1 min read

Trojans Supposedly Detected

Even though a piece of software is 100% safe and does nothing, it may be flagged as a trojan by anti-malware programs. This is especially the case with cheat based programs. Such flags are called false positives and occur for many reasons.

*Some developers obfuscate their code to make it time consuming to reverse engineer the program. Typically, the idea is that when slowing something down enough, the attacker may get annoyed and not bother finishing the task of reverse engineering. The problem with this is it also makes it difficult for anti-malware programs to analyze the code. On that note, the anti-malware program may just default to marking it as malicious.

*When releasing software, there is some sort of standard when publishing for use. Licensing and code signing. This essentially says who developed the software. If the anti-malware program sees that the software has no one to blame, this would logically be a bad sign. It could then be deemed too high risk and will be marked malicious. Non-business like programs such as game exploits or simple software tools almost never have licensing or code signing. For one thing, it could be too costly for the developers to obtain.

*As most game exploits do, manipulating external programs can be seen as extremely risky. Programs are not usually designed to be manipulated by another program. It doesn’t exactly make sense for a program to do something for the original program if the original program is capable of doing it itself. Imagine being told when to breath by someone else instead of doing it yourself. This is odd behavior, thus may be deemed malicious.

Imagine it like mom judging things for your own safety. Maybe you want to go out to your new friend’s place for a sleep over; she doesn’t know if this would be safe. She can judge by checking out what kind of people their parents are and looking at how the friend presents them self. The friend might dress might dress terribly, but could actually be a really nice person.

Anti-malware programs factor in risk as a part of their detection algorithm. Note the word, “Risk.” They don’t always know with certainty if a piece of software is safe or not. With any risk, anti-malware programs may flag content as malicious, even if its actually safe.