I will repeat a question I asked yesteday in the THE CATCH thread yesterday: I was wondering, Lee, what you think about having a centralized "bad file" reporting theme in the Forum? I suppose it would be a manpower issue, but I think it would be better than having Anti Virus alerts scattered all over the site, it would help people to put their minds at rest if they could find out as quickly as possible that these things are False Positives or what ever, by someone who is knowledgeable in these matters. I noticed that in the McAfee Siteadvisor page for this site, there is one report by a user that they got a some sort of Malwhare here, probably from a false positive reading. Maybe something like this could help prevent other bad reports and put this site in the green.
For todays download, Alcyone CD Ripper, comment #21 by Viluf reported a keylogger found in his download about 5 hours ago, and since this issue was not addressed, up to now, you have lost, at least, 2 other potential downloaders becuse of that report, not good I say, and maybe a theme such as the one I suggested, would of prevented this from happening.
Also I find the Flamming to other users by people that seem to have the intelligence not to do it, very disturbing. This site should get a handle on this and put a stop to it. If Flamming happens on any reputable forum, such as Bleeping Computer, Major Geeks, After Dawn, after 1 or maybe 2 warnings, the Flammer is gone.
Report a "Bad File" theme for the Forum?
(36 posts) (5 voices)-
Barry
MemberPosted 17 years ago # -
Anonymous
UnregisteredSorry was probably working when you wrote it.
O.K. make a sticky then we can all have an opinion.
Make sure also that people:
1) write application or game.
2) identify file
3) what AV(s) they use
4) any fruther proof they believe the file is a spyware, malware, crimeware, virus, worm, trojan, joke etc file.
5) any further comments
Getting my son from primary school, now so will look forward to your work.
Thanks Barry.
Posted 17 years ago # -
Barry
MemberHi,
I would be happy to do that, but I thought that Administrators or Moderators were the only ones who could assign a stickey to a thread, I am not sure how to do a sticky, I have never done one before. Maybe someone could give me a hint on how to get started. Unfortunatly I have to get to work right now or I am going to be late, so I will have to work on this latter on today.
Good day,
BarryPosted 17 years ago # -
Michelle
MemberI think you are right Barry. I think they are the only ones who can, but I agree with you about respecting all members even though their opinion might differ from your opinion or their antivirus may have detected something your's didn't or vise versa.
I also think that virus/trojan/spyware forum would be a good idea, but I don't see how it is going to stop the flaming. It will just go somewhere else.
With regards to Mcafee, I'm sure Mcafee siteadvisor is doing some extensive testing on this site. However I don't think it will make the green. It not only goes by what's on the site, but they even go further into it and any links or anything that you have on your site they take into consideration and that can change the rating.
Posted 17 years ago # -
LadyGodiva
MemberA forum category would be good but some people will still insist their own false positive is correct regardless of any checking done by site administrators or more experienced users. It happens every time. Sometimes it sounds like certain people want to disparage the site. Why do they continue to use the site, competitors or trolls maybe? Conspiracy nuts?
One user suggested the site hire an 'expert' to double or triple check all false positives. That's overkill because there haven't been many false positives and it would cost. The site would have to go to paid memberships if they hired experts to please everyone from people who panic at false positives to those needing tutoring in how to download and install. People wanting that should probably forego dowloading completely and buy all their software from well known developers at retail.
Panicky types would find fault with any expert the site might hire anyway. We don't even know if one or more of the site owners is already a secuity expert. A while ago there was a forum exchange between Bubby and another member about false positives. The other member would not consider even the possibility of being wrong, insisting the false positive had to be a real threat. Bubby said that in the end everyone has to decide for themselves what to install on their own computer and less experienced users are better off using more caution if they don't know how to follow through on a security warning. Bubby was right. Self reliance and follow through are the key but some people won't do it and can't accept reassurances from anyone including the site administrators. A dedicated forum is better than hiring experts but neither will please the panicky.
Posted 17 years ago # -
The other strategy I will probably use is where available, locate and publish the actual fingerprints a trojan or virus leaves behind. Normally these will be the presence of a set filename of a specific size, or a particular registry key with a value which might for example load the trojan on windows startup.
Once you have that information - you have something concrete to check against on your system. A false positive might match or come close to matching maybe 1 of 4 or 5 items that indicate the malware is installed. If a trojan uses file xyz.exe in the c:\windows\system32 folder and has a certain registry key - but the file doesn't exist in that folder and the registry key doesn't exist - then you have to question whether the antivirus might've got it wrong.
As a child I used to pull the wings off flies (called a 'walk') and with Viruses and Trojans typically its no different - it is often very easy to disarm these things and even more easy to tell when you are looking at them, that they never had any wings to start with.
If it looks like a duck, and it walks like a duck, and feels like a duck - It probably is a duck. But if it also sounds like my father singing Robbie Williams... it's probably a false positive.
Posted 17 years ago # -
Barry
MemberHello,
I am not exactly sure what the most efficiant way to set this up would be, and like LadyGodiva more or less said, I am probably wasting my time. Since I love a challange, I thought I would give it a shot anyway. You will have to understand this really is not my "cup of tea", and any imput would be appreciated.
I come up with 2 scenarios:
1- A guide line is probably the easyest to set upPut a sticky to a Theme, and call it "Report a Malwhare" , or Virus or A Bad File, whatever would be suitable.
The guideline could look something like this:Please follow the guideline to submit a report.
NAME OF SOFTWHARE DOWNLOADED - mandatory
FILE IDENTIFIED - mandatory
NAME OF ANTI VIRUS or ANTI MALWHARE PROGRAM,S USED - mandatory
COMMENTS ie. further actions taken, changes in system files, etc.We will analize your findings and will respond as quickly as possible.
NOTICE, Mandatory catagories must be submitted or your post will be deleated.2- This one is likly way harder to set up.
Use the same guideline as above but make it a form, where the user would just have to fill in the spaces.I hope this is what you are looking for Lee, this is intended as a draft to see if I am going in the right direction. The sticky thing will have to be up to you.
Have a good one,
BarryPosted 17 years ago # -
LadyGodiva
MemberNot necessarily wasting your time, the forum category or even a sticky post is a good idea. It's just that some people are never going to be satisfied, again they should probably forego any downloading. Others are trolls wanting to start trouble, like the rash of posts in these forums the past week.
My sixth sense on the latter (sixth sense in that I see dumb people) is that someone was told by their parent to quit downloading and installing a new program and a new game every day onto Dad's computer. Thus they are angry and trying to scare other users of these sites so that they too may be grounded from downloading.
In the meantime, those getting false positives can upload the questionable file(s) to any or all of the following sites. They will scan the uploaded file with several updated scanners. Of course it's not a good idea for anyone to overwhelm these sites with each and every program or game given away, especialy the last two as they are nonprofit. But if someone has gotten a false positive, checked it with an alternate program and still found a problem then these sites are a good resource:
http://www.virustotal.com/en/indexf.html
http://scanner.virus.org/
http://virusscan.jotti.org/Posted 17 years ago # -
Barry
MemberHello,
Well I got to think this is getting way weird! I guess this was a bad idea after all.
Thank you LadyGodiva, for your resposes, I love your handle by the way.
It is very true that people could check these "bell ringing" files for themselves, and one would hope that everyone would be a false positive.
Do you think that the average user who comes to this site would bother checking these files for themselves? In most cases I do not think they would take the time to do that, mainly because GOTD guaranties all downloads are virus and spyware free, one would think that means, GOTD has some responsibility to honor that guarantee. If a user's AV alerts them, the first thing the user is going to do is leave a comment about it, for everyone to see, or get mad and leave nasty comments or deleat the software outrite and perhaps never come back and more then likly letting everyone know about it. That will scare some other potential users away, especilly if GOTD dos not respond to the "Virus Alert" in a timley fashion. Check the comments in the Alcyone download, if you do not believe me. Not Good for business I say!
So be it! I got better things to do, like daydreaming about horses, long flowing hair, naked women, green grass, rolling hills,******************************************.
Catch you on the flip side,
BarryPosted 17 years ago # -
LadyGodiva
MemberBarry, the glass is half full. So far three replies and all think it's a good idea. My only point is that even if implemented it will not be a cure all.
Yes, people do set off alarms in the comments on finding false positives and they will continue whether there is forum space or not. People panic even though panic is never an action, it is a reaction. But good luck trying to get anyone in panic mode to calm down and think. The site administrators have done extra checks and manual checks when users got false positives, yet in most cases those users were still not satisfied. If they are not sure how to proceed on getting a security warning and can't or won't trust extra checks by others then honestly the best solution for those users is to simply not install the particular software that gave them a false positive.
No other site does immediate double and triple checks every time any user gets a false positive. Not CNET, Tucows, Softpedia, NoNags, GoldFiles, et. al., yet all are still in business and have similar guarantees of safety. All download sites post disclaimers that end users are ultimately responsible for what they choose to install. On this site it's in "Terms and Conditions" under each and every download link. It's just that some don't read it just like some don't read activation instructions. Then they post nasty comments that the site must be a scam because they only got a demo. The site can't be held responsible for every possible false positve anymore than they can be held responsbile for users who don't read and follow activation instructions.
Downloading is like surgery, only not nearly as serious. Both can be made as safe as possible but both always carry a certain level of risk, however small. Users who are not willing to accept any risk at all should stop downloading from any sites. This site should be safer than those others as they deal with only two programs per day as opposed to huge libraries of files. They scan multiple times with multiple programs before uploading and don't allow outsiders to upload files. Thus, acceptable risk should be lower here than elsewhere. But to some people no amount of risk is acceptable. That's fine, it's their choice. Yes they will miss out on free programs here and elsewhere but oh well, can't have it both ways.
Still a good idea, a sticky post likely would be better than an entire forum category. There are only two programs per day and have not been enough false positives to warrant an entire forum category. The only caveat is it will not solve everything, particularly for the kind of users mentioned above. No business can make everyone perfectly happy 100% of the time. But it is important to note that to date not one of the false positives has been proven to be a true positive, in fact just the opposite.
Posted 17 years ago # -
Barry
MemberHello,
Thanks again, LadyGodiva, for your response, much appreciated.
The real question here is dose GOTD need a place of some sort to report a AV alert, and have someone respond back to confirm that it is a false positive or what ever the problem may be, yes or no. Would it make this site better, more user frendly, give people peace of mind that the download offered that day is clean, or keep people from thinking that this is one of those sites that put "bleep" in my computer? I thought some sort of avenue to report alerts would be a good idea, but with no feed back other than yours, if it dose not change anything what is the use of having it. Why even Lee did not get back to me, to tell me if what I come up with was good, bad or ugly, or if I need to add more to it, or how to do a sticky, it make this task very difficult.
Responding to your point about the other download sites, keep in mind that a person has only 24 hours to get these programs here, the other download sites that you mentioned, if you get a virus alert or what ever in a download, you have all the time in the world to confirm that this file or program is safe or not, here you don't.
Other than the keylogger alerts, which of course were part of the programs, the only Virus or Trogan alert, I have seen, that was confirmed to be a true false positive was the BackDoor.Generic5.FOP Trojan, by BuBBy, which was good of him to take the time to research it, but it was 3 days after the download was offered. Is that soon enough or would it be better to have something in place on the day of the download?
LadyGodiva, you are entirely right there is no way to keep everyone happy, there will be people that will go away mad no matter what you do, so maybe the attitude, "you win a few lose a few" works at this site quite nicly.
Have a good one,
BarryPosted 17 years ago # -
LadyGodiva
MemberBarry, the moderators don't know whether or not stickies can be created or forum categories added. Lee likely didn't get back to you because he doesn't know, not because he neglected to reply. I mean why reply just to say " Gee, I don't know"?
Your point about this site being different as there's a 24 hour limit is well taken. But people need to make their own decisions even if they have to make them quickly. If it's a game, well nobody really NEEDS a game. Many of the other programs aren't exactly in the "can't live without" category either. The most someone would experience by making a "better safe than sorry" decision is disappointment on having missed one program. But because of the 24 hour limit it doesn't seem possible to get an absolute, definitive answer AND still be within the deadline.
It's really not that big of a deal though. If someone misses out due to a security warning they don't want to take a chance on, there will still be another program and another game the next day that likely won't give any security warnings.
Posted 17 years ago # -
@LadyGodiva - we do have the ability to create both Stickies and new forum sections - but I would defer the decision to do the latter to the Admins. While we have the ability to do some things - there question remains whether we should.
@Barry, as you mentioned it did take more than 24 hours (several days?) to get positive confirmation from Grisoft that the alert was a false positive.
I believe in the past the GOTD Team have commented when someone triggers reports that they have detected some suspicious files. I am also happy to look at reports and test files, for a confirmation/opinion.
Ultimately though - people should do their own scanning and check the files. After all, it's your PC and your data and nobody else's responsibility. The GOTD Team and the developers can scan software prior to release - but if users always trusted that other people would virus scan on their behalf, no user would need AntiVirus software.
To date there have been no instances of Trojans, Spyware or Viruses in daily GOTD software downloads - but it would be naive to think it cannot happen.
As with any software, users must weigh up the risks (however slight) in deciding if they want to install on their computer.
Posted 17 years ago # -
Barry
MemberHi LadyGodiva,
In Lee's post, he asked ME to make a sticky, I do not know how to do that, so I asked him how to do that and included what I considered a draft of what I was thinking of putting in the the stickey, to see if I was anywhare close to what would be acceptable, if I need to add anything etc. No response fom him, he is a busy fellow and I can understand that, and it is hard for him to be everywhare on this site, no big deal.
After your imput and suggestions, and after thinking about for a few days I have come to realize that maybe this is really a non issue for GOTD, and it dose not really matter, so why am I wasting time thinking about it? I have been wrong before and heaven forbid there might be a time when I will wrong again.LOL.
Have a great day,
Barry
EDIT - Sorry BuBBy I did not see your post before I sent this one, Thank You for you imput, catch you latter.Posted 17 years ago # -
Michelle
MemberBarry take a look at this.
http://www.giveawayoftheday.com/forums/topic/676?replies=30#post-3633
Did you ever apply?
Posted 17 years ago # -
Barry
MemberHi,
Michelle, you know what, I missed that post compleatly, I was concentrating on this one so much I have not been reading to many of the others. Thank you so much for mentioning me for a moderator, now wouldn't that be a interesting challange? Unfotunatly my job takes up most of my time during the warm weather months here in Saskatcewan, Canada, a land where some people would say we get 9 months winter and 3 months tough sledding, (not to far from the truth) so I would not be able to commit myself fully to the task. Maybe, if Lee is still looking for someone in my lay off months Dec to the end of March, I will apply.
I think you would make a excellent Moderator, Michelle. Give the forum a bit of the "female perspective", why not give it a shot? If you do not like it, you could always quit, it is not like you will be stuck to it. Just think of the power you could wield! BE GONE YOU GOOD FOR NOTHING SPAMMER!!, TAKE THAT YOU DIRTY ROTTEN FLAMMER!!, I think you might enjoy helping and guiding people along too, I think you would find that rather fulfilling.
Thank you again,
BarryPosted 17 years ago # -
LadyGodiva
Member@Bubby. I didn't mean ya'll didn't know HOW to do it, just that nobody knows if it's OK to do it because the administrators haven't given a go ahead. There's only speculation as to why there's been no answer either way. So a reply from Lee of "Gee, I don't know" [if it's OK or not] wouldn't be very helpful. Probably why he didn't get back to Barry.
@Barry. There's at least two spyware alerts posted on today's program page, comments 10 and 16, didn't read any further so don't know if there were any answers offered. Your idea is good, the question is would people use the forum for alerts? Probably not. For that matter hardly anyone uses the forums at all, except a small core group. Maybe people can't find the forums, find using comments easier, don't want to have to register, are afraid of spam if they register, think the forums are too cliquish, aren't confident they'd get help, don't know which category to post in, who knows?
Too bad you can't commit to be a moderator and I think Michelle already said she couldn't either, in the same link she posted. I think tjchan would be a good choice, the person who wrote that automatic downloader-activator program. Seems calm, has a good head, and was awfully nice to write a free program for people having activation problems. That's really going above and beyond for a bunch of strangers. Or how about triphammer, who also seems calm and has been very helpful to people here. Any moderator has to be calm, it never works with the hot heads. :)
Posted 17 years ago # -
Barry
MemberHi,
I did have a 3rd scenario, set up a direct link in the comment section to the forums, so the user could report a "alert" without actully registering to the forum. I could picture the procedure in my mind, but to actully write it out, it seemed too complicated, so I rejected it.
Anyway, if the Moderator on duty feels this subject is all hashed out, go ahead and close it.
Thanks to everyone who posted, see you around the forum,
BarryPosted 17 years ago # -
Michelle
Memberhttp://img144.imageshack.us/my.php?image=untitledpl6.jpg
"@Barry. There's at least two spyware alerts posted on today's program page, comments 10 and 16, didn't read any further so don't know if there were any answers offered."
Not spyware, I think what is going on is a link or something that is on the author's site that is getting blocked. The Website itself isn't being blocked.
Posted 17 years ago # -
Anonymous
UnregisteredWell I was for sometime the only one removing vulgarity.
I live in a different time zone than the majority of people here.
I also have to earn a crust, I am currently working at home, I can only browse sections for small amounts at a time.
I also have two children and a fiance to spread some of my free time to.
I try my best to remove as much as I can, such as allegations, links to crackz, warez, hackz, bigotry, racism etc..
When you have forwarded all your suggestions with good reasoning and all duplicates and things that are not applicable have been sorted, then BuBBy or I can start one.
To ladygodiva you made comment about spyware.
10. When I clicked on the webcammax home page link above, a Spy Sweeper alert popped up:
“Spy Sweeper - Internet Communication Shield
Spy Sweeper has blocked access to a potentially threatening web site.
The Internet Communication Shield has blocked access to 222.88.88.134″However, SiteAdvisor rates it a green (safe) site.
If this is a false positive, webcammax might want to contact Spy Sweeper and request correction.
16. @10…I also received the same Spysweeper alert regarding the webcammax home page
This is spyware how?
http://www.51.la/ is this a spyware site?
It's linked to: http://222.88.88.134/
Posted 17 years ago # -
Anonymous
UnregisteredOf course, then we can as a group of experienced users (myself 18 years of the internet in one form or another) can make sure it's watertight.
As I said, you suggest and we can pick the bones out of it.
I am pro democracy, not a a weak hearted liberal.
If you go make a thread, (as it's 22:09) 39 minutes past my bedtime and start us off, then I can read it tomorrow write it down and hopefully by Tuesday the laws will be in place.
Posted 17 years ago # -
Michelle
MemberSomeone else can start it out, but I think 2 of the rules should be that you are respectful to everyone and no spamming of forum. Usually most of the forums I been to you spam the board, you get banned immediately.
I still am shocked you are going to let us pick our own rules. This is the first forum I have ever been to that let the users pick their own rules.
Posted 17 years ago # -
LadyGodiva
MemberIn topic/679#post-3824 Lee wrote:
"To ladygodiva you made comment about spyware."
[snip pasted comments]
"This is spyware how?"[sigh] Lee, I never said there was spyware in the program. Perhaps I should have said "there's at least two SPYSWEEPER alerts", and perhaps those were bad examples. Not like past panic comments along the lines of Virus! Trojan! I agree, virus! I agree, Trojan! But those alerts were there today, even as we debate how to get them onto the forums.
Barry mentions how the average user might view things, he's right to think that way. The average user is going to see such comments and think this site is distributing dangerous software. It must be dangerous they would think, or nobody would be getting any security warnings, right? If one thing's certain it's that there's an awful lot of people who think any security warning always means positive.
But again that wasn't even the point at all. The point was that people do not use the forums, whether for security alerts or support questions. Hardly anyone uses that large text link above the comment field, even if they have been using this site for a while.
Some possible reasons are in my last post written @Barry. Other reasons may be that a few in the core group sometimes have tendency to jump on single words or phrases from forum newcomers, change the meaning of what was said and then want an explanation of what was not said. Forum newcomers are sometimes ignored or even ridiculed and then there's thread drift into unrelated personal conversation among the core group while the original questioner has no answer.
Both groups of newcomers seldom post here again, who could blame them? The same core group members are then wringing their hands wondering why hardly anyone uses the forums. These are not the only reasons but in addition to possible ones from the last post. These are just the ones I had hoped could be understood and left unsaid. But apparently not, oh well.
But Lee, from all the things that are on your plate you are clearly spead too thin and could use help. So how about jchan and/or triphammer? It shouldn't be all on you or all on you and BuBBY. Input on forum rules from members is a nice idea Lee. I don't expect to have great interest in what they are ultimately. I have only expected to be here in short spurts due to an unusual occupation (ya, supplement of ones posted..lol) that keeps me alternately either extremely busy or somewhat bored.
Best of luck with the forums! Seeya ... sometimes.
Posted 17 years ago # -
Barry
MemberWARNING, WARNING, WARNING, (Lightning bolts, rolling thunder, more lightnig bolts)
YOU ALL have broken RULE 3, ARTICAL 12 of the GOTD rule act:
THOU SHALT NOT HORN IN ON ANOTHER PERSONS THREAD.
Cease and desist imeadiatly, or the punishment will be swift and severe.
By the charter invested in me, The Supreme Moderator, Barry, THEE EXALTED ONE.
(Followed by a fanfair of drums and lots of trumpets, backed up with a dozen scantily dressed dancing girls throwing rose petals on my monitor.)
Relax folks, just practicing, I realy am not a Mod. YET! (devious, high pitched laughter and twisting of moustache), but the power I had in my finger tips, for a minute there, was amazing!!!!
Have a good one,
BarryPosted 17 years ago # -
Barry
MemberHi Lee,
After everything is said and done, my cuiosity is killing me, there was a lot of posts but not one refered to the work I did, good or bad, on the scenarios I put together. Since I have never tried to do anything like this before, it took some time and burdened some of the few brain cells I have left, I was wondering if any of these scenarios would of been workable?
Anyway, I got to run, one of the kids downloaded something with a browser hijacker in it, NOT FROM HERE, and I have to deal with it.
Have a good day,
BarryPosted 17 years ago #
Topic Closed
This topic has been closed to new replies.