Sunday, October 16, 2005

Fake Virus

As soon as I designed the blazingly fast index system for MoyoGo's instantaneous pattern search, I thought it would only be a matter of time before faux virus-alerts would be generated. It has remained silent surprisingly long, but my fear has become reality:

A dodgy virus checker ("F-Secure") thinks that one file might have a virus, namely:

moyo go studio\databases\nngs\3053.dat
Infection: Possibly a destructive program [F-PROT]


..this is nonsense, and I will take it up with F-Secure. I wrote "dodgy", because I was amazed that this company does not have an email address. Instead, they require me to fill out a dozen fields, and I'll end up having no copy of the correspondence, because a bug in Mozilla causes such fields to be empty, when the page is printed. Their support number in Norway is dead, on Sundays. I guess people don't use their computer on weekends. The bigger the company, the worse the service. My phone number is +47-98680219 and any customer can call me, any day of the week.

It is possible that even less-dodgy virus checkers will find "virusses" in other files. The reason is simple: Moyo Go installs twenty thousand files with semi-random (encoded and compressed) data. Virus checkers work with "signatures", which are byte sequences. You can imagine that 1.5 GB of semi-random byte sequences has quite a chance of having, just by coincidence, one of those "signatures" somewhere.

Anti-virus software makers could avoid this problem, but this would penalize their scanning speed and the ease of adding virus definitions.