Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Software protection / code obfuscation that does not trigger antivirus false positives

I'm looking for software protection and/or code obfuscation software like Oreans Themida, VSProtect, ASPRotect and similar. However, antivirus false positives is a deal-breaker for me. I cannot inconvenience or scare away our legitimate users. And unfortunately it seems all of the three products mentioned above suffer from this problem.

My 32-bit native (not .NET) Windows application written in Delphi right now uses custom license managing code, and it works well, however since no code obfuscation is used, cracks are created within hours after each release. So, I'm looking for a product that adds at least some level of protection against crackers and does not create false-positives with antiviruses.

My top priority is non-evasiveness and stability, lack of bugs and antivirus false alarm issues introduced into my software. Level of anti-cracking protection is secondary to that.

like image 618
haimg Avatar asked Oct 01 '11 16:10

haimg


1 Answers

You'll have to roll your own. The false-positives come from "signatures" matching known malware. For example, if some malware uses upx to compress, and a scanner finds upx compiled into your app, you may be mis-identified.
You could get a false-positive just because a scanner saw that you are using Delphi (or any other compiler, for that matter). But the more obscure, the higher confidence that the scanner thinks: "I've found something UNIQUE in here", and cross-references with its catalog of known malware. ]

If airport security worked like the anti-malware companies, I'd be shot on sight in the airport because I'm a male with brown hair, brown eyes.

If the scanner is lazy enough, you can be flagged for the installer that you use, 3rd-party components that you use, resource strings, "random chance", something to do with the code signing certificate, or the compiler that you use.

Someone will make malware with FireMonkey. Some anti-malware (perhaps more than one) will take note of this. For some period of time, it will be trouble for FireMonkey apps.

Here is an interesting discussion: Accidentally created a virus?

like image 186
Chris Thornton Avatar answered Oct 14 '22 14:10

Chris Thornton