Re: [isabelle] A few questions about Isabelle2013



On 1/15/2013 6:09 AM, Makarius wrote:
On Sat, 12 Jan 2013, Gottfried Barrow wrote:

NORTON QUARANTINES POLY.EXE

Norton quarantines "contrib\polyml-5.5.0\x86-cygwin\poly.exe", but it started doing that with Isabelle 2012. With Isabelle 2013, it gives me a error message that it didn't give me before about not being able to find the file. Users in the future should be aware of that. I just unquarantine poly.exe, and know that it's going to happen when it gets run for the first time on a computer on which I run Norton.

So is there some way to buy "protection" for poly.exe from the Norton mafia?

I sent an email to Norton telling them they're flagging a legitimate product that's being produced by Cambridge and TUM. What you need is to get in their database of legitimate programs. They use a huge database of known good and bad programs to speed up their scans.

Norton has two types of scans, a scan to check for whether it's known to be infected, and a scan to check for whether it looks suspicious, and if it does look suspicious, they make decisions based on it's reputation among the user community.

Poly.exe is getting flagged based on reputation. It has none, and it's not a native Windows application, so it kind of makes sense.

If I didn't have lots of experience knowing the difference between Norton's typical behavior with normal Windows installs that I download from legitimate looking web sites, and programs that come from "other" places, I might get rid of Norton, because I've used Avast and AVG and know they're more lenient.

However, I keep Norton because no one has so far broken into my bank account. The "reputation" scan is short term pain, but long term gain. They're doing more than just looking at known virus signatures.

I think it's their attempt to deal with things like zero-day attacks:

https://en.wikipedia.org/wiki/Zero-day_attack

Here are the results of 3 sites that I had check poly.exe. (I don't know if the results will show up for you using these links.)

https://www.virustotal.com/file/6c296b99e0a6d5ac50009bd52d325e683f3ae2515ebae41f8ab46aceb1473eaa/analysis/1358256081/

http://virusscan.jotti.org/en/scanresult/96b63157b869b555c344913bbd059127d2f59b1d

http://r.virscan.org/report/288e325b3bac3aa4d09586b4d3bf37d9.html

The good news is that poly.exe is flagged only by Symantec out of about 47 anti-virus programs, and only based on their reputation scan. The other good news is that I use Norton, so you at least know it could happen to a user.

Regards,
GB










This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.