Antivirus Suites Block DSEO

**Regeneration** · 8 September 2009, 22:49

It has come to our attention that several Antivirus suites have listed our Driver Signature Enforcement Overrider (DSEO) as a dangerous file. We originally created DSEO to solve the serious driver signature enforcement problem that appeared after Microsoft removed the permanent command line switch that disables driver signature enforcement in Windows Vista SP1 and Windows 7. Sadly, the only way around this is to press F8 upon startup and choose “Disable Driver Signature Enforcement”, which is temporary and unacceptable. Microsoft has left users without an option to disable the feature permanently.

Driver signature enforcement is indeed a good idea, but it is performed badly. It requires all drivers and system files to be digitally signed with a certificate or they won't run. The problem with signing your files is the fact that the certificate costs thousands of dollars. Of course, that money is not a concern for corporations such as Adobe, but for the majority of developers, which are freeware/open source developers that make no profit, this is simply unforgivable.

Windows is, no doubt, the leading operating system for the personal computer. One of the reasons for its success is the unlimited amount of software available for Windows. These days, you can do anything on your PC, all thanks to software developers. This is one of the reasons why Microsoft is so economically successful.

Most of the software available today is created by millions of non-commercial developers. Most of them are individuals that barely make any money from their software. Instead of getting support from Microsoft for promoting their operation system, now they have to pay for certificates, which they can't afford, to make their software compatible with Windows Vista SP1 and Windows 7. That's why we released DSEO.

One way to make the driver signature enforcement feature into a successful and useful one is to give the consumer the option to disable or enable it. However, a better alternative is to provide free certificates to non-commercial software developers, who deserve special consideration for promoting Windows and boosting its sales. We believe that the second option would be the correct course of action thereby, allowing freeware developers, who can't afford certificates, to receive certificates free-of-charge.

Instead of aiding developers, Microsoft has hindered them! Taking advantage of their authority and power, Microsoft and several Antivirus suites developers have listed DSEO as a virus in their Antivirus suites. Their Antivirus suites are being used as a tool to remove software that Microsoft deems contrary to its outlook, instead of protecting the customer from dangerous files. The consumer is misled. Here is a list of Antivirus suites that being used to mislead the public:

• Avira AntiVir
• Emsi A-squared
• IKARUS Virus Utilities
• McAfee Antivirus
• Microsoft Security Essentials
• Panda Antivirus
• Prevx

We highly recommend avoiding the Antivirus suites listed above. There are many alternatives that do not operate in this manner. In addition, we will introduce a new version of DSEO in the near future to make it harder for these corrupted Antivirus suites developers to blacklist. Antivirus software should protect its users from dangerous files; it shouldn't mislead its users by removing ideologically-incorrect files.

blindartist · 9 September 2009, 00:07

have you contacted the companies and asked them to remove it?

**Regeneration** · 9 September 2009, 00:23

Yes, I will update if I hear anything.

9 September 2009, 04:13

Avira doesn't give a false positive here....

**Regeneration** · 9 September 2009, 05:06

AntiVir (79112) reports DSEO as SPR/Tool.Driverunsign.

RejZoR · 9 September 2009, 06:27

There is no conspiracy theory involved. SPR means "Security Privacy Risk". Others classify this under Riskware. Not sure what others detect but i'm pretty sure they have a specific name. Meaning they aren't false positives.

Corrupt antivirus companies. Roflmao. You guys are running a computer related website and you're shoting nonsense like this. Your tool opens a possible infection vector and is as such classified under riskware. It's not a malware, but in combination with something else, it can be malicious. In your case, allowing unsigned driver to install. Rootkit galore anyone? I'm not sure why you're all so shocked. mIRC is classified under riskware ever since i can tell by many security companies.
Similar goes to FireDaemon, service manager. Or different kind of tools that are designed to terminate running processes or in any way depply manipulate Windows functionality. So, if you think "evil" security companies target only your product, you're completely wrong.

You have to either add the file into exclusions or disable Riskware/SPR checking.
That's a common practice for years.

mkey · 9 September 2009, 07:29

I really doubt there is a conspiracy going on, but it does reveal the whole problem who these antivirus softwares operate today. they should be protecting the system itself, not deleting the programs that might be causing the issue if and ever used improperly. It's just lame, that's all that it is.

However, this can only cause problems for DSEO and NGOHQ reputation.

RejZoR · 9 September 2009, 07:49

Then why do you think it's named "RISKWARE" ? Because it CAN pose a possible security hole. Some antiviruses have riskware disabled by default, some have it enabled by default (especially corporate versions are very agressive regarding this) and for others you just have to manually exclude these files. Riskware is pretty well established term and when something is flagged as riskware, most of ppl don't cause panic. Antivirus warnings also have descriptions for stuff like that or at least they provide the link for more info on their webpage. I wouldn't really worry much if it's detected like riskware. Face it, this tool is riskware if you like it or not.

mkey · 9 September 2009, 08:07

Most people? From people I know, when ANYTHING pops up from the AV, they just remove it to be on the safe side. they don't care about risks nor do they care about false positives, they just remove it, many times without even being aware of what they are removing. but I guess your people aren't the same as mine people.

And this stupid riskware label, its risky because someone could abuse it? Well fuck me all over, then IE is the larges piece of shit riskware softwares if I ever saw one. Is it labeled as such?

Also, try reading for a change, where id I refuse to accept DSEO as anything?

RejZoR · 9 September 2009, 09:18

Well you can fuck them all over if you want, that will not change anything.
DSEO is riskware by all definitions. And you can't throw IE into that definition.
By that you have clearly show me that you have no clue about this topic.
DSEO disables ALL digital signatures enforcements so ANYTHING can be installed on the lowest level.
Meaning any ring0 malware will be able to install on the system without even notifying the user. Because system doesn't care anymore if the low level driver is signed or not.
Does IE do that? Sure it doesn't. If it's exploited in any way, thats not MS's problem, apart from being obliged to fix the security bug. Because thats just not it's primary function. However only and primary function of DSEO is disabling of signature enforcement. I think i've made my example perfectly clear.