Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mIRC and AV/antimalware...


  • Please log in to reply
6 replies to this topic

#1 ZT-repairseek

ZT-repairseek

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 27 February 2011 - 03:28 PM

why is it that so many AV/antimalware things insist mIRC is a trojan or a "potentially unwanted program"? why it's no less open to infection than any other internet-accessing program, I've never seen anything that installs mIRC as something you wouldn't have asked for, and never seen anything that says it's harmful in and of itself. having been using it for over a decade, I can say it's not a threat if handled responsibly, just like instant messengers or web browers even.

so what gives? why are all these companies who are supposed to be keeping your PC free of actually malevolent software so obsessively out to get khaled's client for a protocol older than windows itself? one that even the usual malware coders don't bother with these days because it's not as shiny and "beginner-friendly" as an IM program or those so-called social networking things (which are antisocial by their seperated nature, but that's another rant)?

there must be a reason. I simply can't fathom it. anybody got ideas?

Edit: Moved topic from All Other Applications to the more appropriate forum, based on the question asked. ~ Animal

BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:48 PM

Posted 28 February 2011 - 01:00 AM

I've always wondered that too. Even Windows Firewall didn't like it. It might be something in the program's coding that the AVs don't like, but I really can't say I'm sure what. It even says on Khaled's site that your AV or firewall may regard it as a bad guy, though it is not.

The only thing I can think of is that there's something in the coding they don't agree with.

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:48 PM

Posted 28 February 2011 - 08:26 AM

A Potentially Unwanted Program (PUP) is a very broad threat category that can include any number of different programs to include those which are benign as well as malicious. They may also be defined somewhat differently by various security vendors.Some programs falling into the PUP category have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files (compressed, packed) that appear suspicious or which can potentially be used for malicious purposes. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. Since these detections do not necessarily mean the file is malware or a bad program, in many cases cases such detections can be a "false positive". As such, you need to investigate further if not familiar with them.


Edited by quietman7, 28 February 2011 - 08:31 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 PM

Posted 28 February 2011 - 10:10 AM

My idea is that it's guilty by association. IRC has been the number one protocol used by botnets to communicate between clients & control centers.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:02:48 PM

Posted 28 February 2011 - 01:20 PM

Unlike web browsers and IMs, mIRC can be used as a server (i.e., backdoor) into your computer. And all that is required is a little configuration change in the mIRC settings.

#6 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 01 March 2011 - 03:42 AM

and yet, I've seen other such things get ignored. . . either way, it's annoying having to tell a boot-time scan that mIRC is not infact the devil itself.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:48 PM

Posted 01 March 2011 - 07:55 AM

It may be annoying but safety comes first. As I already said, an anti-virus cannot distinguish between "good" and "malicious" use of such programs. There are many other legitimate programs which have such issues with security scanners - See Antivirus "False Positive" Problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users