Viber vs ESET - Who sucks?

[rugk 397]

Viber calls out ESET for flagging them, ESET responds with a digital uppercut

www.neowin.net

 

@Viber vs @esetglobal

#esetsucks vs #esetDOESNTsuck

 

The Threat is detected as: Win32/Toolbar.SearchSuite.W¹ potentially unwanted application

 

See also:

• What is a potentially unwanted application (PUA)?

¹ Link isn't working actually and will redirect you to the "latest description" site of virusradar.com.

Edited December 18, 2014 by rugk

[sdalgl72 6]

Think I would trust ESET over most companies and also I would like to point out that it's not ESET's fault as such because it's classified as a Potentially Unwanted Program so there for its not classifying it as malware so its up to the user.  It's just making the user aware that this software might cause a problem

[sky7 19]

Update: Viber has contacted Neowin with some clarifications on the matter:

Viber software reports that an installation is complete. As I'm sure you know, every installer reports that.
Eset says Viber has a toolbar. As we've previously stated, Viber does not and has never had a toolbar.
Therefore we stand by our original comments and request that Eset stops blocking Viber unnecessarily.

- hxxp://www.neowin.net/news/viber-calls-out-eset-for-flagging-them-eset-responds-with-a-digital-uppercut



Viber is an well known instant messaging and Voice over IP (VoIP) app (Android, iOS, Mac OS and Windows..etc)
I'm disappointing Viber's response because there is no clear explanation about Viber installer's source code.
It doesn't matter Viber have a toolbar or not. Their source code is really matter.
Transparency and privacy are important.





 

Edited December 18, 2014 by sky7

[Marcos 4,706]

It's completely irrelevant under what name the PUA is detected. Helper.dll bundled with the sw in question has PUA-like characteristics and thus it's detected as PUA. A simple solution was suggested - to get rid of helper.dll and use packages built using the official NSIS packer.

[SweX 871]

Focusing on the PUA detection name is a nice attempt from their side to try to move the focus away from the real reason why it is detected.

Edited December 19, 2014 by SweX

[SweX 871]

Wow, many in the article comments section is talking about that "toolbar" that doesn't exist because of the detection name. 

Someone should clarify that the detection name is irrelevant and the reason for the detection is no invisible toolbar, but to make a comment you have to.......

 

"Please Login or Sign Up to post a comment."

 

And I will not sign up to do that.

Edited December 19, 2014 by SweX

[TJP 126]

Viber caught with their pants down and they don't like it - tough. I'm glad Eset has a moral backbone

[Arakasi 549]

Viber can go take their stupid company and hold up shop at Antarctica, because i hope their client base goes under and every person in that company poops their pants.

Lame posers.

 

Those type of 2 year old comments hit me where it hurts.

So i will give them a 1 year old baby response as well.

 

LEARN TO MAKE APPLICATIONS RETARDOS

[Arakasi 549]

I WANT TO COMMENT

 

LOL

[rugk 397]

Wow, many in the article comments section is talking about that "toolbar" that doesn't exist because of the detection name.

Ehm... comments section in the article?

But I'm right that you mean the article I linked in the first post?

 

I can't see any comments there (anymore?)...

 

Edit: Okay, I can see it again...   (Maybe they have temporarily deactivated the comments and of course I have to be the guy who looks at the website when this happens... )

Edited December 20, 2014 by rugk

[rugk 397]

The @Viber Reputation team seems to have overlooked this topic...

 

Malware Finding and Cleaning - false positive - cannot reach you

General Discussion - Viber - false positive

 

I would call this double post...

(with a few backlinks to Viber... - why not?)

 

I posting it here after i got no answer from you

Nice joke of the day...

 

But just as a question: Is the @Viber Reputation team always speaking Hebrew? (mostly spoken in Israel)

 

Because the link they post to virustotal is the following:

www.virustotal.com/he/file/23709aa5ca9a1a3b9461061ad60f5762856b09f6ecc6a3afd70f93e94297cf14/analysis/1401952178/ (link)

 

This "he" determinates the language which is used on virustotal, an "he" is the ISO code for Hebrew.

But virustotal automatically redirects you to your local language when you click the link, so you have to switch the language to see the same link.

Just switch to עברית like shown in this picture:

 

 

It's also very interesting that they have a "template" for their complaints here. Because they have already complained about the detection in the past:

Viber false positive (even with exact the same topic title...)

False detection - 2

 

And BTW the link to virustotal there goes to the Hebrew version of virustotal too. So is this where their "Reputation team" is based?

Edited December 21, 2014 by rugk

[rugk 397]

Okay, here some other news site which report about this:

Viber vs. ESET Twitter war looms - hxxp://www.techienews.co.uk (English)

The company ESET ridicule Viber on the whole line! - www.racunalniske-novice.com (Slovenian - English translation by Google Translator)

Public quarrel between ESET and... Viber - www.chip.pl (Polish - English translation by Google Translator)

[researcher 11]

Interesting observation rugk about the possible Israeli origin.
BTW, there are many advertising companies in Israel, that's probably why the Download Valley term was established.
hxxp://blogs.wsj.com/digits/2014/06/04/hate-pop-up-ads-microsoft-tries-drawing-line-in-the-sand/

[rugk 397]

Thanks for the link, @researcher.

However the [member=Viber Reputation team] calls itself Reputation team and not Viber advertising...

 

Although I have to say that it's advertising if you read something like this:

Viber for Windows lets you send free messages and make free calls to other Viber users, on any device and network, in any country!

 

WTF. Free calls in any country?

Then I have to download it right now...

 

That's especially interesting, because you can find this "advertisement sentences" one-to-one on their official site (www.viber.com/products/windows).

Edited January 27, 2015 by rugk

[researcher 11]

WTF. Free calls in any country?

Then I have to download it right now...

OK, you have to...

The main software package is available here hxxp://download.cdn.viber.com/cdn/packs/1/pack.exe (SHA1: 120a8e0c67fc82d6350f7a3d47158dc76bf25a5b *pack.exe 38 MB)

This package is not detected by ESET, the classified 3rd party PUA components are not here. The file is 7Zip self extracting executable, it will extract necessary Viber program files in the folder where you run it.

Edited December 22, 2014 by researcher

[rugk 397]

My statement was ironical of course.

 

But however it's nice that you found a file which doesn't include the PUA.

So you can see Viber can offer packages without it's PUA inside.

 

Great finding!

Edited December 22, 2014 by rugk

[researcher 11]

Rugk,
try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ]
Same people working for Viber and iLivid?

[Arakasi 549]

Rugk,

try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ]

Same people working for Viber and iLivid?

Quite the find

[SweX 871]

Rugk,

try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ]

Same people working for Viber and iLivid?

Good find, same people working for iLivid and Viber, or are they both owned by the same company?

[Arakasi 549]

Subsidiaries?

[rugk 397]

Yeah...

great finding. And this are not the onliest companies.

https://www.google.com/search?q=adi+Reputation+and+Compliance+Team

Edited January 2, 2015 by rugk

[SCR 195]

Yeah...

great finding. And this are not the onliest companies.

https://www.google.com/search?q=adi+Reputation+and+Compliance+Team

In the second listing on you linked Google search the program "Bullvid" is mentioned.

 

 

Hi, My name is Adi and I am a member of the Reputation and Compliance Team at Bullvid, Koyote

A Google search for "Bullvid, Koyote"  brought listings that are flagged by "WOT" as containing malware. I didn't feel the need to look further.

 

In any event this Adi whoever has quite a "reputation" with whom I have no intention  of achieving "compliance"..

Edited January 3, 2015 by SCR

[researcher 11]

It seems the companies were parts of the same holding. Searches returned following results in some public CVs:

"Fularo Holdings (Imesh/Bearshare/Viber/Bandoo)"
"Polmont Ventures Ltd: iMesh / Bearshare / iLivid / Jzip / Bandoo / People Roulette / Ftalk"