Windows virus sanity check

PaulStoffregen

Well-known member
Can anyone running Windows please do a quick scan on the files in hardware/teensy/avr/libraries/UTFT/Tools ?

Please also let me know which anti-virus software you use?

Today I got a report about AVG flagging one of these files. I'm pretty sure it's a just false positive, but these are files I didn't build.
 
Win 10 - Scanned "I:\arduino-1.8.1\hardware\teensy\AVR" - this is TD_1.36 installation::

WINDOWS DEFENDER - nothing
MALWAREBYTES - nothing
 
Can anyone running Windows please do a quick scan on the files in hardware/teensy/avr/libraries/UTFT/Tools ?

Please also let me know which anti-virus software you use?

Today I got a report about AVG flagging one of these files. I'm pretty sure it's a just false positive, but these are files I didn't build.

For the version downloaded 6-nov-16 NORTON vers. 22.9.1.12 says nothing found (Win 10)
 
I also use AVG, it warned me yesterday about a threat called SCGeneric.HZL in file ImgConv.exe.

2017-05-05 - Teensy Forum - AVG AntiVirus Arduino libraries UTFT Tools ImgConv.exe.png

AVG was updated automatically 20 minutes before this warning appeared.
 
Thanks everyone. I don't use Windows much, so this really helps. :)

I'm considering having the Teensyduino installer omit these .exe files (and also my own wav2sketch in the audio lib). Does anyone really dig into those folders to use them?

These false positive come up occasionally. Whenever they do, usually someone who has no idea how unreliable anti-virus software really is gets pretty worried. So far none has ever turned out to be real malware. But they do take up support time, which makes me wonder if keeping these files deep within the libraries folder is really worth the trouble? Any thoughts?
 
I'm not sure what do do about executables that you don't create. For the ones you do create, you could use your PGP key to sign the files and publish the signatures on the pjrc web site,for those seeking assurance.
 
Opps - bad link distracted me . . . since you can embed links in the install - just put a link to a download spot on Github? You could link to a readme with any needed details on last date updated and source links etc
 
For the ones you do create, you could use your PGP key to sign the files and publish the signatures on the pjrc web site,for those seeking assurance.

That's an excellent technical solution, but it solves the wrong problem.

Here's one from Arduino a few days ago.

https://github.com/arduino/Arduino/issues/6250

The user was unable to check the MD5 or SHA512 hashes, or even to understand Symantec's messages. PGP isn't going to help.

It's a human perception problem, and the resulting technical support burden, not a technical problem.
 
If I needed to convert an image, I would not dig deep into Program Files to do it. I'd probably use an online converter first or download the .exe myself from the library creator's website. The embedded link and PDF manuals are already extremely helpful.
 
Back
Top