the 89 line executable that demos a NOD32 bug

Indeed, it's obvious no further input is to be expected.
However, note that it's not a case about changing AV. He doesn't use NOD32.

That seems to be one of his questions, what can he use. The fact that you didn't read that seems to prove my point, no one reads spam.

 

thank you pedro,

indeed it does seem that anotherjack, GAN are accusing me of doing what they are not doing. READING!

but i would really like an ESET/NOD32 representative to answer these questions.

1. where is this list of toolkits that will give a positive?
1a. since your blocking madcodehook it is obvious that nod32 has a list of toolkits that will give a positive. where are these listed?
2. where is this list of toolkits that give a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?

 

Yet you go on spamming. I did my good deed for the day - i tried to help you, since you seem to need this.

You have 2 options: advise your users not to use NOD32, or figure out what you can use and test it on your own, trial and error.

 

Excuse me? I quoted what he said - "3. a virus switching from madcodehook to another library that does what madcodehook does, does not get the virus caught."

That, to me, indicates that he has some knowledge of alternatives, along with his second point - "2. nod32 does not recognize programs that use other toolkits like madcodehook as viruses."

So, he apparently knows of another comparable library, but chooses not to use it.

 

That's not what i said. I said you obviously don't understand what you read. You seems to interpret everything in your own way.

You have a lot of questions and demand that someone answer. Why do you refuse to answer my questions? Like why spam the board when you are already told there will be no answer.

 

from my posts

please let me know when you become one. till then pipe down.

 

When/if i ever become a eset representative there is a great chance that i will ignore you like the rest of the eset team.
You obviously cannot answer the question why you choose to spam the board for no reason whatsoever. Even you should know by now that your behavior will not make eset post a reply....rather the opposite.
And until you become a eset representative i will not pipe down or listen to any of your demands.

 

i would really like an ESET/NOD32 representative to answer these questions.

1. where is this list of toolkits that will give a positive?
1a. since your blocking madcodehook it is obvious that nod32 has a list of toolkits that will give a positive. where are these listed?
2. where is this list of toolkits that give a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?

 

"I want to see your proprietary information!" "No."
"I'll keep bumping until I get an answer!" "Disk space is cheap, and you'll look like a troll."
"I'll keep posting the same thing over and over!" "Go ahead. See #2"
"I'll tell my mommy!" "She doesn't care."
"I'll use a different library so it doesn't trigger NOD!" "There you go. Have a cookie."
"But then I'll have to do some work!" "Yep."
"That's not fair!" "Life's not fair. Get over it."

<Added to ignore list>

 

i would really like an ESET/NOD32 representative to answer these questions.

1. where is this list of toolkits that will give a positive?
1a. since your blocking madcodehook it is obvious that nod32 has a list of toolkits that will give a positive. where are these listed?
2. where is this list of toolkits that give a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?

 

Have you asked Sophos and McAfee these questions too? After all they target MadCodeHook as well.

If so, what where their answers?

 

unlike nod32 they seem to be able to detect when a library is used my malware and when its not. so while they may detect the libraries presence they do not tag us as a virus because they can detect that an executable is using a library malicously and non-malicously. again unlike nod32.

 

Jack:
1. Ok.
2. It certainly is. He may look like a troll... but he's tenacious on this issue of his (and tons of others - including security companies ):

3. See 2.
4. Probably not.
5. Of course he can do that; but madCodeHook contains a feature no others do: It uses native APIs for different OSs giving it great compatibility a crossed all versions of Windows. And now madCodeHook can only be purchased (it used to be available as open-source) by developers after a background check.
6. Yes, he certainly does have to. Just because Eset detected one and only hooking library which he happens to use.
7. It isn't fair. Because his users use his project using madCodeHook AND NOD32, he has to change. And, based on his join date at madshi.net, he's been using madCodeHook for two years. Of course you can sit there and not care. You don't use madCodeHook.

Go ahead and "use more disk space."

Paul:
McAfee and Sophos only list madCodeHook as potentially unwanted software if very specific, with a high chance of being malicious, APIs are hooked. On the other hand Eset detects it no matter what.

Here's the original thread on the detection of madCodeHook.

... Last reply from me, I hope?

 

Hmm Interesting.

musikit - I think you'll have to just accept ESETs position / answers and work around it. I don't think they are going to give you any info that might compromise their protection. If you do use another toolkit and it starts to get used for malicious software i'd expect it to be added to their detection.

 

As soon as Eset gave musikit a reply he started acting like....well i think no further explanation is needed. Instead of behave like he do he could act like a grown up and give Eset som valid arguments and maybe the result could have been different. At this point i think musikit ruined every chance of making Eset (or anyone else) listen to his whining. Everytime someone try to give him some hints how this could be handled better like to discuss this directly with Eset he only cry about missing contact info and other silly stuff. Then he started whining about how to submit a sample. All of this information is easy to find at Eset's website, but he don't want to listen. With a completely different approach i think everyone would have some sympathy with musikit....now he is just extremly annoying and no one want to help. Being a pain is not the way to get someone to cooperate and help you out.

 

Worked for me when I was 5 years old.

More seriously though, isn't this time the thread got closed? This may have started out to be a valid issue but descended into a farce. This behavior should be discouraged.

 

this thread cant be closed as the issue still exists.

i do understand that eset/nod32 is just gonna flat out recognize madcodehook because they dont feel like actually detecting viruses. its ok if they want to have an inferior security product i dont mind. and i dont mind switching toolkits because while madcodehook's toolkit is great this is obviously a large issue for us.

as far as "whining" if people had read when i originally posted about this bug that i stated they i have been trying to contact eset for sometime (over 2 years) and received no response from their publicly posted information. so telling me to contact directly has already been done and they are not answering. but people would have read that if they actually read.

so as far as this forum is a support tactic for eset to support their nod32 product and as long as this bug exists i will continue to post about it. thread closed, account closed, or not.

i would really like an ESET/NOD32 representative to answer these questions.

1. where is this list of toolkits that will give a positive?
1a. since your blocking madcodehook it is obvious that nod32 has a list of toolkits that will give a positive. where are these listed?
fine you detect madcodehook. this obiously isnt the first library your detecting. for my future and other developers future reference so no ligit program gets picked up as a virus and no one else has to come here and "be a troll" where is this list?

2. where is this list of toolkits that give a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?
i've given plenty of examples of other toolkits and function level apis that have "misued by malware" as they state that madcodehook has been. why are they not blocked?

so while for those that understand my issue i very much appreciate the back up. it seems that eset is not interested in supporting their "virus scanner" and i have already started to recommend at the retail level and at a word of mouth level that users seek other virus solutions. which is pretty much the only thing i can do as this isnt my toolkit so taking the legal response is not within my power. however i am quite disturbed that eset and nod32 refuse to see the bug i've pointed out here in this product.

 

Oh my.

You can't close this thread, it's about the funniest thing I've read today!

Everyone must have figured out by now that musikit isn't a serious software developer; he's a performance artist and comic genius!

I'll now plead for musikit to not reply and save himself but I'm safe in the knowledge that he'll be on to this like a terrier on a rabbit.

Thanks for the giggles.

J

 

i would really like an ESET/NOD32 representative to answer these questions.

1. where is this list of toolkits that will give a positive?
1a. since your blocking madcodehook it is obvious that nod32 has a list of toolkits that will give a positive. where are these listed?
2. where is this list of toolkits that give a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?

 

BTW FYI. i've been on hold with NOD32 for over 2 hrs. is this the kinda of support people should expect?

 

well after over close to 2.5 hrs on hold with eset they have not had a representative pick up the phone, and when i go to leave a message for them to call me back i get disconnected.

just FYI so so everyone knows.

 

Did you really think they will support you after the mess you've made on their official forum? I work in support also and I can tell you - I would not be supportive either.

You KNOW that your questions won't be answered. The information you are asking for is internal and they won't release it on forum.

I think the chances of you getting any support from Eset are very slim. After this thread nobody takes you seriously any more.

Too bad . Don't you think the problem could be handled much better?

 

tomazyk,

i never gave my information to them to know who i was. i never got to talk to a representative...... didnt you ever listen to your mom when she said if you have nothing good to say dont say anything? geez....

 

Well I gues she never gave my that advice (or maybe I didn't listen). Now be so kind - listen your own advice and stop posting the same questions over and over again.

 

im not saying anything bad....

i'm informing NOD32 about a bug in their software and asking for advice on how to proceed.