17, 19:36

Perfect use of the meme. :D :thumb_up:
Morkonan, Emperor of the Unaffiliated Territories of the Principality of OFF-TOPIC, wrote:I have come to answer your questions! The answers are "Yes" and "Probably" as well as "No" and "Maybe", but I'm not sure in which order they should be given.
xkcd: Duty calls

matthewfarmery
Posts: 3674
Joined: Fri, 9. Apr 04, 17:49
x3

Post by matthewfarmery » Sun, 26. Nov 17, 20:24

red assassin wrote:
greypanther wrote:Thank you for that Red. :)

What about the Heur.Adv ML.B it claims to have detected on the 5th of November?
As I said, that's a machine learning based heuristic - if it flagged on a new file you'd just downloaded or whatever I might be at least a bit suspicious, but when it's a trusted file you've had for years it seems unlikely it's malicious. You can likewise check it on VirusTotal to see if anything else flags it.


As mrbadger says, these days I wouldn't generally recommend running any third-party AV - a regularly updated Windows 10 and and Windows Defender is by far the most secure option. The other concern with AV he didn't mention is privacy - an AV by definition has complete freedom to dig through your files and copy anything it feels like to the mothership, so you might as well stick to one company being able to do that rather than two.
I wouldn't put much faith with windows defender

http://uk.pcmag.com/windows-defender-be ... ity-center

worth a read. sure it might have improved some from earlier versions, but I wouldn't trust that much more then I would trust norton. also in AV testing labs, defender doesn't always get good scores.
=

User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Post by red assassin » Sun, 26. Nov 17, 21:01

matthewfarmery wrote:I wouldn't put much faith with windows defender

http://uk.pcmag.com/windows-defender-be ... ity-center

worth a read. sure it might have improved some from earlier versions, but I wouldn't trust that much more then I would trust norton. also in AV testing labs, defender doesn't always get good scores.
This sort of test of an antivirus product is an outdated holdover from the early 2000s, and hasn't reflected the state of PC security since Microsoft started taking security seriously (woefully late, it has to be said). Indeed, even if AV was a good idea in the first place, they're actively harmful to the security of the average consumer AV product, because they require that they maintain detection for an archive of historical threats irrelevant to a modern computer.

Here's the thing: in the great big list of "actions you should take to not get pwned", "use an AV product" is so far down as to not really matter very much any more. The important items are stuff like keep your browser up to date, use Windows 10 (or the latest version of your OS of choice) and keep that up to date, use an email service with good filtering on it, and don't do dumb stuff like entering your credentials anywhere, enabling macros in a document, or opening executable files unless you're absolutely, 100% sure about the source.

AV's only real purpose on a modern system is to try and catch cases of the user being actively dumb, given that modern security measures have pretty much killed off drive-by exploitation, and the thing is it's not even very good at that. For any given new threat, the author of said threat is going to have run it past a big set of common AVs and tweaked it until none of them catch it. Sure, it'll get detected pretty quickly after they email it to ten million people, but it's a bit late by then. The difference between a "good" AV and a "bad" AV at that point is mostly about how quickly the threat gets flagged to them and quickly they get updates rolled out after that, but either way it's still too late to matter. (And in the case of Windows Defender, Microsoft are getting better than anyone at this sort of thing, given the scale of the telemetry they get from every Windows deployment.)

Given this derisory position in the grand hierarchy of security measures, the privacy issues, and the fact that AV itself can be a security risk in itself (there have been a number of recent issues with serious security flaws found in AV products!), I argue that using a third party antivirus is worse than using Windows Defender. We've all been conditioned by two decades of unforgivably lax approaches to security by major OS vendors that antivirus is required, so now people, like the review above, automatically ask "which AV should I use" and not the better question of "what security steps should I take".
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way

greypanther
Posts: 7307
Joined: Wed, 24. Nov 10, 20:54
x3ap

Post by greypanther » Sun, 26. Nov 17, 21:07

Alan Phipps wrote:@ greypanther: Just for information, I use fully-updated and current Norton Security and regularly load the X3 games with their BPs - all without such false-positive issues. Do you perhaps have your Norton threat detection options set to extremely low threat levels? (Obviously the lower the threat risk level having to be detected, the more checks have to be done and the greater the likelihood of false positives.)

In my role as a forum Moderator including the checking of registrations and posts with potentially dodgy links and embedded malware, I have found Norton's actual interventions and site-cautions at a 'normal' threat level to be most reassuring and effective. I haven't seen any noticeable slowdowns using it; indeed the bundled free Norton Utilities 2016 application keeps my system far cleaner and faster than it used to be. I don't have any privacy hang-ups about Norton either.

Each to their own comfort zones though, and I really don't want or need converting to any other security or privacy regime thanks. :wink:
Yes I have checked and tweaked a little bit, thanks, Norton removed the perceived threats without asking too! I too did not notice much difference between no Norton, ( before installed, ) and Norton installed, no apparent slowdowns, though I guess that could just be me not knowing what to look out for. That is the core of the problem for me though, I lack much in the way of self confidence anymore, am always doubting myself.

You know the worst thing Alan? I will download the bonus pack again, but I have forgotten how to specify where the download will go, which is a minor problem as I have three versions of AP installed, each slightly different. The download is automatic from the exe., yes?

I agree with Matthew regarding Defender as I have read too many articles explaining how inadequate it is, over several years. I am also running Windows 7, not 10, so will continue to avoid, even if it improved now. I will stick with Cool Aid as mrbadger says, at least until it comes to renew again. :roll:

Edit: Virustotal is bookmarked now too, thank you.

Edit2: Touching wood here, but I have never had a virus by the way, so even my ill educated, perhaps paranoid ways, cannot be that bad... :roll:
( Privacy is nothing but an illusion by the way! :P )
Pray that there's intelligent life somewhere up in space
'Cause there's bugger all down here on Earth

User avatar
felter
Posts: 6961
Joined: Sat, 9. Nov 02, 18:13
xr

Post by felter » Mon, 27. Nov 17, 03:01

I had Norton once upon a time on my computer, one day the computer slowed down to a near standstill, I used Norton to do a scan and nothing, it was perfectly clean. I used another AV program and it found a virus, but this thing had been left to go on a rampage throughout my computer, there were over 1000 instances of it but Norton couldn't even find one of them. Wouldn't be so bad if it had been a new virus, but this one had been around for several years and everyone apart from Norton knew about it. it was so bad I had to do a complete system wipe and re-install of the OS, it was the only way to remove the virus and of course Norton.

On another note. I did a scan the other month there and my AV found a virus, my own pet virus I've had it for sometime now. It's a good little virus, doesn't bother anyone but Avira finally noticed it and classed it as a nasty virus, which is pretty impressive as it will not be registered on any kind of data base and has never been released as a virus onto the general public and wouldn't do anyone any harm even if it was. Mind you it might be the key login part of it that Avira didn't like, maybe there is something in it's programming, makes me wonder if Norton would notice it.
Florida Man Makes Announcement.
We live in a crazy world where winter heating has become a luxury item.

Alan Phipps
Moderator (English)
Moderator (English)
Posts: 30368
Joined: Fri, 16. Apr 04, 19:21
x4

Post by Alan Phipps » Mon, 27. Nov 17, 11:36

As mentioned earlier, the threat detection level can be user-adjusted in most AVs. That introduces a user-led impact on trade-offs for checking speed, false positives and potential missed detections.

There are also some malwares that target specific AV code functions in order to disable them or blind them to the specific attack. Some sneak their attacks in via third parties such as the OS apps or drivers. The AVs usually combat those by frequently patching or introducing variations in their internal coding.

No AV is omnipotent, totally invisible in use, totally autonomous or 100% secure; they will often need to react as well as try to deter/prevent. There always will be AV trade-off decisions and precautions for the user to take and maybe a few AV horror stories to tell too. :wink:

As an aside, in my experience, the Norton customer support have been very attentive and helpful on the few occasions when I have contacted them with a query or concern. One minor issue I raised was actually dealt with in an AV update issued very quickly after the report.
A dog has a master; a cat has domestic staff.

User avatar
Morkonan
Posts: 10113
Joined: Sun, 25. Sep 11, 04:33
x3tc

Post by Morkonan » Mon, 27. Nov 17, 17:45

I don't know how they are today, but I would like to say that during the only two times I've ever been subjected to an actual computer virus, Norton had custom removal tools available for free, no strings attached, and they worked exactly as they were advertised. (Two-and-a-half times, actually, as I caught the last one before it had a chance to do anything of import. This doesn't count the one time a service had its credential/login database and sitepage compromised, which they still refuse to admit.)

How did I get these "viruses." In both cases, they occurred in the heyday of "javascript delivered packages through third-party advertising" on gaming sites. I clicked on my bookmark to a gaming site I frequented often and "boom", welcome to virus-land, courtesy of "Google-ads" or whatever ad-stream they had signed up for.

Once that happened, I redoubled my efforts, got "ZoneAlarm", a nice fat Norton package, etc, and, magically, everything was fine from then on.

Today, the soup-de-jour is just going to the source, for the big boys, and targeting single-users with personalized "hostage" schemes made possible by e-currency and certain tools to protect anonymity for some other groups.

What bothers me about certain comprehensive AV packages is that they can, at times, give users a false sense of security. Certainly, they're better than nothing, but I worry that some users think they're "protected" when there's truly no such thing as full protection from one's own habits.

An admin user can authorize anything and that's the default login method for everyone. And, it's the one everyone uses, since nobody likes to be inconvenienced very much.

Personally, I think everyone should be as paranoid as the most wanted hacker on the planet. Everyone should be using encrypted-everything with every encrypted, anonymous, bit of stuff that's possible to use and still be able to get one's machine to function. I think a user's puter should require a blood donation for a DNA scan before it allows any admin/super-user privileges. I think if a user isn't accessing the 'net using an encrypted connection over a distributed network that ensures anonymity, the ISP should warn them. BUT, instead, if a user actually tries to do anything like that, their ISP puts 'em on a "list" of suspicious people who have the temerity to dare to hide their browsing habits from the ISP's commercial-tracking database...

BUT, then again, all of that can be cirumvented wiith one keypress, mouse-click or faked DNA scan... And, if the authentication process was legit, it still relies on the user knowing what it is they're doing.

Anyway, I applaud greypanther for having the guts to question what it is his AV software is responding to as well as the legitimacy of a bit of software, even if it is from our much-beloved Egosoft. THAT'S the kind of attention to detail that helps keep users safer.

User avatar
Terre
Moderator (English)
Moderator (English)
Posts: 10483
Joined: Mon, 19. Dec 05, 21:23
x4

Post by Terre » Mon, 27. Nov 17, 19:16

X3ap_bonus_pack_5.1.0.0(1).exe
Dosen't the one within the brackets indicate that you already have a copy of the download. If you scan that with your AV, do alarm bells sound?
Open Rights Group - Is your site being blocked
Electronic Frontier Foundation - Online Censorship
The Linux Foundation - Let’s Encrypt
Check if your Email account has been pwned

User avatar
mrbadger
Posts: 14226
Joined: Fri, 28. Oct 05, 17:27
x3tc

Post by mrbadger » Mon, 27. Nov 17, 20:38

I know I seem might quite naive in my assertion that the system overhead of AV isn't worth it.

But I have a quadruple backed up system, with each backup independent of the other, and two of those backups are only connected to my system when they are being updated. There is almost no chance a virus can wipe out my files.

I'm not completely safe, but a lot safer than someone who relies on AV.

My level of backup isn't required, for one thing it cost nearly as much a new PC, My QNAP NAS is essentially a PC with RAIDED drives in it, and that wasn't cheap.

But a double drive mount and a couple of hard drives to slot in it is affordable, and provides a lot of security. I've been doing that for a decade now. If you connect it to a Raspberry Pi you might even be able to RAID it, but I settled for cloning and storing the clone in a safe place.

Even someone using AV should be doing that.
If an injury has to be done to a man it should be so severe that his vengeance need not be feared. ... Niccolò Machiavelli

Alan Phipps
Moderator (English)
Moderator (English)
Posts: 30368
Joined: Fri, 16. Apr 04, 19:21
x4

Post by Alan Phipps » Mon, 27. Nov 17, 20:55

Oh indeed. I use the Paragon Backup 15 app to keep regularly updated boot and data files plus a system ISO on external drives.

I see that as insurance and business continuity in the face of potential disaster (malware, system failure or user error). The role of the AV is to minimise the risk of contracting the malware.
A dog has a master; a cat has domestic staff.

Post Reply

Return to “Off Topic English”