Jump to content

Archived

This topic is now archived and is closed to further replies.

rugk

Viber vs ESET - Who sucks?

Recommended Posts

Viber calls out ESET for flagging them, ESET responds with a digital uppercut

www.neowin.net

 

@Viber vs @esetglobal

#esetsucks vs #esetDOESNTsuck

 

The Threat is detected as: Win32/Toolbar.SearchSuite.W1 potentially unwanted application

 

See also:

1 Link isn't working actually and will redirect you to the "latest description" site of virusradar.com.

Share this post


Link to post
Share on other sites

Think I would trust ESET over most companies and also I would like to point out that it's not ESET's fault as such because it's classified as a Potentially Unwanted Program so there for its not classifying it as malware so its up to the user.  It's just making the user aware that this software might cause a problem

Share this post


Link to post
Share on other sites

Update: Viber has contacted Neowin with some clarifications on the matter:

Viber software reports that an installation is complete. As I'm sure you know, every installer reports that.
Eset says Viber has a toolbar. As we've previously stated, Viber does not and has never had a toolbar.
Therefore we stand by our original comments and request that Eset stops blocking Viber unnecessarily.


- hxxp://www.neowin.net/news/viber-calls-out-eset-for-flagging-them-eset-responds-with-a-digital-uppercut



Viber is an well known instant messaging and Voice over IP (VoIP) app (Android, iOS, Mac OS and Windows..etc)
I'm disappointing Viber's response because there is no clear explanation about Viber installer's source code.
It doesn't matter Viber have a toolbar or not. Their source code is really matter.
Transparency and privacy are important.





 

Share this post


Link to post
Share on other sites

It's completely irrelevant under what name the PUA is detected. Helper.dll bundled with the sw in question has PUA-like characteristics and thus it's detected as PUA. A simple solution was suggested - to get rid of helper.dll and use packages built using the official NSIS packer.

Share this post


Link to post
Share on other sites

Focusing on the PUA detection name is a nice attempt from their side to try to move the focus away from the real reason why it is detected.

Share this post


Link to post
Share on other sites

Wow, many in the article comments section is talking about that "toolbar" that doesn't exist because of the detection name. 

Someone should clarify that the detection name is irrelevant and the reason for the detection is no invisible toolbar, but to make a comment you have to.......

 

"Please Login or Sign Up to post a comment."

 

And I will not sign up to do that.

Share this post


Link to post
Share on other sites

Viber caught with their pants down and they don't like it - tough. I'm glad Eset has a moral backbone :)

Share this post


Link to post
Share on other sites

Viber can go take their stupid company and hold up shop at Antarctica, because i hope their client base goes under and every person in that company poops their pants.

Lame posers.

 

Those type of 2 year old comments hit me where it hurts.

So i will give them a 1 year old baby response as well.

 

LEARN TO MAKE APPLICATIONS RETARDOS

Share this post


Link to post
Share on other sites

Wow, many in the article comments section is talking about that "toolbar" that doesn't exist because of the detection name.

Ehm... comments section in the article?

But I'm right that you mean the article I linked in the first post?

 

I can't see any comments there (anymore?)...

 

Edit: Okay, I can see it again... :)  (Maybe they have temporarily deactivated the comments and of course I have to be the guy who looks at the website when this happens... ^_^)

Share this post


Link to post
Share on other sites

The @Viber Reputation team seems to have overlooked this topic... :)

 

Malware Finding and Cleaning - false positive - cannot reach you

General Discussion - Viber - false positive

 

I would call this double post...

(with a few backlinks to Viber... - why not?)

 

I posting it here after i got no answer from you

Nice joke of the day... :D

 

But just as a question: Is the @Viber Reputation team always speaking Hebrew? (mostly spoken in Israel)

 

Because the link they post to virustotal is the following:

www.virustotal.com/he/file/23709aa5ca9a1a3b9461061ad60f5762856b09f6ecc6a3afd70f93e94297cf14/analysis/1401952178/ (link)

 

This "he" determinates the language which is used on virustotal, an "he" is the ISO code for Hebrew.

But virustotal automatically redirects you to your local language when you click the link, so you have to switch the language to see the same link.

Just switch to עברית like shown in this picture:

post-3952-0-12719700-1419186696_thumb.png

 

 

It's also very interesting that they have a "template" for their complaints here. Because they have already complained about the detection in the past:

Viber false positive (even with exact the same topic title...)

False detection - 2

 

And BTW the link to virustotal there goes to the Hebrew version of virustotal too. So is this where their "Reputation team" is based?

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Thanks for the link, @researcher.

However the [member=Viber Reputation team] calls itself Reputation team and not Viber advertising...

 

Although I have to say that it's advertising if you read something like this:

Viber for Windows lets you send free messages and make free calls to other Viber users, on any device and network, in any country!

 

WTF. Free calls in any country?

Then I have to download it right now... :D;)

 

That's especially interesting, because you can find this "advertisement sentences" one-to-one on their official site (www.viber.com/products/windows).

Share this post


Link to post
Share on other sites

WTF. Free calls in any country?

Then I have to download it right now... :D;)

OK, you have to...

The main software package is available here hxxp://download.cdn.viber.com/cdn/packs/1/pack.exe (SHA1: 120a8e0c67fc82d6350f7a3d47158dc76bf25a5b *pack.exe 38 MB)

This package is not detected by ESET, the classified 3rd party PUA components are not here. The file is 7Zip self extracting executable, it will extract necessary Viber program files in the folder where you run it.

Share this post


Link to post
Share on other sites

My statement was ironical of course. :)

 

But however it's nice that you found a file which doesn't include the PUA.

So you can see Viber can offer packages without it's PUA inside.

 

Great finding! :)

Share this post


Link to post
Share on other sites

Rugk,

try to compare submission from Viber's Reputation team in our forum and submission from iLivid's Reputation and Compliance Team in Symantec forum [ https://aka-community.symantec.com/en/forums/false-positive-ilivid ]

Same people working for Viber and iLivid?

Good find, same people working for iLivid and Viber, or are they both owned by the same company?

Share this post


Link to post
Share on other sites

Yeah...

great finding. And this are not the onliest companies.

https://www.google.com/search?q=adi+Reputation+and+Compliance+Team

In the second listing on you linked Google search the program "Bullvid" is mentioned.

 

 

Hi, My name is Adi and I am a member of the Reputation and Compliance Team at Bullvid, Koyote

A Google search for "Bullvid, Koyote"  brought listings that are flagged by "WOT" as containing malware. I didn't feel the need to look further.

 

In any event this Adi whoever has quite a "reputation" with whom I have no intention  of achieving "compliance"..

Share this post


Link to post
Share on other sites

It seems the companies were parts of the same holding. Searches returned following results in some public CVs:

"Fularo Holdings (Imesh/Bearshare/Viber/Bandoo)"
"Polmont Ventures Ltd: iMesh / Bearshare / iLivid / Jzip / Bandoo / People Roulette / Ftalk"

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...