1. SPS Accounts:
    Do you find yourself coming back time after time? Do you appreciate the ongoing hard work to keep this community focused and successful in its mission? Please consider supporting us by upgrading to an SPS Account. Besides the warm and fuzzy feeling that comes from supporting a good cause, you'll also get a significant number of ever-expanding perks and benefits on the site and the forums. Click here to find out more.
    Dismiss Notice
Dismiss Notice
You are currently viewing Boards o' Magick as a guest, but you can register an account here. Registration is fast, easy and free. Once registered you will have access to search the forums, create and respond to threads, PM other members, upload screenshots and access many other features unavailable to guests.

BoM cultivates a friendly and welcoming atmosphere. We have been aiming for quality over quantity with our forums from their inception, and believe that this distinction is truly tangible and valued by our members. We'd love to have you join us today!

(If you have any problems with the registration process or your account login, please contact us. If you've forgotten your username or password, click here.)

Black Wyrm Lair Unsafe? (False positives)

Discussion in 'BG2: Throne of Bhaal (Classic)' started by Splunge, Feb 13, 2010.

  1. Splunge

    Splunge Bhaal’s financial advisor Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!)

    Joined:
    Jun 7, 2003
    Messages:
    6,815
    Media:
    6
    Likes Received:
    336
    Not sure if this should be here, Techno-Magic, or elsewhere.

    I occasionally pop in to BWL. This is the second time my anti-virus is telling me the site is unsafe. Here is the report:

    http://safeweb.norton.com/report/show?url=blackwyrmlair.net

    It lists 6 threats:

    (Note: It seems that this Board's software is automatically creating the links to the supposed threats in the quoted section; the threat report is just text without links. I wouldn't advise clicking on the links in the quote.)

    Anyone else have this issue?
     
    Last edited: Feb 13, 2010
  2. Taluntain

    Taluntain Resident Alpha and Omega Staff Member ★ SPS Account Holder Resourceful Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) New Server Contributor [2012] (for helping Sorcerer's Place lease a new, more powerful server!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) BoM XenForo Migration Contributor [2015] (for helping support the migration to new forum software!)

    Joined:
    Jun 11, 2000
    Messages:
    23,665
    Media:
    494
    Likes Received:
    574
    Gender:
    Male
    I'll go out on a limb and say that those are false positives, which are very common with mods, trainers, editors and such due to their nature. I get reports of "infected" files on SP from people all the time, but it's always false positives. Anti-virus software in most cases isn't intelligent enough to be able to identify when a program is doing things like altering data which is harmless vs. when it could be potentially malicious. So they err on the side of caution and you get a bunch of false positives. Still, I always check just to be safe. You can PM Baronius here and ask him to check those files just to be safe.
     
  3. Splunge

    Splunge Bhaal’s financial advisor Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!)

    Joined:
    Jun 7, 2003
    Messages:
    6,815
    Media:
    6
    Likes Received:
    336
    Yeah, I kind of figured that my AV was being overly cautious, but I wasn't sure. I noticed that, shortly afer I posted, Sikret visited the TOB forum, so I'm sure he's looking into it.
     
  4. Sikret Gems: 13/31
    Latest gem: Ziose


    Joined:
    Apr 21, 2006
    Messages:
    573
    Likes Received:
    4
    Thanks, Splunge!

    I just sent a PM to Baronius at BWL to look into this case accurately. Do you receive the alarm when you visit the forums or the Dragonshoard download page?
     
  5. Splunge

    Splunge Bhaal’s financial advisor Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!)

    Joined:
    Jun 7, 2003
    Messages:
    6,815
    Media:
    6
    Likes Received:
    336
    The forums. (And I just went there again, and got the same report.)
     
  6. Baronius

    Baronius Mental harmony dispels the darkness ★ SPS Account Holder Veteran

    Joined:
    Aug 13, 2002
    Messages:
    1,783
    Likes Received:
    14
    They are all false positives.* (Nonetheless, I removed all the 6 files from BWL, see the later part of this post for explanation. Splunge, the title of this topic is not valid in that question form anymore and may be a little bit "misleading" for vague readers, could you update it somehow to reflect the truth?)

    Out of curiosity, I checked one of the files in Virustotal.com (virustotal is a site that checks your file with tens of virus scanners), and it said that exactly the same file was already checked on 14.08.2008 by someone and 11 scanners (from the tens of scanners) indicated trojan matches. Now when I asked the site to re-run its test, only 8 virus scanners found trojan from the tens of scanners it applies. So some scanners actually became more intelligent since then! (Or there is some other reason, but the point remains the same: they are false positive.)

    No matter that they are false positives, for too careful and/or not well-informed visitors, it can be "frightening", so I removed all the six files. In details, I did the following:

    - Secret of Bonehill (2 false positives) is not a BWL mod, and I'm sure it is available at other places too
    - Dark side and Northern tales of the Sword coast (3 false positives) was moved to another host for the time being, and I only link to it on DHDC. Hopefully this will prevent norton from "catching" them.
    - Song and Silence from Gibberlings3 was removed, along with all other Gibberlings3 mods. They informed us very long ago that they don't need our DHDC mirror, but the Council member who was responsible for DHDC (dragon_lord) wanted to keep them (and G3 gave their consent to him).


    ***NOTE*** The norton website used by Splunge caches the results, so if you rerun the test now, it will still show the 6 ""trojan threats"! Once its data will get updated, these matches should disappear.

    ---

    *As Taluntain also pointed out, in certain cases it's really hard to make a difference between malicious code and harmless code. It is a certain type of executable code in the current case (the exe file in the compressed rar archive of the mod), and everyone can imagine the virus scanner's hard job: decide whether a code is harmless to your system, i.e. guessing what the code would do without actually executing it. And to do all this in an efficient way: obviously, the online check does not use some resource-intensive, advanced heuristics.
     
  7. Taluntain

    Taluntain Resident Alpha and Omega Staff Member ★ SPS Account Holder Resourceful Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) New Server Contributor [2012] (for helping Sorcerer's Place lease a new, more powerful server!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) BoM XenForo Migration Contributor [2015] (for helping support the migration to new forum software!)

    Joined:
    Jun 11, 2000
    Messages:
    23,665
    Media:
    494
    Likes Received:
    574
    Gender:
    Male
    I don't see any point in changing the thread title. It's a question, which is answered in the thread. We don't go changing thread titles just because we answer the question in the title. But I'll add (False positives) to it.
     
  8. Baronius

    Baronius Mental harmony dispels the darkness ★ SPS Account Holder Veteran

    Joined:
    Aug 13, 2002
    Messages:
    1,783
    Likes Received:
    14
    It's perfect in this way, that 'false positives' was added.

    I would normally agree with your argument (topics evolve with time, and the initial question can get an answer, and the topic title should not be updated), but this is not about a game problem or local problem, it is about a global website that has lots of visitors. As you also know, too careful people might avoid something even due to the suspicion of something unsafe. I didn't want that people who just take a look at the title but miss the topic for some reason might be under wrong impression.

    Thanks for changing the title, anyway.
     
Sorcerer's Place is a project run entirely by fans and for fans. Maintaining Sorcerer's Place and a stable environment for all our hosted sites requires a substantial amount of our time and funds on a regular basis, so please consider supporting us to keep the site up & running smoothly. Thank you!

Sorcerers.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to products on amazon.com, amazon.ca and amazon.co.uk. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.