4

We currently use Themida for our C/C++ software protection, but the high number of false positives on anti-virus software is disturbing our client base.

Does anyone know any other software protector as good as Themida, but without the "make anti-virus crazy" flag?

hippietrail
  • 15,848
  • 18
  • 99
  • 158
Adabada
  • 41
  • 1
  • 2
  • 1
    @Brian Thanks for the tips, but these questions are irrelevant due to the fact that I'm not deciding whether or not to protect my app. I already did it, I'm just not happy with the way Themida is widely identified as virus/malware/trojan/etc. I'm looking for a good software protector besides Themida, preferably one that doesn't ring so many alarms with AVs. Thanks – Adabada Dec 24 '09 at 11:26
  • @Brian good advice, but more often than not the outcome is still "we need protection". e.g. distributors in Asia basically ask for that. (can't advise on the topic, though, since we rolled our own) – peterchen Dec 24 '09 at 12:36
  • 1
    Working for AV I can give you an advice. Most AV has some sort of whitelisting service (like you send them your binaries before you distribute them to ur customers). Another solution is to put a certificate on all your problematic binaries and "convince" AVs to add this cert to their whitelist (but obviously if ur cert leaks, all your binaries will be flagged later). Edit: Damn, didnt realize this topic is old as hell.. – Kra Apr 05 '13 at 09:34

4 Answers4

2

There are many, but all can look like suspicious: UPX, NSPACK, eXpressor, FSG, telock, ReCrypt, Orien, Aspack, ReCrypt, AcProtect, MEW, Molebox, mpress, EXE STEALTH, yoda’s cryptor, and as soon as a nerw version appears somebody creates an anti-tool. Maybe the solutions would be some kind of DRM protection

skan
  • 7,423
  • 14
  • 59
  • 96
  • 1
    this is an excellent list, specially telock and acprotect seems to be good for protecting simple software, however my software becomes un-runnable after processing with these tools, my program code uses remote thread creation – duckduckgo Jun 29 '16 at 01:54
1

A little to late, but never-mind.

Had the same issue here. The solution is simple. Get a digital certificate linked to your company and sign all your programs with.

If you still get false positives, ask the AV companies giving false positives to white list your program. They will usually white list your certificate.

Niki
  • 558
  • 4
  • 10
  • This is the best solution. Once your cert gets a reputation it will stop triggering false positives. – rollsch Nov 04 '17 at 06:57
  • FYI we had our certificate revoked due a false positive so this is not good advice. When they revoked our certificate it meant our users could not even uninstall the application. We had to instruct them all to use safe mode to remove the app, then install a new unsigned version. Absolute disaster. – rollsch Nov 07 '19 at 05:32
  • Comodo wouldn't even give us a refund despite admitting their mistake. Probably the worst customer service I've ever had. – rollsch Nov 07 '19 at 05:51
0

It's pretty much in the nature of the app, but I don't see what the issue is. You should be downloading as an installer of some kind anyway. There's lots of poor antivirus programs out there and most are worthless anyway, the only way to fix it is to individually contact the antivirus companies but if it's in an installer it should not get pickup up on anyway.

Charles Eli Cheese
  • 777
  • 3
  • 7
  • 2
    Triggering AV fundamentally violates "don't inconvenience paying customers (to much)". Apparently, some leading AV's flag it because *virus authors use it to protect their software*. – peterchen Dec 24 '09 at 12:37
0

Look for protector supporting IEEE Taggants System developed for especially that purpose. Antivirus software will trust executable if it has taggant inside. http://standards.ieee.org/develop/indconn/icsg/taggant.pdf

Andrey
  • 56
  • 4