Skip to content

Latest commit

 

History

History
55 lines (26 loc) · 3.42 KB

ANTI-MALWARE.md

File metadata and controls

55 lines (26 loc) · 3.42 KB

UniExtract vs. Anti-Malware Software

Security software often flags Universal Extractor as malicious. But don't worry, UniExtract 2 is safe - if you downloaded it from the official source (https://github.com/Bioruebe/UniExtract2).

UniExtract is not malware, a virus or anything alike. As it is open source software, everyone can look at the source code and find out what the software does. If there is something malicious inside, the community will find and report it.

Why does security software detect malware in UniExtract?

Better safe than sorry

What's worse - saying a harmless tool is malicious or letting a virus slip through? Security software wants to protect you - if this decision leads to some false alarms, that's a trade-off they can live with.

Big companies can put pressure on the developers of anti-malware software, but free and open source programs have a hard time doing so. We have to live with the so called false positives.

It bundles more than 50 extractors

Universal Extractor can unpack a lot of different file types. To do this, it bundles many extractors. If only one of them is detected as malware, the whole UniExtract package itself is as well. Even worse, as new extractors are added with an update the probability increases.

Getting it whitelisted is a pain

Most developers of security software provide a way of reporting misdetections, so they can be fixed. However, it's different for each vendor and sometimes involves a lengthy and inconvenient procedure. Even worse, sending the so called false positive reports usually has to be repeated for every new version of UniExtract.

As this is mainly a hobby project, my time is quite limited and, to be honest, I prefer actually developing the software instead of bothering with this. I try to get UniExtract whitelisted on the most common anti-malware software, but making it work on all existing security suites is just not possible for me. That's the reason why you'll usually see between 1 and 10 engines flagging it when submitting it to services such as VirusTotal.

It has a built-in updater

What does malware often do? - It downloads malicious files.

What does an updater do? - It downloads files.

It's hard to decide whether a program that downloads something is safe or not. Now guess what virus scanners do... Exactly.

It's written in AutoIt

AutoIt is rarely used to write software that's distributed to other people, however in the past it has been used to write malware. Many companies choose the lazy way for their security software: AutoIt = bad. This hits a legit software like UniExtract very hard.

What can I do?

Send a false positive report

Most anti-malware developers have some way of reporting misdetections, so they can be fixed. In case your security software detects Universal Extract as malicious, it would be a great help, if you could send such a false positive report to the company. How this works is different for every program, so please refer to the software's support pages. Thank you!

Set an exception in your anti-malware software

In most anti-malware products you can exclude specific folders from the scan. Set UniExtract's program directory as an exception and you should be good to go.

Switch your anti-malware software

If you often encounter false positives, it might be a solution to switch to a better security software.