rugk 397 Posted December 18, 2014 Share Posted December 18, 2014 (edited) Viber calls out ESET for flagging them, ESET responds with a digital uppercut www.neowin.net @Viber vs @esetglobal #esetsucks vs #esetDOESNTsuck The Threat is detected as: Win32/Toolbar.SearchSuite.W1 potentially unwanted application See also: What is a potentially unwanted application (PUA)? 1 Link isn't working actually and will redirect you to the "latest description" site of virusradar.com. Edited December 18, 2014 by rugk Link to comment Share on other sites More sharing options...
sdalgl72 6 Posted December 18, 2014 Share Posted December 18, 2014 Think I would trust ESET over most companies and also I would like to point out that it's not ESET's fault as such because it's classified as a Potentially Unwanted Program so there for its not classifying it as malware so its up to the user. It's just making the user aware that this software might cause a problem Link to comment Share on other sites More sharing options...
sky7 19 Posted December 18, 2014 Share Posted December 18, 2014 (edited) Update: Viber has contacted Neowin with some clarifications on the matter:Viber software reports that an installation is complete. As I'm sure you know, every installer reports that.Eset says Viber has a toolbar. As we've previously stated, Viber does not and has never had a toolbar.Therefore we stand by our original comments and request that Eset stops blocking Viber unnecessarily.- hxxp://www.neowin.net/news/viber-calls-out-eset-for-flagging-them-eset-responds-with-a-digital-uppercutViber is an well known instant messaging and Voice over IP (VoIP) app (Android, iOS, Mac OS and Windows..etc)I'm disappointing Viber's response because there is no clear explanation about Viber installer's source code.It doesn't matter Viber have a toolbar or not. Their source code is really matter.Transparency and privacy are important. Edited December 18, 2014 by sky7 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted December 18, 2014 Administrators Share Posted December 18, 2014 It's completely irrelevant under what name the PUA is detected. Helper.dll bundled with the sw in question has PUA-like characteristics and thus it's detected as PUA. A simple solution was suggested - to get rid of helper.dll and use packages built using the official NSIS packer. Link to comment Share on other sites More sharing options...
SweX 871 Posted December 19, 2014 Share Posted December 19, 2014 (edited) Focusing on the PUA detection name is a nice attempt from their side to try to move the focus away from the real reason why it is detected. Edited December 19, 2014 by SweX Link to comment Share on other sites More sharing options...
SweX 871 Posted December 19, 2014 Share Posted December 19, 2014 (edited) Wow, many in the article comments section is talking about that "toolbar" that doesn't exist because of the detection name. Someone should clarify that the detection name is irrelevant and the reason for the detection is no invisible toolbar, but to make a comment you have to....... "Please Login or Sign Up to post a comment." And I will not sign up to do that. Edited December 19, 2014 by SweX Link to comment Share on other sites More sharing options...
ESET Insiders TJP 143 Posted December 19, 2014 ESET Insiders Share Posted December 19, 2014 Viber caught with their pants down and they don't like it - tough. I'm glad Eset has a moral backbone Link to comment Share on other sites More sharing options...
Arakasi 549 Posted December 19, 2014 Share Posted December 19, 2014 Viber can go take their stupid company and hold up shop at Antarctica, because i hope their client base goes under and every person in that company poops their pants. Lame posers. Those type of 2 year old comments hit me where it hurts. So i will give them a 1 year old baby response as well. LEARN TO MAKE APPLICATIONS RETARDOS Link to comment Share on other sites More sharing options...
Arakasi 549 Posted December 19, 2014 Share Posted December 19, 2014 I WANT TO COMMENT LOL Link to comment Share on other sites More sharing options...
rugk 397 Posted December 20, 2014 Author Share Posted December 20, 2014 (edited) Wow, many in the article comments section is talking about that "toolbar" that doesn't exist because of the detection name. Ehm... comments section in the article? But I'm right that you mean the article I linked in the first post? I can't see any comments there (anymore?)... Edit: Okay, I can see it again... (Maybe they have temporarily deactivated the comments and of course I have to be the guy who looks at the website when this happens... ) Edited December 20, 2014 by rugk Link to comment Share on other sites More sharing options...
rugk 397 Posted December 21, 2014 Author Share Posted December 21, 2014 (edited) The @Viber Reputation team seems to have overlooked this topic... Malware Finding and Cleaning - false positive - cannot reach you General Discussion - Viber - false positive I would call this double post... (with a few backlinks to Viber... - why not?) I posting it here after i got no answer from you Nice joke of the day... But just as a question: Is the @Viber Reputation team always speaking Hebrew? (mostly spoken in Israel) Because the link they post to virustotal is the following: www.virustotal.com/he/file/23709aa5ca9a1a3b9461061ad60f5762856b09f6ecc6a3afd70f93e94297cf14/analysis/1401952178/ (link) This "he" determinates the language which is used on virustotal, an "he" is the ISO code for Hebrew. But virustotal automatically redirects you to your local language when you click the link, so you have to switch the language to see the same link. Just switch to עברית like shown in this picture: It's also very interesting that they have a "template" for their complaints here. Because they have already complained about the detection in the past: Viber false positive (even with exact the same topic title...) False detection - 2 And BTW the link to virustotal there goes to the Hebrew version of virustotal too. So is this where their "Reputation team" is based? Edited December 21, 2014 by rugk Link to comment Share on other sites More sharing options...
rugk 397 Posted December 21, 2014 Author Share Posted December 21, 2014 Okay, here some other news site which report about this: Viber vs. ESET Twitter war looms - hxxp://www.techienews.co.uk (English) The company ESET ridicule Viber on the whole line! - www.racunalniske-novice.com (Slovenian - English translation by Google Translator) Public quarrel between ESET and... Viber - www.chip.pl (Polish - English translation by Google Translator) Link to comment Share on other sites More sharing options...
ESET Staff researcher 11 Posted December 22, 2014 ESET Staff Share Posted December 22, 2014 Interesting observation rugk about the possible Israeli origin.BTW, there are many advertising companies in Israel, that's probably why the Download Valley term was established.hxxp://blogs.wsj.com/digits/2014/06/04/hate-pop-up-ads-microsoft-tries-drawing-line-in-the-sand/ Link to comment Share on other sites More sharing options...
rugk 397 Posted December 22, 2014 Author Share Posted December 22, 2014 (edited) Thanks for the link, @researcher. However the [member=Viber Reputation team] calls itself Reputation team and not Viber advertising... Although I have to say that it's advertising if you read something like this: Viber for Windows lets you send free messages and make free calls to other Viber users, on any device and network, in any country! WTF. Free calls in any country? Then I have to download it right now... That's especially interesting, because you can find this "advertisement sentences" one-to-one on their official site (www.viber.com/products/windows). Edited January 27, 2015 by rugk Link to comment Share on other sites More sharing options...
ESET Staff researcher 11 Posted December 22, 2014 ESET Staff Share Posted December 22, 2014 (edited) WTF. Free calls in any country? Then I have to download it right now... OK, you have to... The main software package is available here hxxp://download.cdn.viber.com/cdn/packs/1/pack.exe (SHA1: 120a8e0c67fc82d6350f7a3d47158dc76bf25a5b *pack.exe 38 MB) This package is not detected by ESET, the classified 3rd party PUA components are not here. The file is 7Zip self extracting executable, it will extract necessary Viber program files in the folder where you run it. Edited December 22, 2014 by researcher Link to comment Share on other sites More sharing options...
rugk 397 Posted December 22, 2014 Author Share Posted December 22, 2014 (edited) My statement was ironical of course. But however it's nice that you found a file which doesn't include the PUA. So you can see Viber can offer packages without it's PUA inside. Great finding! Edited December 22, 2014 by rugk Link to comment Share on other sites More sharing options...
ESET Staff researcher 11 Posted January 2, 2015 ESET Staff Share Posted January 2, 2015 Rugk,try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ] Same people working for Viber and iLivid? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 2, 2015 Share Posted January 2, 2015 Rugk, try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ] Same people working for Viber and iLivid? Quite the find Link to comment Share on other sites More sharing options...
SweX 871 Posted January 2, 2015 Share Posted January 2, 2015 Rugk, try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ] Same people working for Viber and iLivid? Good find, same people working for iLivid and Viber, or are they both owned by the same company? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 2, 2015 Share Posted January 2, 2015 Subsidiaries? Link to comment Share on other sites More sharing options...
rugk 397 Posted January 2, 2015 Author Share Posted January 2, 2015 (edited) Yeah... great finding. And this are not the onliest companies. https://www.google.com/search?q=adi+Reputation+and+Compliance+Team Edited January 2, 2015 by rugk Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 3, 2015 Most Valued Members Share Posted January 3, 2015 (edited) Yeah... great finding. And this are not the onliest companies. https://www.google.com/search?q=adi+Reputation+and+Compliance+Team In the second listing on you linked Google search the program "Bullvid" is mentioned. Hi, My name is Adi and I am a member of the Reputation and Compliance Team at Bullvid, Koyote A Google search for "Bullvid, Koyote" brought listings that are flagged by "WOT" as containing malware. I didn't feel the need to look further. In any event this Adi whoever has quite a "reputation" with whom I have no intention of achieving "compliance".. Edited January 3, 2015 by SCR Link to comment Share on other sites More sharing options...
ESET Staff researcher 11 Posted January 8, 2015 ESET Staff Share Posted January 8, 2015 It seems the companies were parts of the same holding. Searches returned following results in some public CVs:"Fularo Holdings (Imesh/Bearshare/Viber/Bandoo)""Polmont Ventures Ltd: iMesh / Bearshare / iLivid / Jzip / Bandoo / People Roulette / Ftalk" Link to comment Share on other sites More sharing options...
Recommended Posts