I'm looking for opinions on using VMProtect for protecting commercial applications. My main concern is that some anti-virus scanners may flag the protected files as bad.
I scanned NOTEPAD.EXE protected with Demo version of VMProtect with virus total and number of anti-virus scanners reported the suspicious packer or even viruses. Did anyone experienced similar problems when using commercial version of VMProtect?
Is VMProtect used for protecting commercial products? Could you point me to some?
I'm curious if any of these products were flagged as bad by anti-virus scanners.
Regards,
Earl Edwards
Any commercial products protected with VMProtect?
-
earledwards
- Posts: 1
- Joined: Sat Feb 23, 2008 11:25 pm
Demo version have many differences that registered version.I scanned NOTEPAD.EXE protected with Demo version of VMProtect with virus total and number of anti-virus scanners reported the suspicious packer or even viruses.
This AV report of NOTEPAD.EXE which protected by registered version:
http://www.virustotal.com/analisis/81c9 ... 83eec7d8c0
Daemon ToolsIs VMProtect used for protecting commercial products? Could you point me to some?
DeviceLock
CommView
and many many other products...
P.S. I have many talks with AV companies - they do not want to do your job well, because they have not technologies which can detect virus code in programm after protection by VMProtect.
I've the same concern. I would purchase immediately if no major AV software would report a virus on a protected file.
I've tested many protectors (and we have written also our own), but all are at war with AV software. This means you loose more money because of this than because of people using cracked versions.
I've downloaded Commview, used Virustotal on it. F-Prot, Panda and Sophos are reporting a problem. I think they all have at least 1 million users. This would result in major problems.
I've tested many protectors (and we have written also our own), but all are at war with AV software. This means you loose more money because of this than because of people using cracked versions.
I've downloaded Commview, used Virustotal on it. F-Prot, Panda and Sophos are reporting a problem. I think they all have at least 1 million users. This would result in major problems.
)I strongly disagree that Kasperky is a good product.
Kaspersky has 99% detection of old viruses.
When it comes to heuristics, rootkits and performance it plainly sucks.
see e.g. c't magazine 1/2008. 6 new rootkits: f-secure could remove 6, nod 32 5, kasperky only 2 (but detected all 6 and was disabled by 4 of them).
performance wise nod32 is 3 times faster.
heuristics detection - kasperky 24%, nod32 68%.
all in all 17 av programs have been tested and none has got a full recommendation, but Kaspersky was average at best.
But this is all off topic. The real problem is false alarms. If at least one of the 10 major AV programs would report our software as suspicious we would loose both money and reputation.
Kaspersky has 99% detection of old viruses.
When it comes to heuristics, rootkits and performance it plainly sucks.
see e.g. c't magazine 1/2008. 6 new rootkits: f-secure could remove 6, nod 32 5, kasperky only 2 (but detected all 6 and was disabled by 4 of them).
performance wise nod32 is 3 times faster.
heuristics detection - kasperky 24%, nod32 68%.
all in all 17 av programs have been tested and none has got a full recommendation, but Kaspersky was average at best.
But this is all off topic. The real problem is false alarms. If at least one of the 10 major AV programs would report our software as suspicious we would loose both money and reputation.
I don't think that companies would like to reveal their protection system names for security and privacy reasons.
By the way there are some solutions for your question (Antivirus false alarms)
1 ) Use PE scramblers to change your executable structures so that no one can detect VMp on them
2 ) Use PE rebuilders like "Lord PE" or .... and rebuild your VMp protected executable.
3 ) Double pack your VMp protected executable with normal packers or compressors like UPX , ASPack or ....
I've used #3 together with #1 and I've got no problems with Antiviruses
By the way there are some solutions for your question (Antivirus false alarms)
1 ) Use PE scramblers to change your executable structures so that no one can detect VMp on them
2 ) Use PE rebuilders like "Lord PE" or .... and rebuild your VMp protected executable.
3 ) Double pack your VMp protected executable with normal packers or compressors like UPX , ASPack or ....
I've used #3 together with #1 and I've got no problems with Antiviruses
lava wrote:I don't think that companies would like to reveal their protection system names for security and privacy reasons.
By the way there are some solutions for your question (Antivirus false alarms)
1 ) Use PE scramblers to change your executable structures so that no one can detect VMp on them
2 ) Use PE rebuilders like "Lord PE" or .... and rebuild your VMp protected executable.
3 ) Double pack your VMp protected executable with normal packers or compressors like UPX , ASPack or ....
I've used #3 together with #1 and I've got no problems with Antiviruses
Can you please let us know what software you used to "PE scrambler"?
Also can you let us know the packers you used after that?
Thanks!
Re: Any commercial products protected with VMProtect?
I am happy with VMProtect,
because I submit the file protected by VMP to virscan.org and all major anti-virus engines are happy.
because I submit the file protected by VMP to virscan.org and all major anti-virus engines are happy.