XPero Posted July 2, 2006 Posted July 2, 2006 I've received several emails of XPize users telling me that Norton Antivirus 2006 found Trojan.Zlob in XPize. I downloaded the Norton AV demo and started to remove pieces of code to see what was causing that. After lot of testing I found the solution:NSIS allows installers to be compressed using different compression methods. The one I use with XPize is the LZMA. Changing this method to another one like BZIP2 fixes the virus warning It seems that the crappy Norton AV does not like LZMA compression I will release a fixed version soon.EDIT: Installer will weight 3MB more using BZIP2 compression!! I love you Symantec! EDIT 2: XPize version 4.4.2 released.EDIT 3: Reuploading version 4.4.2 compiled using NSIS 2.18 and LZMA compression. This time, Norton does not complain.
nuhi Posted July 2, 2006 Posted July 2, 2006 I would rather contact Symantec or just put a note on the site.Similiar thing happened with nLite and Antivir...someone told them and they corrected. It was Winrar Selfextracting exe.
Maleko Posted July 3, 2006 Posted July 3, 2006 I cant stand Norton anymore, used to love it, but with version 2006, i hated it!
bledd Posted July 5, 2006 Posted July 5, 2006 omg, thats so lame (of norton)any chance of putting both builds up each time?, maybe put the non-norton friendly one in 'other downloads' or something
Francesco Posted July 5, 2006 Posted July 5, 2006 Why don't you compress the installer with 7zip (like the firefox one) maybe norton can't manage to extract it so it won't detect any false positive.
XPero Posted July 5, 2006 Author Posted July 5, 2006 @bledd:I will think a solution for next version. AV software is killing my patience...@Francesco:Norton will delete the .exe automatically, not even a pre-deletion warning.
T D Posted July 5, 2006 Posted July 5, 2006 (edited) I scrapped Norton IS 2006. V high memory and cpu usage, especially from CCAPP.EXE and VERY SLOW internet connection.And their definition updates are like 5mb every three minutes. Byebye norton, hello Kaspersky!@XPero Why not try something like ZOO or ARJ, something w/high ratios that Symantec haven't heard of yet? Edited July 5, 2006 by T D
Francesco Posted July 5, 2006 Posted July 5, 2006 Norton AV has the worst detection ever: It sucks so much that even a 1 byte change in an executable can avoid norton detection. Kasperksy instead doesn't rely on stupid string matches like norton does in fact it has the best detection ever (99.97%). Also kaspersky uses rootkit technology to prevent viruses/worms from disabling the scan making it the best AV ever. Kaspersky also doesn't rescan the files its checksum hasn't changed (checksums are stored in alternate NTFS streams) making Kaspersky the fastest AV ever.
T D Posted July 6, 2006 Posted July 6, 2006 And the Worm Detection in Norton detects everything as a "worm".
XPero Posted July 6, 2006 Author Posted July 6, 2006 It seems that latest NSIS (2.18) fixes the problem. I will keep you updated.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now