
AVG says my programs are viruses (2012) - shubhamjain
http://www.cplusplus.com/forum/beginner/67634/
======
userbinator
I remember when MingW or Cygwin users were complaining that AVs were detecting
"Hello world" binaries as malware too.

IMHO AVs started becoming anti-user when they began detecting "hacking tools"
and keygens/cracks/patches (there are certainly some which do have malware,
but detecting software that does exactly what it claims to do is going beyond
that.) That's acting in the interests of corporations, not users. It's rather
authoritarian and I don't want that at all.

~~~
user5994461
I don't believe that the average user's computer should have hacking tools on
it.

~~~
kazagistar
Irrelevant. The purpose of an antivirus is not to make a user conform to an
average user, its to detect unwanted software. If the user obtains a keygen
for some software, what business does an antivirus have with it?

~~~
user5994461
I'm not talking about the keygens but the hacking tools ^^

It probably is unwanted software.

------
speeder
I stopped using automatic anti-viruses.

SPECIALLY AVG and Avast.

Last time I tried to use them, they immediately deleted without asking if I
allowed it, 80% of my tools and binaries.

It is clear that anti-viruses on Windows are usually more dangerous than the
viruses themselves. (in the end, the virus I wanted to track down, was in my
router, not on Windows :/)

~~~
brudgers
I've been using Microsoft's free anti-virus products on my Windows machines
since Microsoft first started offering them. Third party anti-virus shares
many of the features of malware: difficult to remove; runs at root level; user
tracking; self-updating; and in subscription versions comes with the
proposition of pay up or we will make your computer vulnerable.

On the other hand, Microsoft's interests are less misaligned with mine. They
want to keep Windows secure as do I. Around the edges of tracking and
telemetry, we may disagree. Anyway, my life became much simpler when I adopted
Microsoft's solution for my Windows boxes.

~~~
vram22
>I've been using Microsoft's free anti-virus products on my Windows machines
since Microsoft first started offering them.

Since when did they start offering it? and is it Windows Defender you are
talking about? - thanks.

~~~
mauriciob
Microsoft Security Essentials, since Windows XP. It's been replaced
(incorporated) by Windows Defender on Windows 10.

------
hubetcha
In my experience it is not enough to disable third party Antivirus - it has to
be completely uninstalled. At least one major AV (can't remember which) still
leaves its TCP/IP hooks in the kernel even when disabled making network
traffic several times slower. Customers are aghast at the suggestion that AV
is the problem - surely you are the one with the bad code. They think AV
couldn't possibly slow all disk and net accesses by an order of magnitude.

------
douche
AVG is a threat. When you can't uninstall a piece of software completely with
normal means and have to start ripping it out by the roots with special tools,
there's something wrong.

------
Kenji
Reminds me of those old times when Norton Anti Virus automatically quarantined
the binaries of empty Borland Delphi GUI projects. Eventually I just got rid
of my antivirus altogether because it kept having false positives.

------
rocketier
Well, this particlar peace of code does spread like a virus. It is everywhere.

------
Pica_soO
At our university we had a virus scanner who would without information and
warning, simply delete freshly compiled assembler executable. It was fun,
finding that out. The desk should still have marks where i gnawed on it.

------
stinos
Related: amount of questions on StackOverflow answered with 'disable your
antivirus'. Especially Avast it seems from just scanning through
[http://stackoverflow.com/search?q=disable+avast](http://stackoverflow.com/search?q=disable+avast)
(which anecdotally I've indeed seen cause all kinds of havoc including blue
screens).

------
TazeTSchnitzel
About a decade ago, I made a tiny little executable in Delphi so I could
browse the hard drive contents on school computers, which otherwise hide it
from Windows Explorer using group policy. Mischievous and definitely against
school rules, but harmless.

The school antivirus had a false-positive and decided it was some particular
virus. God knows how.

------
616c
Ok, jokes aside, how many Windows users _that buy things like AVG or have an
IT pro running it for them with AVG_ are legitimately running compilers on any
computer, Windows or macOS? We are a very small fraction of end users. I was
in a training this week and shocked to discover even strings, STRINGS, you
need to download XCode tools now for macOS 12. I did not even bother with
something more exotic. I am afraid to see what our IDS/IPS thinks of Homebrew,
because ...

I know, I know, I am going to get downvoted to hell ...

But seriously, I am aware of one major IDS/IPS flags WSUS Offline Update and
blocked me from downloading the zip. So that means they throw signature up
there without even inspecting it I bet... to block a tool that streamlines
updates on Winboxen? Thanks for protecting me!

[http://download.wsusoffline.net/](http://download.wsusoffline.net/)

This tool is open source and merely organizes different patches with common
GNU and FLOSS utilties through AutoIt or some other wrappers. Many of us, who
work in systems management for airgapped or systems way behind where Windows 7
updates now fail because of their recent infra changes and might even finish
scanning for days[0], need this to keep updated. I get it is not a blessed
tool, but I am so unqiue in this regard? I think these vendors impose their
own idea of systems management, which is really variable as everyone does it
their own way. Addressing that requires complexity, which is why we are here
in the first place.

I handle a lot of end-user computers, so let me be clear, such behavior is
atrocious. But how many of you have known/used Software Restriction Policies
or AppLocker on Windows? This burning the whole forest for the trees thing is
not only common, it is critical to the gimmicky heuristics nature of old
school anti-virus.

Then again, Windows ships PowerShell, in a vain attempt to not be VBScript
again, with Bypass features to a neat concept of signed script code, and we
have things like state of the art system manipulation with blessed Microsoft
tools and .NET code generation on the fly with PowerSploit, which no
AV/IDS/IPS will catch without being properly tuned, since that is close enough
to admin behavior (really any PowerShell) to be much harder to stop.

[https://github.com/PowerShellMafia/PowerSploit/commits/maste...](https://github.com/PowerShellMafia/PowerSploit/commits/master)

[0] [http://wu.krelay.de/en/](http://wu.krelay.de/en/) for the uninitiated

------
mmastrac
This reminds me of my adventures with Avira's terrible web heuristics half a
decade ago:

[https://grack.com/blog/2010/03/17/the-sorry-state-of-
avira-a...](https://grack.com/blog/2010/03/17/the-sorry-state-of-avira-anti-
virus-heuristics/)

------
iKlsR
Had this same issue some 5 years ago on an old system. More comprehensive
answer here [https://stackoverflow.com/questions/7987712/why-does-
avganti...](https://stackoverflow.com/questions/7987712/why-does-avgantivirus-
detect-an-executable-produced-from-dev-c-as-a-virus)

~~~
thedoctor79
I'm sorry, but the quality of comments on that question is really low, apart
from one. A malicious compiler can easily insert malicious code into you
executable, and if you are not able to trust your compiler or read the code it
generates, then you would be better off relying on the antivirus. Then again,
with the prevailing mentality of most Windows users of installing packages
from untrusted sources and running unknown binaries without understanding the
risks, it is not surprising.

~~~
userbinator
How many malicious compilers have you actually seen in the wild (in 2012, when
that post was written)? And indeed if there were any, why would an AV not just
detect the compiler itself?

~~~
OJFord
> _why would an AV not just detect the compiler itself?_

Because then users of a binary need to trust that the compiler-user had an AV
installed.

------
thedoctor79
First question I would ask: what compiler are you using, and have you audited
the binary it spits out. Sometimes it pays to know a little assembly and be
able to use a debugger.

------
gravypod
This also could just be a test sample that's in the system. There are a few
test codes for antiviruses and these companies may be using these as test
binaries.

