SDRplay_HDSDR download issues viruswarning

Post information or questions regarding SDRplay products here
Post Reply
PE1OSQ
Posts: 4
Joined: Fri Mar 04, 2016 10:31 pm

SDRplay_HDSDR download issues viruswarning

Post by PE1OSQ » Wed Jun 28, 2017 2:23 pm

Recently I started using my RSP2 instead of my RSP1. So I wanted to download softwaredrivers for the RSP2.
When I tried to download SDRplay_HDSDR from the SDRplay site, my virusscanner issued a warning that the file
(name in the download section: HDSDR – version 2.76) contains the trojan "TR/Dldr.Agent.zobat".

When I downloaded the new EXTI/O installer there was no warning. But when I ran that installer my virus checker
refused to execute the file because it contained the trojan "TR/Dldr.Agent.okroy (cloud)".
I uploaded this file to an online virus check platform (http://www.virustotal.com): on that platform three out of 40
viruscheckers found a virus in the EXTI/O installer file.

this result was obtained on two different computers. Both running (legal) versions of WIN7(pro). Installed viruschecker
Avira. Both windows and Avira updated to the most recent version.

1) Anyone have the same experience?
2) I would like the developpers to look into this and have them indicate wheter these are false positives. (or even
better have them change the software so a viruschecker does not issue a false positive).

regards
Jan (PE1OSQ)
Last edited by PE1OSQ on Thu Jan 01, 1970 12:00 am, edited 0 times in total.
Reason: No reason

DanubeBCL
Posts: 203
Joined: Sat Jul 02, 2016 12:39 pm

Re: SDRplay_HDSDR download issues viruswarning

Post by DanubeBCL » Thu Jun 29, 2017 6:33 am

That's always the same story. Some virus scanners do a superficial job and are programmed sloppy. Indeed currently 6 anti-virus engines rate SDRplay_HDSDR_Installer_2.76_2.exe as an evil software. This is about the same hit rate as for software 4.1 for the well known Perseus SDR. The superficial "job" of virus scanners is also an irritant for freeware authors. As soon as one of 60 virus scanners reports malware the reputation of the software author is gone. People ignore that 59 anti-virus engines rate the software benign.
What do do? Difficult to say. It's up to you.
1. You can trust the reputation of SDRPlay and the reputation of 50 virus scanners which show "green" and run the software despite the warning (as many users did without any trouble on their PC).
2. You can be careful, trust 6 virus scanners which assume malware and avoid using the programme.
Interesting that once again McAfee-GW-Edition is among the alerters. This "anti-virus" software often comes up with red exclamation marks while 59 others show "green". No good advertisement for Avira. I believed this company was more serious.
PE1OSQ wrote:or even better have them change the software so a viruschecker does not issue a false positive
This is useless. I have seen "anti-virus" software rating just the same exe benign all of a sudden while they had rated the software evil for several days. A few weeks later exactly the same software was evil again. Just throwing the dice! The exe had not changed in a single bit. You would have to make an individual exe for every virus scanner which reports malware and change your exes almost weekly following the mood of the anti-virus softwares.
73, Heinrich

Reason: No reason

PE1OSQ
Posts: 4
Joined: Fri Mar 04, 2016 10:31 pm

Re: SDRplay_HDSDR download issues viruswarning

Post by PE1OSQ » Thu Jun 29, 2017 1:49 pm

Heinrich, thank you for your reply.

All: To answer the question about "choices": My choice is to be careful.
It is temting to respond in length to Heinrichs reasoning, but this forum is not the place for a discussion about virusscanners and about
who's reputation to trust, who's not to trust and why.

Instead I would like the developpers to confirm that the software that is now on the SDRPLAY site is indeed the one they uploaded there.
Also I would like to suggest that:
1) if SDRPLAY is aware that their genuine software generates false positives, they should indicate that on the download page.
2) it would be very easy for SDRPLAY to offer additional assurance to their customers. On their downloadpage
SDRPLAY could publish checksums (like MD5 hashes)
so downloaders can verify for themselves that the software
they downloaded is indeed what SDR placed on their site (and has not been replaced by malicious third parties).
regards
Jan (PE1OSQ)
Last edited by PE1OSQ on Thu Jan 01, 1970 12:00 am, edited 0 times in total.
Reason: No reason

sdrplay
Posts: 978
Joined: Wed Jan 07, 2015 7:58 am

Re: SDRplay_HDSDR download issues viruswarning

Post by sdrplay » Thu Jun 29, 2017 4:03 pm

These are false positives. We work with anti-virus software companies, but often they can take weeks or months to fully analyse downloads on websites. We have recently received notice from Symantec and others that there are no issues with any downloads from our website.

We always fully check any files that are loaded onto the system for download. We could look at providing hashes but the main issue has really been installers flagging as a threat, when they are not.

If anyone has any concerns over any particular files we can always be reached at http://www.sdrplay.com/support

Best regards,

SDRplay Support

Reason: No reason

sdrplay
Posts: 978
Joined: Wed Jan 07, 2015 7:58 am

Re: SDRplay_HDSDR download issues viruswarning

Post by sdrplay » Thu Jun 29, 2017 4:05 pm

I forgot to mention that we do say on the Start Here system that anti-virus software should be temporarily disabled for the duration of software installs. I will also make that clear on our downloads page.

Reason: No reason

PE1OSQ
Posts: 4
Joined: Fri Mar 04, 2016 10:31 pm

Re: SDRplay_HDSDR download issues viruswarning

Post by PE1OSQ » Thu Jun 29, 2017 8:11 pm

Thanks very much for this confirmation.

If possible I would like to see MD5 hashes for your downloads.

Just another thought: An installer for the EXTI/O files is nice, but in most cases you only need to copy
the EXTI/O DLL to the directory of the program that is going to use it. You could make available these
DLL's without an installer in a compressed file (ZIP or whatever).

Regards,
Jan (PE1OSQ)
Last edited by PE1OSQ on Thu Jan 01, 1970 12:00 am, edited 0 times in total.
Reason: No reason

sdrplay
Posts: 978
Joined: Wed Jan 07, 2015 7:58 am

Re: SDRplay_HDSDR download issues viruswarning

Post by sdrplay » Fri Jun 30, 2017 8:25 am

Jan

You would be surprised how many people don't know where to put the EXTIO files or that the API is also required to be installed for the EXTIO to work. Since we've produced this all in one installer, the support questions regarding EXTIO installs have dramatically decreased. So this is by far the best way for us to deliver the files.

Best regards,

SDRplay Support

Reason: No reason

Post Reply