We received a response from them just now. They say that's it's still "malware". Funny thing is - they call the threat "Undetermined malware" and they don't even give any details as for what type/class of "malware" it is.
Allan Knox wrote: By way of an update, I have just successfully downloaded the zip file on Internet Explorer and it not only downloaded without a qualm, but also passed an inbound file security scan.
The last time when Google/Chrome detected our zip archive as "malware" , a couple of months ago, they responded to our request very quickly and removed the false positive within hours. So we hope they will be as quick this time.
Strangely enough, they don't detect Viewer and Host as such , although the zip archive is nothing more than just the same Viewer and Host msi files zipped. It seems like they don't even look at the contents, and simply "detect by name".
Yes, this is a so-called "not-a-virus" category. The file is not necessarily deleted, Kaspersky is only warning the user that the software is "potentially dangerous" meaning that it can be dangerous if misused.
Yes, thank you for reporting this. It's all the more strange to see such a false positive given the fact that we removed the "hide tray icon" feature in the last version just because antivirus programs used to frown upon that.
Anyway, we have just submitted a request to Google to reconsider their "detection".
because the user may not own the computer (as you mention below) they may be an employee. or in my specific case they are my children. do you have any idea how mischievous and curious children are? they can also be very smart when it comes to technology when they want to be. at this time due to the many issues I've seen in version 6 I can not and would not use it in a business environment nor would I feel comfortable recommending it to my customers.
This is what Windows standard user accounts are for. A regular user, an employee is not supposed to be an administrator on their machine where they can do anything , including messing with the Host.
And by the way, even before we disabled the "Hide tray icon" feature anyone with the administrator account could simply open the processes tab and end/kill rutserv and rfusclient processes, thus stopping the Host.
So showing the icon or not showing the icon doesn't really make any difference in regards with the user's ability to stop/uninstall the Host if their system privileges allow them doing so.
many reasons.. for 1 perhaps they use the computer for non business activity and "think" RUT is used to spy on them?? when in fact it's used to connect when necessary to resolve issues.
Remote Utilities is remote administration software, not employee surveillance software. These are two different markets/niches.
I am a computer consultant. a huge amount of our customers are SMB. many of my customers do not have the resources to manage and secure their network properly, when we recommend GP, strict firewall policies, block local admin access etc. it ultimately requires more administrative resources, knowledge and money.. they do not have the time to deal with user requests like installing basic software on the users pc etc etc) they also don't have the money to call me every time something like this happens. unfortunately this is reality. especially in the SMB market. I can recommend and preach a high security environment until I'm blue in the face but it is ultimately their decision,
That is true, no doubt. But hiding the Host icon in the hope that the user will not know about it and hence won't be able to stop it means fighting the effects, not the causes. The true cause is incorrectly set security policies. There is always a user or two who know what remote access software is and how it manifests itself in the system. So they'll be able to easily stop it regardless of its icon status. :)
I need to add that I absolutely understand your concern and that hiding tray icon is really a convenient feature, well, at least in certain situations. But Remote Utilities is used in an environment where antivirus/security software is king. We need to play by their rules if we want our program to be accepted and trusted by larger audiences. We cannot just send false positive requests demanding a/v vendors to stop treating us badly. Instead, we need to find a common ground and understand what can be done in order to resolve this issue for good.
It sounds like your breaking/bending at the behest of 1 user. (not good if you ask me..) and by the sound of it not a very experienced user at that, especially if he trusts any software that has antivirus or antimalware in its title.
I'm sorry, but you misunderstood my message. That was just an example, an anecdote as I'm trying to sound as human rather than as a corporate bot and explain our position rather than speaking like a pr person :)
Our decision regarding removing the "hide tray icon" couldn't be more serious and well-thought. The same is true just about any other feature that we are planning to add or remove. You can only see the end result of it, i.e. the actual addition or removal, but there a long process of discussing and thinking a few months or even years prior to that where we weigh all pros and cons.
how do I prevent a user from stopping the host? I reviewed the information in your blog post. however it does not seem to prevent a user from stopping the host via the start menu/all programs. it can also be done via services.msc
There is a broader question - why would the technician want to prohibit the user from stopping the Host when they wish to do so? Provided that they know what the Host is about.
If the user wants to stop the Host running on their PC using services.msc, then:
- they are an advanced user, apparently, if they know about services.msc and use it to stop the Host at all costs - they don't want the Host running on their computer, so they are perfectly in their own right stopping it
So we are getting back to the question implicitly posed in the blog post/news about this update: if the software use is perfectly legitimate and the user knows they have a remote access software installed on their PC, why would they want to stop it? But if they want to stop it, why would anyone prohibit them from doing so? Except only in a business setting where computers do not belong to employees - but it should be handled by policies on the network/Active Directory level.
Yes, you can hide the Host menu or protect the Host settings, but that's mostly to prevent the user from messing with the settings inadvertently. These features have nothing to do with truly prohibiting the user from being the ultimate master of their own PC :) If it's not their PC, they are not supposed to be an administrator on it, and hence they won't be able to stop the service if they have insufficient privileges.
It was our own decision, of course, and it didn't came out of nothing. It is based on our own research and conversations with analytics from several antivirus software vendors.
also if it is hidden (stealth mode) having antivirus popup to warn a user is a good thing. if it was installed for malicious purpose having an AV detection/warning would be great. if however I am the owner of the PC's (which I am) and I want the icon hidden then as the owner I would configure my antivirus program to ignore or whitelist the application.
The reality is that for an average a/v vendor it is easier to label something as "potentially dangerous" instead of coming up with a smart code/system that can tell for sure whether the use is legitimate or not.
I think you should leave the security decisions to your customers and the AV software.
We would gladly leave the security decisions to AV vendors, but apparently some of them are not capable of making good decisions, so much so that they even hurt their own customers by not letting them use legitimate, digitally signed software the way their customers want.
We are a commercial entity, a business. We need to be profitable and these false positives may negatively affect our sales and overall image. Users don't care if we are right and a/v is wrong - they always blame the software and not their beloved a/v program that they trust so much. :) So we have to look for solutions to the problem, even if it means discontinuing certain features.
Sometimes it's anecdotal. Recently we received a complaint from a user who was running a no-name "malware removal" tool on their PC. The developer of that tool couldn't even be contacted other than via a free Yahoo e-mail address. But still the user was blaming us that we were distributing malware because their tool detected us as such :)
Apparently, anything that has "antimalware" or "antivirus" in their name is unconditionally trusted and rarely anyone has any doubts about whether their antivirus program is as good in doing their job as they claim. :)
I understand. I should stress that we had to remove this option. As we explained in the news about this release, when a program is running in the stealth mode, it immediately raises a red flag for antivirus software. :)