No, it will quarantine your OS because of too bad reputation.karlchen wrote:Looking forward to the day when Symantec prevents me from logging in to my own notebook, because my reputation is too bad.
Virus Warning: Plugin 'Expander'
Moderators: white, Hacker, petermad, Stefan2
- ghisler(Author)
- Site Admin
- Posts: 48124
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Even worse - Symantec "bad reputation" only means that there were only few downloads from systems with Symantec, so the file is essentially unknown.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
Just to illustrate Christian's words, here is Symantec's own diagnostic screen: Symantec on bad reputation
For more than a year they have known this file, but not been bothered to analyze it. Instead they come up with this braindead nonsense. (Cf. screenshot, please.) Unbelievable.
For more than a year they have known this file, but not been bothered to analyze it. Instead they come up with this braindead nonsense. (Cf. screenshot, please.) Unbelievable.
MX Linux 21.3 64-bit xfce, Total Commander 10.52 64-bit
The people of Alderaan keep on bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine.
The Prophet's Song
The people of Alderaan keep on bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine.
The Prophet's Song
karlchen,
Yeah, Symantec itself does not really have a good reputation.
Their firewall blocked IP's that tried to connect to some well-known trojan ports, so if you wanted to cut a system with Symantec off the internet, you just created one packet with a faked source IP (which would be the DNS server of the target) and sent it to a well-known trojan port on the target machine. Symantec would see the packet and block all traffic to the (faked) source IP, thus blocking all communications with the DNS server, effectively cutting the machine off the internet. Well done!
Roman
Yeah, Symantec itself does not really have a good reputation.
Their firewall blocked IP's that tried to connect to some well-known trojan ports, so if you wanted to cut a system with Symantec off the internet, you just created one packet with a faked source IP (which would be the DNS server of the target) and sent it to a well-known trojan port on the target machine. Symantec would see the packet and block all traffic to the (faked) source IP, thus blocking all communications with the DNS server, effectively cutting the machine off the internet. Well done!
Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.
Hi, Hacker.
They all - the producers of AV software - do not earn their money by protecting us from malware efficiently, but just by giving us the feeling they were really trying hard to protect us.
Heuristics and reputation checks are poor marketing lies to make us believe they were able to detect so far unknown malware, too, whereas in fact their detection still depends on ever growing antivirus definition files (their mug shots), which is only too easily fooled by changing the internal structure of an existing malware programme only slightly.
In brief they sell us the false feeling of being secure, but no real security.
Cheers,
Karl
They all - the producers of AV software - do not earn their money by protecting us from malware efficiently, but just by giving us the feeling they were really trying hard to protect us.
Heuristics and reputation checks are poor marketing lies to make us believe they were able to detect so far unknown malware, too, whereas in fact their detection still depends on ever growing antivirus definition files (their mug shots), which is only too easily fooled by changing the internal structure of an existing malware programme only slightly.
In brief they sell us the false feeling of being secure, but no real security.
Cheers,
Karl
MX Linux 21.3 64-bit xfce, Total Commander 10.52 64-bit
The people of Alderaan keep on bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine.
The Prophet's Song
The people of Alderaan keep on bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine.
The Prophet's Song
Of course, and only complete fools release new viruses w/o checking them on most popular or all AVs...karlchen wrote:They all - the producers of AV software - do not earn their money by protecting us from malware efficiently, but just by giving us the feeling they were really trying hard to protect us.
Well, heuristics and proactive defence systems are generally able to protect by restricting usage of harmful system functions... but it is very hard to detect which application may be trusted and which not (so many AVs simply treat any unknown piece of software untrusted). E.g. recently on some machine I've noticed that Avast completely blocks signed Process Hacker's driver (it is a real pain at all to tell Avast not to block something because it never asks you, it informs you that it have deleted/blocked something, but here even ignore list didn't help)!
-
- Junior Member
- Posts: 18
- Joined: 2015-12-04, 15:05 UTC
Four months later: the expander plugin still has 14 detections, including detections by Avast, AVG, McAfee, Microsoft, Symantec.
Is anyone using the latest version of this plugin? Has anyone successfully installed it? I am too scared to try it out.
Is anyone using the latest version of this plugin? Has anyone successfully installed it? I am too scared to try it out.
The actual version of my Bitdefender Antivirus Pro doesn't find anything.dschordsch wrote:Four months later: the expander plugin still has 14 detections, including detections by Avast, AVG, McAfee, Microsoft, Symantec.
Is anyone using the latest version of this plugin? Has anyone successfully installed it? I am too scared to try it out.
Also the files are from 2014 so there can be no new unknown virus in it.
So I would trust it.
Windows 11 Home x64 Version 23H2 (OS Build 22631.3527)
TC 11.03 x64 / x86
Everything 1.5.0.1375a (x64), Everything Toolbar 1.3.3, Listary Pro 6.3.0.78
QAP 11.6.3.3 x64
TC 11.03 x64 / x86
Everything 1.5.0.1375a (x64), Everything Toolbar 1.3.3, Listary Pro 6.3.0.78
QAP 11.6.3.3 x64
2dschordsch
The 32 bit plugin file is clean if you want to believe the VirusTotal scans. The scanners are bothered by the 64 bit plugin file. If the 64 bit plugin file is compiled from the same source (which I assume but don't know for sure) it's also pretty sure that it's clean.
Regards
Dalai
The 32 bit plugin file is clean if you want to believe the VirusTotal scans. The scanners are bothered by the 64 bit plugin file. If the 64 bit plugin file is compiled from the same source (which I assume but don't know for sure) it's also pretty sure that it's clean.
Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
-
- Junior Member
- Posts: 18
- Joined: 2015-12-04, 15:05 UTC
So i just tried the plugin with Sandboxie and it did not create any files inside the sandbox, after i installed and used it. What do you think, is this an indicator that it is safe?
Re: expander2.wdx "Expander2.ini" "Expander2.lng"
Hello MVV, my search for an thread about expander2 found only this, so I use this to inform you....
This is related to the Expander2 version of 2016 as found at https://totalcmd.net/plugring/expander2.html
With that plugin comes no description how to use and there is at first no "Expander2.ini" for to see the syntax and use itself as INI.
Only if you actively install that plugin per double click or if one open one time the wdx plugin dialog in TC to execute the WDX, that ini file is created.
But if you configure that plugin by hand for some reason, you will be lost if you doesn't happend to have the older 2010-version with the "Expander2.lng" as guideline.
Maybe you want to include the "Expander2.ini" into the download archive or add a small how-to.
For all others , here is the content of that "Expander2.ini" text file, just created it in the same folder as the "Expander2.wdx":
Code: Select all
[Main]
FieldCount=64
Divider=" "
OldStyle=0
CaseSensitive=1
Thank you MVV for maintaining this plugin!
That came up in this Thread in German with some more information:
https://ghisler.ch/board/viewtopic.php?p=427080#p427080
Re: expander2.wdx "Expander2.ini" "Expander2.lng"
Installing per double click is not sufficient, at least, in my case it was notStefan2 wrote: ↑2023-02-14, 11:34 UTC
Only if you actively install that plugin per double click [...] that ini file is created.
But if you configure that plugin by hand for some reason,
you will be lost if you doesn't happend to have the older 2010-version with the "Expander2.lng" as guideline.
This is not needed if you install this plugin as you should, that is by double clicking on the downloaded wdx_Expander2_0.5.1.zip
Thank you MVV for maintaining this plugin