Download MetaTrader 5
To add comments, please log in or register
All MQL5.community events are grouped together. Have a look at the Wall!
ydrol
593
ydrol 2014.02.08 15:12  
drazen64:

You could be right.

Now you just need to convince my bosses not to kick MetaTrader out of production.

You see, it is a bit hard to expect financial institution to manage accounts with hundreds of thousands in hard currency (and larger) with a software that makes antivirus protection ringing.

But, anyway, you will probably hear it from your customers (the brokers) when/if we move our accounts to other platforms.

I am not the one to decide, I just have to report what I found: antivirus reports suspicious module, developer does nothing or can't do nothing.

Bosses decide if we move accounts away from MetaTrader.


The root cause is the AV software false positive. People should not be writing code to avoid tripping AV. It is the AV job to distinguish malware from software. You should be talking to your AV vendor..

Its the AV at fault. Cure the cause not the symptoms! Why dont to ask Trend to cover cost of moving to new system :)

But if your bosses would rather incur costs of migrating to a new system instead of asking Trend to whitelist (ie add one signature to some database), then go for it.

For MQ to 'fix' they would presumable need to use a different encryption library to protect against reverse engineering etc, not a small change.

Now if ALL av vendors were flagging this up, that would change the emphasis somewhat, but so far its two(maybe three) out of how many?

gchrmt4
356
gchrmt4 2014.02.08 15:29  
ydrol:

The root cause is the AV software false positive. People should not be writing code to avoid tripping AV. It is the AV job to distinguish malware from software. You should be talking to your AV vendor.

I almost entirely agree with you (and everyone else who's said the same thing).

All I would add is that I once had a similar issue myself with false positives on some software I wrote. I followed the guidelines on the AV site for reporting a false positive. I never got a response, but it was corrected within 24 hours.

What may complicate things is that MetaQuotes are presumably still using Themida code protection (https://www.mql5.com/en/forum/123440). I once considered using this myself, and contacted the people at Oreans, but I didn't proceed because they weren't able to provide a reasonable level of reassurance that anything which used their product would not be flagged as a potential virus - it's an obvious concern when using anything of that kind.

Drazen Penic
2486
Drazen Penic 2014.02.08 17:39  

We use three different trading platforms, just for cases like this. If anything goes wrong, trading can be moved to different platform.

Imagine what would happen if some of our customers decides to sue us because we used software that triggers antivirus protection. We would probably be fried on court.

Cost of switching platforms is negligible in comparison.

I agree that this is the Trend Micro problem and I like MetaTrader, but unfortunately the risk of using this version is to big, not because I think there is a virus, but because I cannot prove that there is no virus.

Metaquotes is the vendor and in cooperation with Trend Micro they can find out what triggers antivirus and probably prevent that from happening in the future. I would probably have to call antivirus vendor for each new version of MetaTrader.

Carl Schreiber
6377
Carl Schreiber 2014.02.08 18:43  
drazen64:

You could be right.

Now you just need to convince my bosses not to kick MetaTrader out of production.

You see, it is a bit hard to expect financial institution to manage accounts with hundreds of thousands in hard currency (and larger) with a software that makes antivirus protection ringing.

But, anyway, you will probably hear it from your customers (the brokers) when/if we move our accounts to other platforms.

I am not the one to decide, I just have to report what I found: antivirus reports suspicious module, developer does nothing or can't do nothing.

Bosses decide if we move accounts away from MetaTrader.


My practical experience with Avira protecting my pc was that in a new dld. software it found a virus.

I send this file program to their labour and asked them to check and I got the respond it's ok, no harm and as of this moment this file wasn't detected as harmful since then.

So before you are going to report your bosses make this kind of check and I think you are fine!

hhmmppff

Carl Schreiber
6377
Carl Schreiber 2014.02.08 18:55  
angevoyageur:
Then theirs patterns aren't so good. Anyway antivirus are more complicated than that, they use some heuristic algorithms, trying to identify "new" virus for which there is not yet a known "pattern".

I have no concrete idea how they search for viruses but I can assume that they don't have only 1 single method - at least the good ones. And 'protectors' are made in a way to cry even at the very smallest suspicion. If you are convinced it cannot be a virus, ok, send the files to them to check. Even standard software could have been hacked and 'poisoned' - that has happened!

So send it in and give them a chance to update their positive and negative detection lists! I think if it's ok, after the next update of this software it won't be blamed again.

hhmmppff

/ /12
To add comments, please log in or register