Paragon Chat > Technical Support

FAQ: Why do I have to exclude Paragon Chat from Antivirus scanning?

(1/3) > >>

Codewalker:
Some of the most common problems people encounter setting up and upgrading Paragon Chat have to do with antivirus, antimalware, and other security scanning software. Step 1 of the troubleshooting procedure is almost always "Disable your AV for the install, and add an exception once it's complete."

Occasionally people ask me why they have to do this. If Paragon Chat is safe, why does it need to be excluded? What about it makes virus scanners so unhappy? So I thought I'd toss up a forum post outlining the reasons that people can point to if needed.

First of all, Antivirus stopped being about blocking specific threats a long time ago. Signature-based AV just can't keep up in a world where dozens of new threats appear every day. Now it's all about two things: Reputation and Heuristics.

Reputation is about who you are. If a piece of software comes from a huge vendor like Microsoft or Apple, and is signed with their certificates, AV is much much more likely to trust it and let it get away with anything it wants. Almost nobody has ever heard of a tiny little fan site called Titan Network, and the software that they make isn't run by very many people. We're certainly not on any AV vendor's known good list. On launch day you might very well be the first person in the world running new code under the scrutiny of whatever brand of AV you use.

This is actually a big problem for small software shops trying to compete in the commercial software arena as well. More and more AVs are defaulting to throwing up scary warnings about or even outright quarantining anything they don't recognize, because it's easier than actually detecting real threats. Small software shops get shafted by that, because it makes non-technical users afraid to run their software when it sets off all of the 'not made by fortune 500 company' alarms. Just google for 'small developer antivirus' and you'll find a litany of complaints about it.

Heuristics is the other way that many AV scanners operate. They do static analysis of code and attempt to guess if it's malicious or not by seeing what it does. Anyone who is familiar with computer science and the halting problem knows that determining this 100% reliably is a proven unsolvable problem, so they make a best effort guess. It's not always right.

Paragon Chat does a lot of things that are considered 'potentially dangerous' and set off heuristic scanners:
* It downloads executable files from the Internet for the self-update mechanism.
* It regularly communicates with third-party servers.
* It runs and manages independent subprocesses, and communicates with them over loopback network sockets.
* It accesses data that it didn't install, that exists elsewhere on your hard drive (the pre-existing COH client data and executable code).
* The client process (new in 1.0) uses dynamic code generation as well as self-modifying code extensively. AV scanners really hate both of these, because static analysis simply doesn't work when the program is writing code on the fly. But it's necessary in order to integrate with the binary-only COH client and allow it to be extended.
CW, you ask, why don't you simply fix Paragon Chat to not trigger these heuristics? Well, two reasons. The first is that Paragon Chat is doing something very complicated and off the beaten path. It's using code and data from other software in ways that its designers never anticipated or intended. It really does need to do all of those scary sounding things to make it happen, there's just no way around that.

The second is that AV companies don't tell anyone how their engines work, or how to modify software to avoid detection. After all, if they did that, the bad guys would just modify their malware to avoid it as well.

So at the end of the day, if you want to run Paragon Chat you have to make a conscious decision to trust us over what your AV software is saying. All we can do is put it out there and leave it up to the community to form their own consensus of whether or not we're deserving of that trust.

Pillezwei:
And HOW do I get Paragon Chat from Avira (Antivir) detecting and blocking it?

Manga:

Do virus alerts happen less often if PC is installed via one of the launchers?

microc:
https://www.youtube.com/watch?v=6PU-9YX9TkI&html5=1

Pillezwei:
So I made some exceptions for Paragon Chat and now it gets a bit further. I thought I got it and then, at the last minute, second even.... there comes this error of
"XMPP was unable to connect!

Make sure your XMPP login information is correct."

I don't even know what that means, but thanks for the help anyway. :D

Okay, that was just my fault, I put on the wrong password or name, that happens.

But now it says:
"Failed to launch client!"


I assume that's worse. ^^

Navigation

[0] Message Index

[#] Next page