RegisterHomeNewsForumsArticlesDownloadsSearchContact usChat
Already a member? Sign in.


[ Home / Forums / News ]  
Antivirus Suites Block DSEO
Old 8 September 2009, 22:49   #1
Site Staff

Posts: 12,553
CPU: Intel Xeon W3680
GPU: Nvidia GeForce GTX 970
M/B: ASUS P6T
RAM: 3x4GB G.Skill Ares
PSU: Seasonic S12G-750
It has come to our attention that several Antivirus suites have listed our Driver Signature Enforcement Overrider (DSEO) as a dangerous file. We originally created DSEO to solve the serious driver signature enforcement problem that appeared after Microsoft removed the permanent command line switch that disables driver signature enforcement in Windows Vista SP1 and Windows 7. Sadly, the only way around this is to press F8 upon startup and choose “Disable Driver Signature Enforcement”, which is temporary and unacceptable. Microsoft has left users without an option to disable the feature permanently.

Driver signature enforcement is indeed a good idea, but it is performed badly. It requires all drivers and system files to be digitally signed with a certificate or they won't run. The problem with signing your files is the fact that the certificate costs thousands of dollars. Of course, that money is not a concern for corporations such as Adobe, but for the majority of developers, which are freeware/open source developers that make no profit, this is simply unforgivable.

Windows is, no doubt, the leading operating system for the personal computer. One of the reasons for its success is the unlimited amount of software available for Windows. These days, you can do anything on your PC, all thanks to software developers. This is one of the reasons why Microsoft is so economically successful.

Most of the software available today is created by millions of non-commercial developers. Most of them are individuals that barely make any money from their software. Instead of getting support from Microsoft for promoting their operation system, now they have to pay for certificates, which they can't afford, to make their software compatible with Windows Vista SP1 and Windows 7. That's why we released DSEO.

One way to make the driver signature enforcement feature into a successful and useful one is to give the consumer the option to disable or enable it. However, a better alternative is to provide free certificates to non-commercial software developers, who deserve special consideration for promoting Windows and boosting its sales. We believe that the second option would be the correct course of action thereby, allowing freeware developers, who can't afford certificates, to receive certificates free-of-charge.

Instead of aiding developers, Microsoft has hindered them! Taking advantage of their authority and power, Microsoft and several Antivirus suites developers have listed DSEO as a virus in their Antivirus suites. Their Antivirus suites are being used as a tool to remove software that Microsoft deems contrary to its outlook, instead of protecting the customer from dangerous files. The consumer is misled. Here is a list of Antivirus suites that being used to mislead the public:

• Avira AntiVir
• Emsi A-squared
• IKARUS Virus Utilities
• McAfee Antivirus
• Microsoft Security Essentials
• Panda Antivirus
• Prevx

We highly recommend avoiding the Antivirus suites listed above. There are many alternatives that do not operate in this manner. In addition, we will introduce a new version of DSEO in the near future to make it harder for these corrupted Antivirus suites developers to blacklist. Antivirus software should protect its users from dangerous files; it shouldn't mislead its users by removing ideologically-incorrect files.

Last edited by Regeneration; 9 September 2009 at 23:46..
Regeneration is online now  
  
Reply With Quote
Old 9 September 2009, 00:07   #2
Master of Disaster
 

Posts: 3,720
CPU: AMD PII 1100T @ 4.0Ghz
GPU: MSI 660ti PE OC
M/B: MSI 790FX-GD70
RAM: 8GB 1600
PSU: Rosewill Capstone 750w
Send a message via MSN to blindartist
have you contacted the companies and asked them to remove it?
__________________
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.
blindartist is offline   Reply With Quote
Old 9 September 2009, 00:23   #3
Site Staff

Posts: 12,553
CPU: Intel Xeon W3680
GPU: Nvidia GeForce GTX 970
M/B: ASUS P6T
RAM: 3x4GB G.Skill Ares
PSU: Seasonic S12G-750
Yes, I will update if I hear anything.
Regeneration is online now   Reply With Quote
Old 9 September 2009, 04:13   #4
Kurbster
Guest

Posts: n/a
Avira doesn't give a false positive here....
  Reply With Quote
Old 9 September 2009, 05:06   #5
Site Staff

Posts: 12,553
CPU: Intel Xeon W3680
GPU: Nvidia GeForce GTX 970
M/B: ASUS P6T
RAM: 3x4GB G.Skill Ares
PSU: Seasonic S12G-750
AntiVir (79112) reports DSEO as SPR/Tool.Driverunsign.
Regeneration is online now   Reply With Quote
Old 9 September 2009, 06:27   #6
Dedicated Member

Posts: 123
CPU: Core i7 5820K 4.5 GHz
GPU: ASUS Strix GTX 980 OC
M/B: ASUS Sabertooth X99
RAM: 32 GB DDR4 2400MHz
PSU: Corsair HX750
There is no conspiracy theory involved. SPR means "Security Privacy Risk". Others classify this under Riskware. Not sure what others detect but i'm pretty sure they have a specific name. Meaning they aren't false positives.

Corrupt antivirus companies. Roflmao. You guys are running a computer related website and you're shoting nonsense like this. Your tool opens a possible infection vector and is as such classified under riskware. It's not a malware, but in combination with something else, it can be malicious. In your case, allowing unsigned driver to install. Rootkit galore anyone? I'm not sure why you're all so shocked. mIRC is classified under riskware ever since i can tell by many security companies.
Similar goes to FireDaemon, service manager. Or different kind of tools that are designed to terminate running processes or in any way depply manipulate Windows functionality. So, if you think "evil" security companies target only your product, you're completely wrong.

You have to either add the file into exclusions or disable Riskware/SPR checking.
That's a common practice for years.
RejZoR is offline   Reply With Quote
Old 9 September 2009, 07:29   #7
One issue candidate
 

Posts: 5,062
CPU: C2Q 9400 2.66 GHz
GPU: Gigabyte 4870 512MB
M/B: Gigabyte X48 DS5
RAM: 2x2GB DDRII OCZ
PSU: Chiftec 550W
I really doubt there is a conspiracy going on, but it does reveal the whole problem who these antivirus softwares operate today. they should be protecting the system itself, not deleting the programs that might be causing the issue if and ever used improperly. It's just lame, that's all that it is.

However, this can only cause problems for DSEO and NGOHQ reputation.
__________________
... what?
mkey is offline   Reply With Quote
Old 9 September 2009, 07:49   #8
Dedicated Member

Posts: 123
CPU: Core i7 5820K 4.5 GHz
GPU: ASUS Strix GTX 980 OC
M/B: ASUS Sabertooth X99
RAM: 32 GB DDR4 2400MHz
PSU: Corsair HX750
Then why do you think it's named "RISKWARE" ? Because it CAN pose a possible security hole. Some antiviruses have riskware disabled by default, some have it enabled by default (especially corporate versions are very agressive regarding this) and for others you just have to manually exclude these files. Riskware is pretty well established term and when something is flagged as riskware, most of ppl don't cause panic. Antivirus warnings also have descriptions for stuff like that or at least they provide the link for more info on their webpage. I wouldn't really worry much if it's detected like riskware. Face it, this tool is riskware if you like it or not.
RejZoR is offline   Reply With Quote
Old 9 September 2009, 08:07   #9
One issue candidate
 

Posts: 5,062
CPU: C2Q 9400 2.66 GHz
GPU: Gigabyte 4870 512MB
M/B: Gigabyte X48 DS5
RAM: 2x2GB DDRII OCZ
PSU: Chiftec 550W
Most people? From people I know, when ANYTHING pops up from the AV, they just remove it to be on the safe side. they don't care about risks nor do they care about false positives, they just remove it, many times without even being aware of what they are removing. but I guess your people aren't the same as mine people.

And this stupid riskware label, its risky because someone could abuse it? Well fuck me all over, then IE is the larges piece of shit riskware softwares if I ever saw one. Is it labeled as such?

Also, try reading for a change, where id I refuse to accept DSEO as anything?
__________________
... what?
mkey is offline   Reply With Quote
Old 9 September 2009, 09:18   #10
Dedicated Member

Posts: 123
CPU: Core i7 5820K 4.5 GHz
GPU: ASUS Strix GTX 980 OC
M/B: ASUS Sabertooth X99
RAM: 32 GB DDR4 2400MHz
PSU: Corsair HX750
Well you can fuck them all over if you want, that will not change anything.
DSEO is riskware by all definitions. And you can't throw IE into that definition.
By that you have clearly show me that you have no clue about this topic.
DSEO disables ALL digital signatures enforcements so ANYTHING can be installed on the lowest level.
Meaning any ring0 malware will be able to install on the system without even notifying the user. Because system doesn't care anymore if the low level driver is signed or not.
Does IE do that? Sure it doesn't. If it's exploited in any way, thats not MS's problem, apart from being obliged to fix the security bug. Because thats just not it's primary function. However only and primary function of DSEO is disabling of signature enforcement. I think i've made my example perfectly clear.
RejZoR is offline   Reply With Quote
Reply


Thread Tools
Rate This Thread
Rate This Thread:

Tags
antivirus, dseo, software






All times displayed in UTC
Powered by vBulletin from vBulletin Solutions, Inc.


User Agent   Copyright © 2014 NGOHQ.com - All Rights Reserved   Disclaimer