Numerous social media and forum posts made over the weekend detail how Windows has produced a warning of “Behavior:Win32/Hive.ZY” when users run everyday applications like Google’s Chrome browser or the Spotify music streamer. "Not all of these associations directly lead to detections, however, if a program installs other programs or files that have poor reputation, then by association that program gains poor reputation," said Microsoft.Microsoft appears to have fixed a problem that saw its Defender antivirus program identify apps based on the Chromium browser engine and/or Electron JavaScript framework as malware, and suggest users remove them. "When programs employ malware-like techniques, they trigger flags in our detection algorithms and greatly increase the chances of false positives."Īnother indicator Microsoft uses is the reputation of other programs the file is associated with - what the program installs, what's installed at the same time as the program, or what's seen on the same machines as the file. Microsoft also said developers should beware of using file obfuscation, being installed in non-traditional install locations, and using names that don't reflect that purpose of the software - traits often found in malware. Reputation accrues - if a software bundler includes components that have poor reputation, the certificate that bundler is signed with gets the poor reputation." This advice particularly holds true for programs that incorporate bundling or use advertising or freemium models of monetization.
Microsoft notes: "We thus advise developers to not share certificates between programs or other developers. However, if a file gains a poor reputation (by for example, being detected as malware) or if the certificate was stolen and used to sign malware, then all of the files that are signed with that same certificate will inherit the poor reputation, which might also see them tagged as malware.
0 kommentar(er)
