[Important] XPize and Norton AV 2006

[XPero]

I've received several emails of XPize users telling me that Norton Antivirus 2006 found Trojan.Zlob in XPize. I downloaded the Norton AV demo and started to remove pieces of code to see what was causing that. After lot of testing I found the solution:

NSIS allows installers to be compressed using different compression methods. The one I use with XPize is the LZMA. Changing this method to another one like BZIP2 fixes the virus warning It seems that the crappy Norton AV does not like LZMA compression I will release a fixed version soon.

EDIT: Installer will weight 3MB more using BZIP2 compression!! I love you Symantec!

EDIT 2: XPize version 4.4.2 released.

EDIT 3: Reuploading version 4.4.2 compiled using NSIS 2.18 and LZMA compression. This time, Norton does not complain.

[nuhi]

I would rather contact Symantec or just put a note on the site.

Similiar thing happened with nLite and Antivir...someone told them and they corrected. It was Winrar Selfextracting exe.

[Maleko]

I cant stand Norton anymore, used to love it, but with version 2006, i hated it!

[bledd]

omg, thats so lame (of norton)

any chance of putting both builds up each time?, maybe put the non-norton friendly one in 'other downloads' or something

[Francesco]

Why don't you compress the installer with 7zip (like the firefox one) maybe norton can't manage to extract it so it won't detect any false positive.

[XPero]

@bledd:

I will think a solution for next version. AV software is killing my patience...

@Francesco:

Norton will delete the .exe automatically, not even a pre-deletion warning.

[T D]

I scrapped Norton IS 2006. V high memory and cpu usage, especially from CCAPP.EXE and VERY SLOW internet connection.

And their definition updates are like 5mb every three minutes. Byebye norton, hello Kaspersky!

@XPero Why not try something like ZOO or ARJ, something w/high ratios that Symantec haven't heard of yet?

Edited July 5, 2006 by T D

[Francesco]

Norton AV has the worst detection ever: It sucks so much that even a 1 byte change in an executable can avoid norton detection. Kasperksy instead doesn't rely on stupid string matches like norton does in fact it has the best detection ever (99.97%). Also kaspersky uses rootkit technology to prevent viruses/worms from disabling the scan making it the best AV ever. Kaspersky also doesn't rescan the files its checksum hasn't changed (checksums are stored in alternate NTFS streams) making Kaspersky the fastest AV ever.

[T D]

And the Worm Detection in Norton detects everything as a "worm".

[XPero]

It seems that latest NSIS (2.18) fixes the problem. I will keep you updated.