Virus in installation file?

I downloaded ScrivWin beta, but as soon as the download was finished, the file was gone. My antivirus program (Norton) claimed that there was a virus in the file and promptly removed it.

This may very well be a false positive (see the link below, there is a link for developers at the bottom of that page), but I’d like to be sure before I try to install.

community.norton.com/t5/Norton-I … d-p/232155

Can you confirm that the file is ok?
ScrivenerThreat.JPG

According to the page you linked to, near the bottom, it looks like this warning can pop up for brand new software, and should go away as more people with Norton install the beta.

Yes, they say that “newness” is a factor that may cause false positives, but whether that implies age or number of downloads isn’t clear. They also say that new applications should be submitted to the Symantec white-listing program, but I’m confident that this has already been done. I’m sure there’s nothing wrong with the file, but it would be interesting to learn what other downloaders have experienced.

Yep. I’m having this problem too. It’s good to see I’m not alone though. Contacted the Norton people and they said to contact the developer (and that the servers might just be overloaded --heavy traffic, etc.), but I’m sure that it’s the “newness” of it. I’ll keep trying to download every once in a while. :slight_smile:

So unless a developer registers with the AV makers his software will not install. Suddenly the apple app-store isn’t so bad.

Norton does not provide anyway to override this behaviour? How is the “people using this application” counter ever supposed to increment if nobody can install it with Norton running?

I don’t think that installation is the counter for Norton. If indeed they’re counting something it would be the number of virus scans. What is interesting (strange) though is that Norton AV identifies a specific virus signature because the file is new. That’s just weird.

I have just downloaded the file at work, and Eset Nod32 AV that we use here has no problem with the novelty of WinScriv. Let’s hope WinScriv will gather some “oldness” soon so that Norton will let the youngster pass.

The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

Translation:
“You are downloading something that we haven’t had the nod from one of the big boys is ok, so we’re going to pretend we have a clue and justify our existence by pushing scary important-looking claptrap at you, in order to remind you how very very dangerous everything is and how lucky you are that we are here to guard you. Please remember how diligent we’ve been when it comes time to give us some more money. After all, it’s way beyond traditional signatures. Heck, it’s even cloud based intelligence! Does it get any better than that? No sir! It does not! Now, we’ve deleted that for you because its not approved by us. Aren’t you glad we’re here to make decisions for you? You sure are! Have a nice day. That will be $40 please.”

Eddy.

I’m going to have to echo Eddy’s sentiments here.

The file is safe (so far) and, ignoring all the bugs and issues, not necessarily going to destroy your computer (although, admittedly, if you spend long hours typing manuscript after manuscript with this little thing you might eventually wreck your keyboard)…

While I have no doubt that Norton could possibly be a good AV program, my experiences tell me that going back to AVG/avast! (Free) or Kaspersky tend to net better results.

The App-Store is actually a very effective idea, as long as Apple doesn’t go around deciding how developers should code their applications. The App-Store lets Apple do quality control on the software that can work on their products. Not full means of quality control, but you are not likely to find excessively crappily built applications there, and if you do, would have good notice from other users.

It’s a different application distribution model, which reduces the likelihood of your Macintosh crashing from third party programs that Apple have not authorised to be safe. Through the App-Store, Apple has a little bit more control, at the very least (while nicking profits T_T)

The Literature and Latte folks might not want to be outright recommending this, but if it were me, I would just disable the darn antivirus, get the download and install, then turn antivirus back on. But then, I have never been known for my patience when it comes to highly anticipated software. . .

There are a number of programs that can’t install while using certain kinds of antivirus, so learning how to selectively (very selectively) disable it is a good skill! You would only want to do this with programs from reputable publishers, of course. And who could be more reputable than these fine folks? (Don’t have to answer that.)

Ok, I just downloaded the file again at home and you may want to know that this time it has apparently come of age according to the Norton AV tribe standards. Green light!

Heh. Glad that we passed the Cloud Based Intelligence Overlord of Norton Test finally. :slight_smile:

Yes, WS.Reputation is the malware name Norton gives to track that their reputation engine hasn’t accepted that the file is used enough yet in the community. Nice…

The easy thing to do is to go to the Norton Quarantine, and tell it you really want to use the file. This will put it back where you intended to download it, and you can go from there.

I do think there is a whitelisting arrangement at Norton/Symantec, and that is what L&L will need to get set up on so that they don’t bounce Scrivener deliverables. I had also suggested for the time being to put any non-installer executables in a zip file, such as the one yesterday. Better yet to deliver as installer; that way you don’t set off the ‘heuristic’ *i.e. looks like something nasty’ system in Norton.

Just to say it, these false alarms it shows here are actually what will really help you if you happen upon a website corrupted by a drive-by malware attack. Latest of those was the Nobel Prize site, so it can happen to anyone…

Btw, I couldn’t find today’s version after Lee’s message – and became convinced that he was just updating status, and had not put up a software deliver today. Is that correct thinking? Betting it is :wink:. That person Lee is working too hard anyway, however appreciated it is.

Regards,
Clive