Cygwin setup reporter as malware
Christian Franke
Christian.Franke@t-online.de
Fri Dec 9 18:49:13 GMT 2022
Dan Harkless via Cygwin wrote:
> On 12/9/2022 3:39 AM, Oskar Skog via Cygwin wrote:
>> On 2022-12-07 23:54, Dan Harkless via Cygwin wrote:
>>
>> > No. It's normal and common for software like Cygwin, which has the
>> > power to be used maliciously (as opposed to, say, a Minesweeper
>> game or > something), to have false positives on VirusTotal for a
>> handful of > vendors. I've never heard of SecureAge or Trapmine
>> (hmm, maybe it > *would* flag Minesweeper...), and I'm pretty well
>> educated in the > anti-malware space, so if it were me, I'd just
>> ignore those false > positives and pay attention to the credible AV
>> software results (and the > Community Score).
>>
>> You may have thought you were joking, but...
>>
>> https://www.virustotal.com/gui/file/bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41
>>
>>
>> This is not just *a* minesweeper game, it is *the* minesweeper game
>> from Window XP.
>
> LOL! You're right, I'd never heard about that, and was just using
> Minesweeper as an obviously safe example program. And whaddaya know,
> it's SecureAge and Trapmine (oy!) that "flag" it. I guess the lesson
> is to always ignore SecureAge and Trapmine results on VirusTotal, and
> the OP should suggest VirusTotal drop those two from their AV software
> suite.
>
> Thanks for the amusing link, Oskar.
Amusing, indeed.
This was less amusing: After I released this file Dec 30, 2018, it
scored 7/67 and then 13/70 a few hours later, including well-known AV
vendors:
https://www.virustotal.com/gui/file/bf0416c2e214c6323fdf1af8b853f761c846760f02950453c8a5bb276c961fbe
After FP reports to several vendors, it slowly dropped down to 1-2
detections until March 2019.
Experience since then suggests that some noise of ~2 detections from not
well-known AV is normal.
More information about the Cygwin
mailing list