Ransomware warnings

Questions and Answers : Windows : Ransomware warnings

To post messages, you must log in.

AuthorMessage
Richard James

Send message
Joined: 30 Mar 20
Posts: 14
Credit: 2,129,198
RAC: 1,729
Message 94693 - Posted: 17 Apr 2020, 17:00:47 UTC

This morning I am getting repeated warnings from Bitdefender that rosetta is trying to install ransomware.

So far files are are flagged as "recovered" (implying reset to prev versions).

This appears to be an ongoing problem as previous msgs have noted it.

A fix?

Allowing bypass of check is not a fix.

Thanks.
Richard
ID: 94693 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Grant (SSSF)

Send message
Joined: 28 Mar 20
Posts: 1699
Credit: 18,186,917
RAC: 24,275
Message 94713 - Posted: 17 Apr 2020, 21:53:19 UTC - in response to Message 94693.  

A fix?
Advise Bitdefender there is a problem with their software that they need to fix, and point them here to Rosetta's web site.



Allowing bypass of check is not a fix.
It is when the check is the problem.
Grant
Darwin NT
ID: 94713 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Richard James

Send message
Joined: 30 Mar 20
Posts: 14
Credit: 2,129,198
RAC: 1,729
Message 94716 - Posted: 18 Apr 2020, 0:15:34 UTC - in response to Message 94713.  

Advise Bitdefender there is a problem with their software that they need to fix, and point them here to Rosetta's web site.

Yes, there are 2 sides to the issue. Rosetta code *appears* to be ransomware. Bitdefender is doing it's job.

Both sides need to know what is going on, so both have been advised. And both need to look at it.

Allowing bypass of check is not a fix.

It is when the check is the problem.


No, the Rosetta software is the problem. Unless you know 100% the issue is false bypassing the check is a risk.
ID: 94716 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Grant (SSSF)

Send message
Joined: 28 Mar 20
Posts: 1699
Credit: 18,186,917
RAC: 24,275
Message 94717 - Posted: 18 Apr 2020, 1:29:46 UTC - in response to Message 94716.  

No, the Rosetta software is the problem.
No, it's not.
Software that says there is a problem, when there isn't, is faulty. Broken. Not working. So the producers of that software need to fix it.
It's called a False positive, and it happens all too often when AV/Malware companies get sloppy.



Unless you know 100% the issue is false bypassing the check is a risk.
And since Rosetta isn't a problem, it's not a risk.
Grant
Darwin NT
ID: 94717 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Richard James

Send message
Joined: 30 Mar 20
Posts: 14
Credit: 2,129,198
RAC: 1,729
Message 94721 - Posted: 18 Apr 2020, 3:09:35 UTC - in response to Message 94717.  

No, the Rosetta software is the problem.
No, it's not.
Software that says there is a problem, when there isn't, is faulty. Broken. Not working. So the producers of that software need to fix it.
It's called a False positive, and it happens all too often when AV/Malware companies get sloppy.

Unless you know 100% the issue is false bypassing the check is a risk.
And since Rosetta isn't a problem, it's not a risk.


So someone else's software is always a problem, is that what you are saying?

Unless you, personally, know that Rosetta is absolutely safe, by testing and does not trigger any known tests then it needs to be confirmed.

That is what should be happening with *both* parties.

Bitdefender is aware of the issue, but what is the Rosetta project doing?

The reason for posting the issue here is to advise Rosetta and other users of the issue.
ID: 94721 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Grant (SSSF)

Send message
Joined: 28 Mar 20
Posts: 1699
Credit: 18,186,917
RAC: 24,275
Message 94725 - Posted: 18 Apr 2020, 3:21:40 UTC - in response to Message 94721.  
Last modified: 18 Apr 2020, 3:23:10 UTC

So someone else's software is always a problem, is that what you are saying?
When theirs is the only software making the claim, yes. When what they are making the claim about isn't malicious, it isn't what they claim it to be, then it is obviously a false claim. Because this happened every few months at Seti when one AV programme or anther stuffed up one of their updates. False positives galore. It's happened before, it'll happen again.



Unless you, personally, know that Rosetta is absolutely safe, by testing
Thousands of Tasks downloaded, still no hijacked system. I think that's a pretty good indication. Tens of thousands of other people/systems doing work for the project, with no such claims from their AV software, no problems with their systems is a pretty good indication. That's a lot of testing.



Bitdefender is aware of the issue, but what is the Rosetta project doing?
No idea if they are doing anything, don't know what the time is over there.
And the only thing for them to do, is point Bitdefender to this site & ask them to substantiate their false claims.



The reason for posting the issue here is to advise Rosetta and other users of the issue.
It is always good to know when there is a problem with AV/Malware software returning false positives.
Grant
Darwin NT
ID: 94725 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Richard James

Send message
Joined: 30 Mar 20
Posts: 14
Credit: 2,129,198
RAC: 1,729
Message 94729 - Posted: 18 Apr 2020, 4:03:43 UTC - in response to Message 94725.  

So someone else's software is always a problem, is that what you are saying?When theirs is the only software making the claim, yes.

But how is that known unless someone asks?
What you are saying is "don't bother us".
IMO, not a reasonable approach.
EOT.
ID: 94729 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Grant (SSSF)

Send message
Joined: 28 Mar 20
Posts: 1699
Credit: 18,186,917
RAC: 24,275
Message 94730 - Posted: 18 Apr 2020, 4:27:15 UTC - in response to Message 94729.  
Last modified: 18 Apr 2020, 4:27:28 UTC

So someone else's software is always a problem, is that what you are saying?When theirs is the only software making the claim, yes.
But how is that known unless someone asks?
What you are saying is "don't bother us".
It's a shame you didn't bother reading the last line in my previous post.
*shrug*
Grant
Darwin NT
ID: 94730 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Richard James

Send message
Joined: 30 Mar 20
Posts: 14
Credit: 2,129,198
RAC: 1,729
Message 94731 - Posted: 18 Apr 2020, 4:31:58 UTC - in response to Message 94730.  

So someone else's software is always a problem, is that what you are saying?When theirs is the only software making the claim, yes.
But how is that known unless someone asks?
What you are saying is "don't bother us".
It's a shame you didn't bother reading the last line in my previous post.
*shrug*


Then why didn't you just say that (I did read it...).

Of course, you could have said that in the first place.

This sort of discussion just puts people off.

EOT = don't bother to reply.
ID: 94731 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Sid Celery

Send message
Joined: 11 Feb 08
Posts: 2130
Credit: 41,424,155
RAC: 16,102
Message 94760 - Posted: 18 Apr 2020, 12:38:19 UTC - in response to Message 94725.  

Because this happened every few months at Seti when one AV programme or anther stuffed up one of their updates. False positives galore. It's happened before, it'll happen again.

To confirm, it regularly happens at Rosetta too. Before long, an AV update usually solves the issue.
In the end, exclusion of the Boinc data directories is the wisest solution.

The idea that programmers here are going to inject dodgy code when it's such a lot of work to get the coding of tasks right is... yeah, that's not going to happen. Other projects, I don't know about, but not here.
ID: 94760 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote

Questions and Answers : Windows : Ransomware warnings



©2024 University of Washington
https://www.bakerlab.org