Thursday, July 30, 2009

MessenPass with alerts in only 2 Antivirus programs out of 41 - is it possible ?

As I already reported in the past, MessenPass, my password recovery tool for Messenger applications, is falsely detect as Virus/Trojan/Malware by many Antivirus programs.

Currently, according to this virustotal report, 18 out of 41 Antivirus programs shows a virus alert for MessenPass utility.

So I decided to make a nice test. I took the same code of MessenPass, and recompiled it with different compiler optimization options.
I also left it without UPX compression that I usually do with all my utilities.
I posted the new build of MessenPass for testing in VirusTotal Web site, and here's the amazing result:

Only 2 out of 41 Antivirus programs trigger a virus alert for the new build of MessenPass.
Just to be clear - It's still the same version of MessenPass (v1.26) like the original MessenPass with the 18 Antivirus alerts.
I simply compiled the same code of MessenPass with different compiler options.
avoiding from UPX compression also helped a little, because after compressing the same file with UPX, I got 5 virus alerts.

Currently, this build of MessenPass is only posted in this blog, while the I left the original build in the MessenPass Web page.
It's interesting to see whether the Antivirus companies read or scan my blog.
If they do, the number of virus alerts in this MessenPass build will increase very soon...


Blogger Rarst said...

Heh, shows how "efficient" signature-based approach is. By the way had antivirus products gave up on heuristics? It was supposed to be big thing and ended up useless, don't remember a single example of it catching anything using any AV soft.

July 31, 2009 1:38 AM  
Blogger Aaron said...

I can't tell you how many times I've been frustrated by Symantec's Norton Anti-virus product when I insert my tools drive and have various of your utilities deleted without warning. They just end up gone. They aren't even quarantined.

While it's good you are able to make your program undetected as a problem, I see that Symantec is still on the list. Since they make their product harder to disable, it makes it harder on me to use the tools.

August 4, 2009 4:52 PM  

Post a Comment

<< Home