SC4 & Antivirus Issues

[UndercoverNinja12 176]

OK, so lately my antivirus (Norton) has been telling me that a select group of SC4 files (totally unrelated, by the way) are security threats and has deleted them. At first, it was only 2 or 3 buildings and such downloaded from the BSC LEX, that were totally unconnected in any way, shape, or form. I just went without using those, it was nothing major. Then, today it said both my SC4mapper and SC4terraformer files were security risks. Now, I've been using those for a long time, and although they were on a flash drive, they've been downloaded for literally at least a year, so why now does my antivirus think they're issues? It deleted them and so I redownloaded SC4mapper from the BSC LEX...but now it is deleted automatically because they are security risks, or so Norton says. 

 

Any solution? Those are two major tools for making an SC4 region. Should I just tell Norton they're OK, or should I worry they are actual security risks?

[rsc204 21,805]

This can be a common problem because the format of SC4 data files can look a little odd at first glance (from the computer's perspective). You should also have the option to quarantine files, so rather than deleting them, they are moved and not allowed permission to run on your system. If this was already activated, maybe the old files are there somewhere?

 

This sort of false positive is quite common, sometimes they screw up windows files or programs by mistake. From a security standpoint you have to make a judgement call in these situations because although the vendors would have you believe it, AV is not always right and doesn't always protect you either. Consider the following:

 

 - Do I know/trust the site I am downloading from?  -  I believe most of the exchanges check for this sort of thing, either way an infected file wouldn't remain up for a long time.

 - Can I trust the files? - If a file has not been changed recently, has a large number of downloads and no comments suggesting a problem, you are probably safe.

 

If the answer to either is not certain, perhaps you may reconsider using the download.

[Indiana Joe 1,750]

Most likely Norton is detecting that the files

 

a)  Come from the internet

b)  Do not have any official publisher signature in them (i.e. they don't come from some trusted company like Microsoft or something)

 

And that's enough for Norton to deem them a threat.  It's like when your phone doesn't want you to install an app that doesn't come from the App Store/Play Store.  As long as you're downloading from trusted exchanges (STEX, LEX, PLEX are all moderated), there's no security risk, as rsc204 said.

[A Nonny Moose 8,261]

As I recall, Norton has a facility called the 'whitelist' which allows non-default sites to be added to its safe sites list.  You should add the STEX, LEX, and PLEX to it.

 

The recent activity indicates an update to Norton.  You might want to monitor when it wants to do that.

[Abrams 1,744]

Don't use norton.If you are carefull enough you don't even need an antivirus program!I have disabled mine.

[Cyclone Boom 16,846]

As a Norton user myself, I've found it does do this occasionally with SC4 downloads. These are usually the ones containing the installers, especially the older "Clickteam" versions on the LEX. Norton can be quite unpredictable with these detections -- some are OK, others are not. If ever in doubt, it's best to use your own judgement as advised above. Especially on tried and tested downloads, there should be no legitimate concerns about malware.

 

To allow a file in Norton:

 

1. View Norton's Security History > Quarantine.
2. Locate the entry and select "More Details".
3. At the bottom click "Options".
4. Finally "Restore & exclude this file" (more info).

 

 

For an extra layer of protection, a useful defence mechanism is to run the files in a sandbox (e.g. Sandboxie). This works by isolating them in a separate environment which is secure from your system. You can continue to run the files as normal, it's just they can't write anything to your user area, unless you specifically allow them. In a way, it's a bit like creating a test region in SC4 -- it won't affect your existing cities. For example, if you run an installer in a sandbox, it'd install to:

 

"C:\Sandbox\<User>\SC4_Tools\user\current\Documents\SimCity 4\Plugins"

 

(SC4_Tools is the name of my SC4 test sandbox).

 

Instead of the default:

 

"C:\Users\<User>\Documents\SimCity 4\Plugins"

 

 

You still may need to allow the file in Norton's settings, as it still scans any sandboxes. Otherwise Norton may again eat them up.

[UndercoverNinja12 176]

Alright, so I haven't exactly figured out how to make the various SC4 sites (STEX, LEX, PLEX) automatically OK in the eyes of Norton, but I did redownload a file and restore it. I figure I'll do that until I can figure out how to go into the settings and solve the problem. I haven't found any guides online on how to do it and I haven't been able to manually figure it out. Does anyone here use Norton, and if you do, do you know how to "whitelist" a website?

 

Also, it said the security risk from downloading SC4mapper was "High". I shouldn't be worried about that, right?

[T Wrecks 10,209]

Nope. You see, AV software often follows the principle that 10 false alarms are less dangerous than 1 undiscovered threat. This also has a psychological dimension: If you get a virus despite the AV software, you're likely to think that the software sucks. If you often get alerts, you will probably feel safe and think "Boy, that software sure saved me pretty often; it must be very good - and very necessary, because threats seem to be abundant".

 

Of course the software will be programmed such that it doesn't disrupt your OS or very common and important software such as MS Office - this would annoy users. However, largely unknown, rare, and highly specialised software written by private individuals and not issued under some sort of licence or certificate doesn't enjoy similar priority and, thus, often gets reported as a threat erroneously.

 

Not quite unlike Abrams124, I regard AV software with considerable skepticism, not least because of the psychology involved - they want you to feel threatened in order to keep you as a user, of course! And they invite you to stop taking care of yourself and trusting in them to tell you what's good and what's bad instead, once again reinforcing your dependency on them and weakening your own judgement. I also do without AV software (and have been doing fine for many, many years), but this is not something that I would recommend generally. It requires tighter security in other places, and that can be difficult to handle.

 

What's important for you right now is that SimCity-related files are known to be problematic for AV software, but I am yet to see a case where such an alarm was actually correct, and I've been around for 10 years in this community, and I am an avid downloader from many sites myself and have been using SC4 modding tools for a long time without any problems.

[UndercoverNinja12 176]

Nope. You see, AV software often follows the principle that 10 false alarms are less dangerous than 1 undiscovered threat. This also has a psychological dimension: If you get a virus despite the AV software, you're likely to think that the software sucks. If you often get alerts, you will probably feel safe and think "Boy, that software sure saved me pretty often; it must be very good - and very necessary, because threats seem to be abundant".

 

Of course the software will be programmed such that it doesn't disrupt your OS or very common and important software such as MS Office - this would annoy users. However, largely unknown, rare, and highly specialised software written by private individuals and not issued under some sort of licence or certificate doesn't enjoy similar priority and, thus, often gets reported as a threat erroneously.

 

Not quite unlike Abrams124, I regard AV software with considerable skepticism, not least because of the psychology involved - they want you to feel threatened in order to keep you as a user, of course! And they invite you to stop taking care of yourself and trusting in them to tell you what's good and what's bad instead, once again reinforcing your dependency on them and weakening your own judgement. I also do without AV software (and have been doing fine for many, many years), but this is not something that I would recommend generally. It requires tighter security in other places, and that can be difficult to handle.

 

What's important for you right now is that SimCity-related files are known to be problematic for AV software, but I am yet to see a case where such an alarm was actually correct, and I've been around for 10 years in this community, and I am an avid downloader from many sites myself and have been using SC4 modding tools for a long time without any problems.

 

Alright, thank you very much. That definitely helps calm my nerves a bit. With all the feedback (not just yours) about the various SC4 sites being extremely safe, I can restore the quarantined files without too much worry (or really any) that my computer will get infected with some kind of virus. I guess you could say this case is pretty much "closed." Thanks for all the help everyone!