Call Me Paranoid

Discussion in 'other software & services' started by Joxx, Jun 23, 2014.

Thread Status:
Not open for further replies.
  1. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    call me paranoid or whatever tickles your fancy
    but why, oh why, does an image viewer have to access the keyboard ?
     

    Attached Files:

  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    maybe because you can use it with keyboard shortcuts?
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Might have to do with "multimedia keys" on many keyboards, which do not have standard keycodes (or whatever the terminology is, I probably have it wrong).

    That's just a guess though. There have been times when legit applications have been trojaned.

    Edit: it can be very hard to tell on Windows. Lots of applications like to go off and do their own thing when run as admin, in order to make things "convenient" for users. Run them in a limited account and you may see features missing or not working; sometimes even outright failures.

    (IMO this is the legacy of 15 years maintaining binary compatibility with a single-user OS.)
     
  4. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    I just submitted the FSviewer 5.1 to VirusTotal.

    zero AV engines out of 54 report is as malicious.
    so it's most likely just your Comodo HIPS acting paranoid. lol ;)
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Uh, not paranoid enough to carefully read the prompt? (after third bold point)
     
  6. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    I read the prompt but this is the only viewer that triggers this type of alert

    couple of months ago I tested XnView, IrfanView and FastStone with Comodo and OA on a Virtual Box
    only Faststone provoked a bunch of alerts (reg keys, keylogger behaviour, etc.)
    I kept it because I thought "it's listed in Softpedia" (and I like some of its options)

    but know (and after another weird situation with a Softpedia listed app)
    I question myself about normal malware behaviour (keyboard shortcut=keylogger)
     
  7. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    437
    Location:
    The Outer Limits
    You are paranoid.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    The very first sentence in the Comodo warning says it all I think. It says "FSViewer.Exe could not be recognized", so Comodo adobts a default no trust stance towards it and throws up a warning that something evil could be happening. Faststone Image Viewer is fine (assuming you got it from the source), I've used it for decades.... Comodo just doesn't know what it is so it doesn't trust it. There is nothing wrong there.....
     
  9. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125

    hummm... maybe it's paranoia
     
  10. guest

    guest Guest

    My guess is XnView and IrfanView are already in Comodo's whitelist database, so they won't trigger popup alerts. Knowing that these three image viewers offer pretty much the same features, I'm sure that you'll get the same popup spams if you enabled the Hell Mode (or Paranoid Mode if you want to be official).

    Your wish has been granted... Use it wisely to destroy the age of darkness oh strong-hearted human, you the chosen one... =V

    No, really, it's good to be precautious.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    After that entry I was disappointed by Spoiler :)
     
  12. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    oh dear, I knew I was right
     
  13. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i played with HIPS back then but i got rid of them.

    because those thing WILL make you paranoid. ;)
    i find it more efficient to upload files to VirusTotal to know the score...
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yep, very true. It mostly depends on your download source.. HIPS will drive you bananas pretty fast... :)
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Always block when in doubt, and see if the app is still able to run normally.

    But I agree, it´s not normal behavior, I would switch to another image viewer, like XnView. :)
     
  16. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    I second that .
    When you use paranoid 'security-software' you really need to have a good understanding of how computers really work,
    otherwise you will end up a paranoid wreck who doesn't get sh*t done due to fear of computer-security .
     
  17. guest

    guest Guest

    CHIPS is good to learn software behaviors though. It makes you know that a video player software shouldn't need to install device driver and patch other executables. Also, it lets you know if a program is truly portable or not.

    That's way too far IMO.
     
  18. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    that's one of the reasons I like HIPS
    and that's why some apps won't find a place in my machine
    and that's why I was upset with Comodo's prompt
    (not because I didn't understand it like some implied)

    even if some programs are trusted (listed in Softpedia and clean in Virus Total)
    I simply don't like the way they behave
    example: why would FastStone trigger that alert months after being installed
    it's probably innocent but I don't like it

    I remember some time ago having a Media Player wanting to use svchost.exe to call out...
    but that's another story
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Same over here, even if it´s a trusted app, I refuse to give them certain high risk permissions when there is no good reason. ;)
     
  20. guest

    guest Guest

    Well any image viewers, media players and web browsers (among other types of software) will trigger logger-like behaviors popups. Switching to another software won't change that fact.

    Then that means nothing but one conclusion: Comodo's whitelist database is so screwed up that it's so unreliable. Case closed. (Why does anyone who's using a CHIPS software want a whitelist database anyway? It's basically killing the purpose of CHIPS protection. What is wrong with you people?)
     
    Last edited by a moderator: Jun 25, 2014
Loading...
Thread Status:
Not open for further replies.