I'm a robot

I got several reports from users with Norton Internet Security and other Symantec products that they are not able to download TexturePacker and PhysicsEditor.

The reason is that they get a "WS.Reputation.1" warning which directly quarantines TexturePacker - not allowing to install or run it.

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

Symantec blocks a TexturePacker update from being installed because they say it has a "bad reputation"

Well - it's a new update - which is why nobody was able to install it yet. And nobody will install it because Symantec tells people not to do so... Since nobody does install it the reputation is low - which causes Symantec to warn people about installing it...

How moronic is that?

I can understand ...

... what they are trying to accomplish with this. But in my opinion it's delivering way more damage to the users than it really helps. Just deleting a file because it's not from Microsoft, Adobe or some other big company is simply not fair.

My Product is a niche product - and every customer I loose hits me hard.

I think it would be ok to warn people about a potential unsafe file - but simply deleting it?

Symantec: You are killing small companies with this!

Symantec gives people the possibility to dispute - by filling a big web form. But what about software updates? Do they expect me to fill the form and beg them to add my software with each release? What about my customers? Shall I tell them to wait until the update is approved?

Help for my customers

For my customers I currently only have 2 ways of fixing it:

If you are uncertain about releasing TexturePacker from the quarantine - you can still run the Anti-Virus-Check against it.

If enough people release it from the quarantine my reputation should build and hopefully solve the problem in the future.

Test it yourself

You can upload TexturePacker's installer to VirScan.org - a service which runs 36(!) different scanners over the uploaded file.

Here's the result for TexturePacker 2.4.5

VirSCAN.org Scanned Report :
Scanned time   : 2012/06/23 21:38:45 (CEST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name      : TexturePacker-2-1.4.5-win32.exe
File Size      : 12254145 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 269c1d24bc61ee4a13b5f0489abef51f
SHA1           : f6deb2ceaa20a0c6eea704edbf5070747ea96a18
Online report  : http://r.virscan.org/d4ffb72844ba1883fa61e995023f88a4

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.4         20120623140115    2012-06-23  7.08   -
AhnLab V3      ...             ..                --          0.17   -
AntiVir        8.2.10.80       7.11.32.106       2012-06-09  0.18   -
Antiy          2.0.18          2.0.18.           0002-18-00  0.17   -
Arcavir        2011            201206041805      2012-06-04  8.22   -
Authentium     5.1.1           201206231019      2012-06-23  1.56   -
AVAST!         4.7.4           120623-0          2012-06-23  8.24   -
AVG            12.0.1787       2433/5088         2012-06-23  2.81   -
BitDefender    7.90123.7319895 7.42701           2012-06-23  4.52   -
ClamAV         0.97.3          15072             2012-06-23  26.73  PUA.Win32.Packer.SetupExeSection
Comodo         5.1             12713             2012-06-23  5.10   -
CP Secure      1.3.0.5         2012.06.24        2012-06-24  1.20   -
Dr.Web         7.0.2.4281      2012.06.22        2012-06-22  22.73  -
F-Prot         4.6.2.117       20120622          2012-06-22  4.47   -
F-Secure       7.02.73807      2012.06.23.06     2012-06-23  7.67   -
Fortinet       4.3.392         15.740            2012-06-23  4.58   -
GData          22.5387         20120624          2012-06-24  5.54   -
ViRobot        20120622        2012.06.22        2012-06-22  0.37   -
Ikarus         T3.1.32.20.0    2012.06.23.81573  2012-06-23  16.13  -
JiangMin       13.0.900        2012.06.23        2012-06-23  2.11   -
Kaspersky      5.5.10          2012.06.23        2012-06-23  8.95   -
KingSoft       2009.2.5.15     2012.6.23.9       2012-06-23  2.90   -
McAfee         5400.1158       6750              2012-06-22  16.87  -
Microsoft      1.8502          2012.06.23        2012-06-23  9.61   -
NOD32          3.0.21          7242              2012-06-22  14.68  -
Panda          9.05.01         2012.06.23        2012-06-23  6.03   -
Trend Micro    9.500-1005      9.212.04          2012-06-23  5.54   -
Quick Heal     11.00           2012.06.22        2012-06-22  3.49   -
Rising         20.0            24.15.03.01       2012-06-21  8.79   -
Sophos         3.32.0          4.78              2012-06-23  4.68   -
Sunbelt        3.9.2539.2      12102             2012-06-23  5.76   -
Symantec       1.3.0.24        20120621.002      2012-06-21  3.09   -
nProtect       20120623.01     11504256          2012-06-23  3.37   -
The Hacker     6.8.0.0         v00040            2012-06-20  0.91   -
VBA32          3.12.18.0       20120622.1130     2012-06-22  20.83  -
VirusBuster    5.5.1.3         15.0.65.0/9016265 2012-06-23  3.46   -

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scanners when and if malware is found. Please judge these results for yourself. 

As you see - not even Symantec's Norton did find any problem with my Software. The only scanner complaining is ClamAV - which detected that part of the installer is packed (I am using the Nullsoft NSIS installer).

Here's the result for 3.0.0b7 - just the same:

    VirSCAN.org Scanned Report :
    Scanned time   : 2012/06/23 22:06:54 (CEST)
    Scanner results: 3% Scanner(s) (1/36) found malware!
    File Name      : TexturePacker-3.0.0b7-win32.exe
    File Size      : 12984945 byte
    File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5            : 7a96e91e6c9f3dc8fb6050dc7dc07fca
    SHA1           : 6312b2b5fe05b2d23d72946ebf75f278a8942241
    Online report  : http://r.virscan.org/c20410a1209575853ba120b8baba9f17

    Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
    a-squared      5.1.0.4         20120623140115    2012-06-23  4.63   -
    AhnLab V3      ...             ..                --          0.15   -
    AntiVir        8.2.10.80       7.11.32.106       2012-06-09  0.18   -
    Antiy          2.0.18          2.0.18.           0002-18-00  0.20   -
    Arcavir        2011            201206041805      2012-06-04  8.13   -
    Authentium     5.1.1           201206231019      2012-06-23  1.47   -
    AVAST!         4.7.4           120623-0          2012-06-23  9.09   -
    AVG            12.0.1787       2433/5088         2012-06-23  3.02   -
    BitDefender    7.90123.7319895 7.42701           2012-06-23  4.32   -
    ClamAV         0.97.3          15072             2012-06-23  4.63   PUA.Win32.Packer.SetupExeSection
    Comodo         5.1             12713             2012-06-23  5.08   -
    CP Secure      1.3.0.5         2012.06.24        2012-06-24  1.22   -
    Dr.Web         7.0.2.4281      2012.06.22        2012-06-22  23.12  -
    F-Prot         4.6.2.117       20120622          2012-06-22  4.67   -
    F-Secure       7.02.73807      2012.06.23.06     2012-06-23  6.29   -
    Fortinet       4.3.392         15.740            2012-06-23  3.18   -
    GData          22.5388         20120624          2012-06-24  5.44   -
    ViRobot        20120622        2012.06.22        2012-06-22  0.41   -
    Ikarus         T3.1.32.20.0    2012.06.23.81573  2012-06-23  17.15  -
    JiangMin       13.0.900        2012.06.23        2012-06-23  2.10   -
    Kaspersky      5.5.10          2012.06.23        2012-06-23  7.75   -
    KingSoft       2009.2.5.15     2012.6.23.9       2012-06-23  3.23   -
    McAfee         5400.1158       6750              2012-06-22  17.36  -
    Microsoft      1.8502          2012.06.23        2012-06-23  7.86   -
    NOD32          3.0.21          7242              2012-06-22  15.91  -
    Panda          9.05.01         2012.06.23        2012-06-23  6.12   -
    Trend Micro    9.500-1005      9.212.04          2012-06-23  5.78   -
    Quick Heal     11.00           2012.06.22        2012-06-22  3.53   -
    Rising         20.0            24.15.03.01       2012-06-21  8.39   -
    Sophos         3.32.0          4.78              2012-06-23  4.87   -
    Sunbelt        3.9.2539.2      12102             2012-06-23  5.94   -
    Symantec       1.3.0.24        20120621.002      2012-06-21  3.16   -
    nProtect       20120623.01     11504256          2012-06-23  2.28   -
    The Hacker     6.8.0.0         v00040            2012-06-20  0.64   -
    VBA32          3.12.18.0       20120622.1130     2012-06-22  21.91  -
    VirusBuster    5.5.1.3         15.0.65.0/9016265 2012-06-23  3.72   -

I can only repeat: This is simply not fair. It's okay to help people to defend themselves against viruses and other malware - but it's not fair to simply delete software because it's not spread wide enough.

Andreas Löw Join the CodeAndWeb Newsletter (privacy policy)
I'm a robot