Subscribe to this thread
Home - General / All posts - IDP Generic virus when installing Viewer
ClarkB512 post(s)
#03-Mar-21 01:32

When I attempt to install the Manifold GIS free Viewer, Avast antivirus tells me that it contains the "IDP Generic" virus. Is this a common false positive, or is Manifold a vehicle for viruses. I am running Windows 8.1 on a Lenovo Y510P laptop.

I also got security warning when registering for this site, but I decided to ignore that, for the moment.

Does Manifold not care about security? Why is Avast identifying this virus as being in the Manifold Viewer. I would like to use the viewer but I am leery of this virus warning. Thanks for any knowledgeable answers.

oeaulong

460 post(s)
#03-Mar-21 04:52

This happens from time to time with the resolution as it being a false positive. Double check your installation procedure. Make sure you unblock downloads before installation. If it persists notify Avast. They can also download and test as Manifold doesn't do virus checking.

I had a flag last June on a manifold update, there was a feature release for Winders10 pending that corrected it. 3 or 4 years back there was a long thread here on an Avast flag for Radian (early version 9) that has a few responses from Adamw and Dimitri explaining similar issues and corrective procedures.

My advice is to uninstall. Disable Avast for a time, during which you re-install Viewer (making sure you unblock the download), get it to correctly run, then re-Enable Avast to see if it quits complaining. If it complains, send a note to Avast querying them. While I cannot guarantee that it is a false positive, I confidently assert that it is a false positive.

ClarkB512 post(s)
#03-Mar-21 18:35

Thanks I'll give that a try. If this is a common false positive, then it is most likely safe to install Viewer.

Dimitri


7,145 post(s)
#04-Mar-21 07:33

It's totally safe to install Viewer, since the Viewer downloads page provides specific SHA checksums you can use to verify with 100% certainty there's not been any virus injected into the Viewer package.

Knowledge is strength. Learning how to use precise security measures like SHA is far safer than putting blind faith into an imprecise package like Avast, which doesn't know anything about Viewer specifically but instead makes guesses based on algorithms that often, but not always, may catch a threat, but at the cost of many false positives.

Why is Avast identifying this virus as being in the Manifold Viewer.

Two reasons:

First, because Avast doesn't have the resources or technology to rapidly enough scan many files and to identify 100% of threats without reporting false positives. It's extremely expensive work to keep track of millions of viruses and applications with enough diligence to protect against viruses without generating false positives. Even if Avast had the resources to do that, they would have to sell their product for such high prices that nobody would buy it. So their business model assumes they'll miss some viruses and also that they'll falsely libel some clean applications.

Second, because Avast doesn't have to pay any penalty when they libel another company's products. In theory they can't commit that crime without punishment (it is, indeed, a crime and not just a civil matter in many jurisdictions) but in practice their business model is based on getting away with it.

In theory, Manifold could sue Avast for libel, tortuous interference, and other causes of action arising from Avast's falsely saying that Viewer contains a virus. In theory, Manifold could also file criminal complaints in jurisdictions where Avast's libel is a crime and not just a civil matter or a tort (a "tort" in law is a civil crime). In wildly absurd theory, the police and prosecutors in such jurisdictions might actually do something about that, enforcing their laws.

Think about it: if you started telling people that a bank in your city employed criminals as tellers, and so if you did business with them those criminals could steal money from you, that would be libel. In almost all civilized countries, the bank could sue you. In many countries, if you were making money from such libel, say, by selling a report that alleged to save people from "infected" banks, it would be a crime as well.

But legal systems are so broken in so many countries that as a practical matter it is a waste of time and not worth it economically for any of Avast's victims to pursue the matter in court. That's especially true given that courts seem to have a blind spot in their common sense when it comes to anything having to do with computers. So if you stand on a street corner and libel a bank, they get that, but if you do the same thing on a web site or in an application, that confuses them, running up against that part of their brain where anything more technical than 1 + 1 = 2 is a cosmic mystery to be avoided.

So, for example, to bring a case against Avast you'd have to find some plaintiffs with experience of Avast and the specific libel it commits against Viewer, file a case in that particular jurisdiction (means retaining a local lawyer) and all that jazz. And then what... Viewer is free, so you have to point to the secondary loss of reputation that affects Manifold's overall reputation, which leads to a battle of expert witnesses in software marketing, which becomes very expensive. Just isn't worth it, which Avast knows perfectly well.

They also know that no matter what chaos they cause, their users won't blame them but will blame the software vendor. For example, your first reaction wasn't "Does Avast not care about telling lies?" but it was "Does Manifold not care about security?" You're not alone in that.

But if you do care about antivirus software not telling lies, it's important that you tell others that whatever Avast does right, it does tell lies by falsely claiming some software packages contain viruses when they don't. "False positive" is just a nice way of saying "it's more profitable for them to lie sometimes than to invest the effort to make sure they're always telling the truth."

nathanmark2 post(s)
#09-Apr-21 12:19

The threat is usually categorized as false positive detection. This means that the antivirus program that you’ve installed has detected a legitimate or harmless file as risky and either removed or quarantined it. In any case, the detections end up leading to the removal of significant system files or data. But not every threat that is detected is a false positive.

tjhb
10,027 post(s)
#10-Apr-21 07:04

Admins, do you think this post was probably spam?

It says nothing. Its only possible value is as a link.

nathanmark2 post(s)
#13-Apr-21 11:27

Why do you think that? I said what I thought was the possible error while installing viewer.

tjhb
10,027 post(s)
#13-Apr-21 19:47

Probably others have been asking exactly the same thing. Why did I think that?

I could explain how and why I got it wrong, but instead I would just like to apologise. My heuristics are clearly a bit off.

I am very sorry. Please keep contributing to the forum.

Introduce yourself if you feel like it. (It's not a common thing to do so far, but I think it would be great. You could start a new thing.)

Anyway, sorry. Don't change a thing.

adamw


10,281 post(s)
#13-Apr-21 14:26

I missed this thread earlier and thought I'd make a short reply in addition to the long one by Dimitri.

The best way to protect from viruses in the case of Manifold is to check the SHA256 hash of the file you are about to install. If the hash coincides with the one we published, you have the same file as the one we produced = safe. If the hash differs from the one we published, throw the file away.

False positives with antivirus tools are, unfortunately, *extremely* common. They happen with every single build that we issue. They happen because the tools are imperfect and use heuristics. We can only afford to be tracking this for a single antivirus tool and that's Windows Defender. Once, Windows Defender flagged our modules, we noted that and submitted a false positive report. Microsoft people quickly fixed it with no details needed from our side at all. This tells you all you need to know about the quality of the heuristics even in big and mature tools - they are so poor that whoever complains basically gets "alright, we'll exclude your file" right away. We don't have the resources to chase other antivirus tools (there are at least 40 worth noting) so we don't do that.

As an illustration, I checked the results on virustotal for 9.0.172 which was published months ago (so, there was ample time to adjust the heuristics, if anyone cared to do that and it was possible). The results are these: no flags in DLL files, no flags in the 64-bit EXE, two antivirus tools flag the 32-bit EXE, in different ways. Here's roughly what happens: the heuristics are very lax on DLLs even though they contain the actual code because "true viruses" supposedly don't use them, the heuristics mostly ignore 64-bit code because they cannot analyze it, the heuristics on 32-bit code are so contrived and contradictory that just linking the Visual C++ Runtime library is enough to get flagged at random by 1-2 tools out of a suite of 60.

Sum total: verify SHA256 hashes, use Windows Defender.

Manifold User Community Use Agreement Copyright (C) 2007-2021 Manifold Software Limited. All rights reserved.