Issues Regarding Quarantining, Exceptions, And Settings (or Lack Thereof)

First problem:


BitDefender keeps "detecting" and quarantining a file that is a false positive. I have sent the file in to be reconsidered but I'm doubting it will change. The file is killcmos.com, it's a utility that writes garbage info to laptop NVRAM in the case you come across one with a password protected BIOS so you can access/update/configure such a laptop. It was a very handy tool when I worked as an eWaste recycler because we'd get many laptops in from state offices who'd mass upgraded but failed to clear the BIOS passwords and asset tags, etc.. Yes, it *could* be used for nefarious reasons, but that doesn't make it a virus or malware. Many things can be used for bad, it doesn't make them inherently bad. Regardless, BitDefender keeps detecting this file, I keep telling it to restore the file and add it to the exception list. Why is it not taking the clue and leaving the file alone? Why does it keep seemingly forgetting that I have added the exception?


In the same vein, why is there absolutely no means to manually configure such lists? Why can I not add exceptions to files and processes? I use a program called DisplayFusion for my multi-monitor setup. It was found some time ago that a part of BitDefender was hooking a process for this app, and causing a memory leak. I have to restart the program every day because after 24 hours it has consumed 500+MB of RAM. Users should be able to manually tell BitDefender to leave certain files, processes, and locations alone. I realize it's a free product and you guys don't advertise really, which is huge, but I'm not sure that justifies removing any and all choice from the user. Just a thought.

Comments

  • First problem:


    BitDefender keeps "detecting" and quarantining a file that is a false positive. I have sent the file in to be reconsidered but I'm doubting it will change. The file is killcmos.com, it's a utility that writes garbage info to laptop NVRAM in the case you come across one with a password protected BIOS so you can access/update/configure such a laptop. It was a very handy tool when I worked as an eWaste recycler because we'd get many laptops in from state offices who'd mass upgraded but failed to clear the BIOS passwords and asset tags, etc.. Yes, it *could* be used for nefarious reasons, but that doesn't make it a virus or malware. Many things can be used for bad, it doesn't make them inherently bad. Regardless, BitDefender keeps detecting this file, I keep telling it to restore the file and add it to the exception list. Why is it not taking the clue and leaving the file alone? Why does it keep seemingly forgetting that I have added the exception?


    In the same vein, why is there absolutely no means to manually configure such lists? Why can I not add exceptions to files and processes? I use a program called DisplayFusion for my multi-monitor setup. It was found some time ago that a part of BitDefender was hooking a process for this app, and causing a memory leak. I have to restart the program every day because after 24 hours it has consumed 500+MB of RAM. Users should be able to manually tell BitDefender to leave certain files, processes, and locations alone. I realize it's a free product and you guys don't advertise really, which is huge, but I'm not sure that justifies removing any and all choice from the user. Just a thought.


    I read a little about KillCMOS. From it's description it may not be considered a Virus, however its behavior makes it suspicious and potentially dangerous enough for it to be regarded as one. An Editor's Note at MajorGeeks states the program should be run from DOS, and any good antivirus would detect it. Even with Bitdefender Antivirus Free Edition's Virus Shield off, my web browser alone would prevent me from downloading the file with no to circumvent this. I would not expect KillCMOS to be white-listed and I am unclear if it is a bad thing that it is detected even after declaring an exception for it.


    Your claim still leaves a bit to think about exceptions. I am curious about which module from Bitdefender was superseding the exception.


    You may want to contact customer support regarding your issue with DisplayFusion.

  • Update:


    I was able to download the KillCMOS zip file. On the notes it stated that it would run on Windows 3.x/Win95 (not only DOS) but it was not tested to run under NT. When scanning the container folder the first time, KILLCMOS.COM was quarantined as Trojan.KillCMOS.C. After excluding it, future scans of the same folder left it undetected. I did not try to execute it nor I would try to do that. I understand there may be conditions for this program to have some use but I am in no need for any risks ;) Especially since it had a date of September 28th, 1996, I do not think it may be of any use for me now. I will try to remove all traces of it now.

  • I read a little about KillCMOS. From it's description it may not be considered a Virus, however its behavior makes it suspicious and potentially dangerous enough for it to be regarded as one. An Editor's Note at MajorGeeks states the program should be run from DOS, and any good antivirus would detect it. Even with Bitdefender Antivirus Free Edition's Virus Shield off, my web browser alone would prevent me from downloading the file with no to circumvent this. I would not expect KillCMOS to be white-listed and I am unclear if it is a bad thing that it is detected even after declaring an exception for it.


    Your claim still leaves a bit to think about exceptions. I am curious about which module from Bitdefender was superseding the exception.


    You may want to contact customer support regarding your issue with DisplayFusion.


    Given that the description of it says exactly what it is for, what exactly is suspicious about it? And dangerous? Again, how? It does one thing, and one thing only: write garbage to the CMOS/NVRAM to force the BIOS to load defaults. Nothing more. That is neither suspicious, nor dangerous.


    Update:


    I was able to download the KillCMOS zip file. On the notes it stated that it would run on Windows 3.x/Win95 (not only DOS) but it was not tested to run under NT. When scanning the container folder the first time, KILLCMOS.COM was quarantined as Trojan.KillCMOS.C. After excluding it, future scans of the same folder left it undetected. I did not try to execute it nor I would try to do that. I understand there may be conditions for this program to have some use but I am in no need for any risks ;) Especially since it had a date of September 28th, 1996, I do not think it may be of any use for me now.


    The detection as a Trojan is laughably erroneous, and patently false. It does not carry any payload. KIllCMOS has exactly one condition for its use, and I've already stated that clearly. To me this is just more of the FUD and policing that many AV products have come to do, playing morality police and scaring people into thinking things that have legitimate uses are harmful when in fact they are not. KillCMOS is a utility. Not a virus, not a trojan, not malware. Labeling things falsely erodes my trust in the company to be honest about anything.


    I will try to remove all traces of it now.


    Right click > delete and it's gone. No trying, it just goes away. Because it's not a virus.

  • According to Wikipedia a Trojan is "non-self-replicating ... program containing ... code that, when executed, carries out actions ... typically causing loss ... of data, and possible system harm" [i removed some words about it being malicious ;)]. If anyone ran KillCMOS by accident (of if it was activated by some other piece of code!) the least serious of its effects may be resetting the system time. Furthermore, just the fact that KillCMOS can be used to clear the BIOS password is enough for it to be considered malicious, as so are all cracks used to break security codes or software registration. I am not arguing it would be wrong to break into your own apartment if you left the key inside. I've done it. But if my neighbors saw me doing it, they would have a right to be suspicious about my action. Because of its potential behavior, it is perfectly sensible that KillCMOS is labeled a Trojan. I agree it is not a virus.

  • According to Wikipedia a Trojan is "non-self-replicating ... program containing ... code that, when executed, carries out actions ... typically causing loss ... of data, and possible system harm" [i removed some words about it being malicious ;)].


    I find Wikipedia's definition wanting. A trojan in computer parlance is a program (which may or may not be malicious) which caries/deploys a malicious payload. No payload, no trojan. A program that is malicious on its own is a virus or form of malware. KillCMOS has no payload. It is not a trojan. It does no harm to a machine via hooking, masquerading, hijacking, altering system files, keylogging, or any other malicious behavior. It is not a virus.


    If anyone ran KillCMOS by accident (of if it was activated by some other piece of code!) the least serious of its effects may be resetting the system time.


    Because that's so terribly destructive, nevermind that Windows will set it back to the correct date and time on the next reboot anyway. In reality, on any 64 bit system it fails because it wasn't written to run on them. On a 32 bit system it may or may not reset the BIOS, which in most cases won't matter because the vast majority of folks run on BIOS defaults anyway.


    Furthermore, just the fact that KillCMOS can be used to clear the BIOS password is enough for it to be considered malicious, as so are all cracks used to break security codes or software registration.


    I vehemently disagree, and your attempt to compare it to cracks (which while generally not malicious, do break the law) is ill met. Clearing BIOS passwords is only malicious if you're doing it to a machine you know you shouldn't be doing it on. That isn't the fault of the software, it's the fault of the user. Do you also think guns, spoons, baseball bats, hammers, knives, etc. are malicious because they could be used for illicit purposes as well?


    I am not arguing it would be wrong to break into your own apartment if you left the key inside.


    I'd certainly hope not.


    I've done it.


    As have I. I've also helped friends get back into their houses when they've goofed up as well.


    But if my neighbors saw me doing it, they would have a right to be suspicious about my action.


    No, they wouldn't. They're your neighbors. They know you. They know it's your house. If they thought it suspicious that you were breaking into your own place, then they are dumber than a box of rocks.


    Because of its potential behavior, it is perfectly sensible that KillCMOS is labeled a Trojan.


    No, it isn't sensible, it's nonsensical, for all the crystal clear reasons I've already outlined. If we treated ebverything around us with this incredibly broken logic, we wouldn't have anything, because almost everything can be re-purposed to malicious means.


    I agree it is not a virus.


    Thank $deity for that, though you did call it malicious not too far up, which is pretty close. ;P