Jump to content
SecretMbr_735754

Norton False Positive on SC4 Devotion and LEX

13 posts in this topic Last Reply

Highlighted Posts

Posted:
Last Online:  
 

As a lot of files for SC4, dependencies and information links exist between Simtropolis and SC4 Devotion and the LEX, I noticed that no mention has been made yet here that Norton Antivirus is reporting the site a potential threat and blocking it.  There are only 2 older files that are causing the warning.  Norton Antivirus flags entire sites for risky files only because they are rarely downloaded.   The site administrator explains the situation in the following thread on SC4Devotion and also explains that the 2 older files are clear of any virus on the Norton warning page that comes up when you try to access the site. 

https://www.sc4devotion.com/forums/index.php?topic=17768.msg517897

  • Like 2

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

Just one more reason not to use Norton. Keeping you safe by assuming everything is somehow unsafe, way to go. I mean seriously, if you are going to go as far as to block entire sites, have the decency to spend 2 minutes checking the files in question first. I've never liked Norton personally, in fact most paid AV is a con if you ask me. The free ones are usually just as good. Every time I've dealt with viruses/trojains they made it past the AV software just fine.

 

  • Like 7

Head over to my Lot and Mod Shack to keep abreast of my latest developments.

Do you like custom textures, but don't like all the work involved creating them?, take a look at the Texture Automation options here. Change the look and feel of your transit networks, with the minimum of effort, for example customised versions of my Sidewalk NAM (SWN) and Terrain Grass NAM (TGN) mods, and much more besides.

New to the NAM? Check out my tutorials on YouTube. Latest upload: How to: RHW - MHO Roundabout Interchanges. (Nov 25).

p.s. - I'm MGB over on SC4D and a member of the NAM team.

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

I agree with @rsc204 here.

You see, it's their business model: instil fear of threats in users, and make them feel safe and protected.

=> As long as the best-known and established software/websites are not affected, these companies do not need to fear false positives. It would be bad for them if Amazon or Google stopped working, yes. But some obscure hobby website? All this will do is show the average users: "Oooh look - how dangerous! Gee, that was close. Good thing we are protecting you. Aren't you grateful that you have our software? Just trust us, and you will be safe and sound. Because OMG LOOK AT ALL THOSE THREATS OUT THERE!!! Better not think. Leave the thinking to us."

Of course, that sucks for sites such as Simtropolis. Norton and other companies don't care about sites like that. Reporting false positives there will make users feel more threatened (by that evil site), but - fortunately - protected (by that great software). It actually supports the companies' business model! Therefore, they have no motivation to optimise their engines for false positive avoidance on hobby websites, and you can expect false positives to occur occasionally, no matter which AV software we're looking at.

____________________

On a more general and slightly ranty note, these programmes can also undermine their users' intuition and thinking. By trusting a tool, users might think that it's OK to click anything because "my AV software will protect me".

At the end of the day, viruses require your cooperation. They don't just materialise on your computer. Now you might say "but what about the so-called 'drive-by downloads' where a virus will spread if you visit the affected website?" But even there, your help is needed, although you may not be aware that you're helping. If you visit that site with a "vanilla" browser, the browser will blindly execute all the scripts on that site - and that's where you get your virus. It's like telling your browser "Go there and fetch me everything - no matter if it's a big red stick with a strange cord coming out of it that's burning down". And then - BOOM. This is why I have ditched AV software altogether many years ago and switched over to restrictive software settings (script blockers, all automatic execution functions off). It's less convenient at first and probably not for everyone. I wouldn't recommend it explicitly. All I'm saying is that it has worked out great for me, and that you cannot trust AV software. If anything, it should be one of your tools, not your strategy - just my $ .02.

 

 

  • Like 9

-=| You can choose a ready guide in some celestial voice ||| If you choose not to decide you still have made a choice |=-
-=| You can choose from phantom fears and kindness that can kill ||| I will choose a path that's clear - I will choose free will |=-

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

Thanks for starting this thread and bringing the information here, RandyE.  I myself am one of the Norton users who was getting blocked.  I did just go ahead and disable the Norton Security Toolbar extension on Firefox, which leaves the rest of Norton operational, but kills the interruptions. Their whole "Minority Report" shtick with all the SONAR/Insight nonsense they added in the early part of this decade is really a menace to non-commercial hobby sites, and a disservice to their end users.

I have submitted a "false positive" report to Symantec as of a couple days ago, and I believe at least one other user may have as well, but they advise that it may take them "10 to 12 days" to resolve.  In the meanwhile, the "blacklist" they've placed us on has negatively impacted our search engine rankings, though fortunately, it doesn't appear it's really hurt site activity that much.  The bigger issue, however, is that it causes virtually any file with an installer off our site to get flagged with WS.Reputation.1, a non-virus "guilt-by-not-being-a-heavily-downloaded-commercial-file" label, which automatically gets quarantined.

As there has been some on-and-off talks about repackaging some files (particularly older, frequently used dependencies) as .zip files instead of installers, we are discussing the possibility of moving that project up on the priority list, as even before Norton's recent pants-on-head stupid moves, that had been a regular source of complaints.  I do actually have non-installer versions of the two files that Norton is holding against us (one of which has been on the site for 10 years!) at the ready, in case we go that route, though I'd like to see Symantec do the right thing and exonerate us for something that was clearly their mistake.

(Also, nice Rush quote in the sig, T Wrecks!)

-Tarkus

 

  • Like 8

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

Symantec has, as of sometime this morning, removed the false positives from our Norton SafeWeb rating, with the original installer versions of the files still in place, so they've corrected things (at least for now).

On 5/17/2017 at 8:20 PM, SimCoug said:

Thanks @Tarkus  - personally, I would not be sad to see the installers take a hike.  Though I can't imagine what a pain that would be to undertake.  :boggle:

Indeed--the size of such a project is one of the biggest stumbling blocks.  Even though the false positives on the two installers have been cleared out, it's still something I support doing.  The installers are the one thing that's holding our Dependency Tracker system on the LEX back from reaching its full potential.

-Tarkus

 

  • Like 4

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 
On 18.05.2017 at 5:42 AM, Tarkus said:

...

In the meanwhile, the "blacklist" they've placed us on has negatively impacted our search engine rankings ...
...

 

This is a very unpleasant thing that happened through no fault of the site !!! :ninja:

  • Like 1

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

I do use Norton and just logged onto SC4Devotion.  So it does appear that it is working now.

  • Like 1

9a5bb342.png.0e1b17a8c9297b433bc28db6f3934b10.png "You run and run to catch up with the sun but it's sinking.  Racing around to come up behind you again.

The sun is the same in a relative way, but you're older.  Shorter of breath, and one day closer to death."

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

I've seen something similiar to this on the Anjunabeats forum where google will tell you the site isn't safe when there is no issue with it at all. I think it has to do with the forum software being configured incorrectly. This still seems to occur. Its been happening for at least a few years. 

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

McFee, Norton Security are all a pain in the eye ! Non trusted sights I welcome; trust worhty sources it really hurts as these are indeed most hoby orientated, small. SC4 Devotion last week the Berliner Dome gave a warning, had to disable norton completly to do anything, about 3 out of 10 gave a warning like, special bsc essentials, most common used.; Mailware another serious isn´t even covered, have to use Roghuekiller wich is a excellent tool, thourough, Ccleaner. Overal complete scan once a month or if really necesary, hate related assumption all is bad !

Sincerely yours,

kschmidt

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

As a word of warning here:  

Microsoft Defender has recently added AI (Automated Idiocy) to its scanning algorithms. This works by using completely different approach to scanning i.e. more probalistic than by signature. As a consequence some (seemingly trivial) VB.NET programs are now flagged as infected. This is a pain because Defender has actually done a good job for me on Win10 since it first came out.

My adjunct program Gamut (a program in the GoFSH package) has been flagged as having a Trojan: Win32/Azden.A!cl marked as severe, and will be quarantined. Despite my submitting this to Microsoft for verification (result - is clean) it keeps getting flagged every time I compile it. So this may pop up for you at random.

If this affects you I suggest you just remove it - it isn't going to end the world - its not an important program. If the problem doesn't stop I'll remove it from the package altogether.

  • Thanks 2

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 
10 hours ago, rivit said:

As a word of warning here:  

Microsoft Defender has recently added AI (Automated Idiocy) to its scanning algorithms. This works by using completely different approach to scanning i.e. more probalistic than by signature. As a consequence some (seemingly trivial) VB.NET programs are now flagged as infected. This is a pain because Defender has actually done a good job for me on Win10 since it first came out.

My adjunct program Gamut (a program in the GoFSH package) has been flagged as having a Trojan: Win32/Azden.A!cl marked as severe, and will be quarantined. Despite my submitting this to Microsoft for verification (result - is clean) it keeps getting flagged every time I compile it. So this may pop up for you at random.

If this affects you I suggest you just remove it - it isn't going to end the world - its not an important program. If the problem doesn't stop I'll remove it from the package altogether.

Horror ! Ms flagged it´s own ol visual basic net programs. Microsoft Defender I aswell got installed on my tablet out of space consciderations. Win 8 got less attention so update´s are mor managable, still wich virus is doing the job we like to do: Avast, Kaspersky....?

Share this post


Link to post
Share on other sites
Posted:
Last Online:  
 

The new MSI desktop I just purchased came with Norton preinstalled...

One of the first things I did after installing SimCity, was to transfer my collected SC4 downloads to the new hard-drive. As they were being written to the new hard-drive, Norton was flagging the downloaded files as dangerous (some categorized as extreme threats) almost as quickly as they were being written. Norton was throwing false positives at me faster than I could correct them...

Obviously, Norton has now been removed. It's worse than useless!

While I've previously used a anti-virus protection scheme similar to T-Wrecks, avoiding antivirus software and instead limiting my browser, I felt the need to add anti-virus this time. The new MSI is easily the most powerful (expensive) computer I've ever owned, and I was just more comfortable adding an extra layer of protection.

I'm currently using Bitdefender. No false positives, no problems with installers so far...

 

Share this post


Link to post
Share on other sites

Sign In or register to comment...

To comment in reply, you must be a community member

Sign In  

Already have an account? Sign in here.

Sign In Now

Create an Account  

Sign up to join our friendly community. It's easy!  

Register a New Account


×

Thank You for the Continued Support!

Simtropolis depends on donations to fund site maintenance costs.
Without your support, we just would not be in our 24th year online!  You really help make this a great community. *:thumb:

But we still need your support to stay online. If you're able to, please consider a donation to help us stay up and running. This helps sustain a platform where we can share our community creations for years to come.

Make a Donation, Get a Gift!

Expand your city with the best from the Simtropolis Exchange.
Make a Donation and get one or all three discs today!

STEX Collections

By way of a "Thank You" gift, we'd like to send you our STEX Collector's DVD. It's some of the best buildings, lots, maps and mods collected for you over the years. Check out the STEX Collections for more info.

Each donation helps keep Simtropolis online, open and free!

Thank you for reading and enjoy the site!

More About STEX Collections