Qtox: Virustotal.com reports Trojans in qTox

If those findings should be false alarms (…)

Yep.
Thanks for reporting, those need to be added to trophy case: https://github.com/tux3/qTox/wiki/Problematic-antiviruses

Soon we'll catch 'em all. :|

Mind adding those to wiki & contacting the antivirus producers?

Hi zetok,

Mind adding those to wiki & contacting the antivirus producers?

I am not (yet?) involved in this project, just passing by and learning about tox, so someone else needs to do that for now.

Soon we'll catch 'em all. :|

Why are so many antivirus programs generating false alarms for qTox? What is it in the code that makes it suspicious to them?

Cheers

I have ubuntu so I dont have problems. I could test with ClamAV

@zetok I'll add to wiki

EDIT:

done

Well then, since @ProMcTagonist added info to wiki, closing the issue.

@b2000699

Why are so many antivirus programs generating false alarms for qTox? What is it in the code that makes it suspicious to them?

https://github.com/qTox/qtox-irc-logs/blob/9a93f7e1c7b2572ed55ccf5aa9fde4e010ff6d58/2016/06/%23qtox_20160613.log.txt#L42,L53

Basically, security & reliability code that makes things actually work.

Hi all,

I looked a bit deeper into this topic and updated the wiki accordingly, cleaning things there a bit up by updating the info and archiving the rest. Hope it helps and you like it: Link

Cheers!

Does uTox has the same problem?

I looked a bit deeper into this topic and updated the wiki accordingly, cleaning things there a bit up by updating the info and archiving the rest. Hope it helps and you like it: Link

No, not really.

No, not really.

Hm, I saw that you completely reverted all of my edits. Why did you do that?

Hm, I saw that you completely reverted all of my edits. Why did you do that?

The form you've made would require constant maintenance, which would be a waste of time.

On the other hand, current form requires just adding stuff once, and that's it – no need to waste time on rechecking, etc.

Hm, I disagree with the following arguments:

• Although I see the point that it infused time as reference point, this did not mean automatically that it demands permanent maintenance
• In general, as along as qTox is being recognized to contain malware by antivirus engines, I guess that this topic will need maintenance, generally speaking, indeed. This topic will only rest as soon as all antivirus databases have white-listed qTox. Until this happens - for the sake of generating trustworthiness for new users - this topic will occupy resources of qTox. I did offer my resources for this, but my efforts got completely eliminated.

In any case my edits contained a lot of additional information for users, who want to learn about qTox' antivirus issues. All those got eliminated by a full revert of you. This is pretty discouraging me to further participate in any way.

Regards.

In general, as along as qTox is being recognized to contain malware by antivirus engines, I guess that this topic will need maintenance, indeed.

Sad truth is that antiviruses are simply crappy. No matter which one you pick, it won't offer all the protection you need, and it is going to offer false-positives.

Until this happens - for the sake of generating trustworthiness for new users - this topic will occupy resources of qTox.

Not by much, and it's preferable to limit that as much as possible – simply add a particular antivirus to the list, and be done with it.

In any case my edits contained a lot of additional information for users, who want to learn about qTox' antivirus issues.

Err. The problem is with antiviruses, not with qTox.

You've reworded a few sentences a bit, and you've linked to logs in which I half-jokingly pointed out some stuff that can cause antivirus to "think" that qTox is bad. + rewording of virus scanner report, that someone can just read at source. And you mentioned that you've reported that to antivirus makers.

+ adding a maintenance hurdle, where people would be made to think that effort for something more than just adding antivirus to the list would be required.

Sorry, those changes didn't seem that beneficial, so I've reverted them.

Sad truth is that antiviruses are simply crappy. No matter which one you pick, it won't offer all the protection you need, and it is going to offer false-positives.

I fully agree with you.
But nevertheless most users globally use antivirus software and think that it is something good for them, fully trusting their antivirus software, be it private individuals or corporate users.

Not by much, and it's preferable to limit that as much as possible – simply add a particular antivirus to the list, and be done with it.
+
Err. The problem is with antiviruses, not with qTox.

I understand your standpoint; it is the view of a developer. And from the view of a developer you might be perfectly right in what you say.

But when you look at the problem from the view of a marketing manager, someone can argue that the problem is with qTox and not with antiviruses and that the qTox project is not done with it by just adding problematic antivirus engines to some list! qTox is playing in the security business (yes, even a non-profit free software project is participating in a market when it comes to attract users) where trust is the currency.
So as long as qTox is reported by some antivirus to be malicious, qTox has "the problem", not the antivirus (they don't care all too much), no matter if the technical fault is the other way around.
So, IMHO, a young an upcoming project such as qTox, should care about those antivirus engines to stop creating false positives, provided that the goal of qTox is to gain a big user base.

You've reworded a few sentences a bit, and you've linked to logs in which I half-jokingly pointed out some stuff that can cause antivirus to "think" that qTox is bad. + rewording of virus scanner report, that someone can just read at source. And you mentioned that you've reported that to antivirus makers.

Exactly. And I virus scanned all 4 windows versions, all ~30 GNU/Linux versions and the OSX versions to see what the current state is and posted the result in the wiki. The result was, that only 3 of 54 antivirus engines report only one version (Windows 64 bit installer) to be infected and that all other 51 antivirus engines report all versions of qTox to be perfectly clean.

Then I made it clear in the wiki, that only those 3 antiviruses and only this one qTox version is problematic, while all those other entries listed in the wiki are only for historic reasons, i.e. no problem anymore, separating currently problematic antivirus engines from those who once where problematic but aren't anymore today.

As it is now, someone who reads the wiki at first sight might mistakenly think that all listed antivirus engines find qTox to be suspicious, which is not the case and not good marketing for qTox, at all.

By the way: As of yesterday it is only 2 antivirus engines who report the W64installer to be malicious, since one of those 3 seems to have reacted to my email that I wrote to them.

• adding a maintenance hurdle, where people would be made to think that effort for something more than just adding antivirus to the list would be required.

I can't fully agree to that, since:
a) they could still could just add their antivirus, adding it to the section of currently problematic engines
b) just creating a list of antivirus engines which once where problematic creates no benefit for the marketing of qTox, as I elaborated further up.

Cheers

And I virus scanned all 4 windows versions, all ~30 GNU/Linux versions and the OSX versions to see what the current state is. The result was, that only 3 antivirus engines report only one version (Windows 64 bit installer) to be infected and that all other 51 antivirus engines report all versions of qTox to be clean. Then I made it clear in the wiki, that only those 3 antiviruses and only this one qTox version is problematic, while all those other entries are only for historic reasons, i.e. no problem anymore. As it is now, someone who reads the wiki thinks at first sight that all listed antivirus engines find qTox to be suspicious.

I see, that's a lot of effort.

Reverted revert.

I see, that's a lot of effort

Indeed, it was.

Reverted revert.

Thanks! :-)