Delivery-Date: Tue, 16 Jun 2015 13:22:13 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8D8411E12EB;
	Tue, 16 Jun 2015 13:22:11 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 788553653B;
	Tue, 16 Jun 2015 17:22:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7AEB036470
 for <tor-talk@lists.torproject.org>; Tue, 16 Jun 2015 17:21:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id JWz6H65rBTUl for <tor-talk@lists.torproject.org>;
 Tue, 16 Jun 2015 17:21:59 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 613EF36463
 for <tor-talk@lists.torproject.org>; Tue, 16 Jun 2015 17:21:59 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id E5DF91E12F1; Tue, 16 Jun 2015 13:21:56 -0400 (EDT)
Date: Tue, 16 Jun 2015 13:21:56 -0400
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20150616172156.GC7957@moria.seul.org>
References: <55802A0B.4000409@riseup.net>
 <55804EC0.7040901@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <55804EC0.7040901@gmail.com>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] Panda antivirus now thinks Tor.exe is a virus
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Tue, Jun 16, 2015 at 06:28:48PM +0200, aka wrote:
> VT says it's not detected by Panda, so might be a behaviour detection:

The behavior detection aspect is especially vexing here -- many antivirus
tools have a "Not enough of our users have told us about this exe yet,
therefore it is scary by default" feature.

So by definition, the first n people who use that antivirus and fetch
a new version of Tor will have a bad experience. :(

(And that's also separate from the fact that the people running these
antivirus tools are uploading everything they are running to this third
party! Don't get me started there.)

While I'm here, I'll add a pointer to our FAQ on the topic:
https://www.torproject.org/docs/faq#VirusFalsePositives

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

