Download FormatFactory on infected CCM

VeriFile -  
brucine Posted messages 24681 Registration date   Status Member Last intervention   -
Hello,

To inform you, Avira detects "FFSetup5.10.0.0.exe infected by PUA/Agent.WT" after downloading FormatFactory from your CCM site. Can you confirm if there is a problem or not? Are you aware of this situation?

Thank you in advance

Configuration: Windows / Firefox 100.0

3 answers

MPMP10 Posted messages 47242 Registration date   Status Member Last intervention   18 921
 
Good evening,
Indeed, not very safe evidently:
25 security vendors and no sandboxes flagged this file as malicious
Moreover, Windows Defender quarantined it right after the download....


Thank you for the report.
1
brucine Posted messages 24681 Registration date   Status Member Last intervention   4 147
 
Good evening,

This is not a virus but, as reported, a PUA (potentially unwanted application).

This behavior poses no security risk but consists of financing so-called free programs through adware.

Unfortunately, this situation is not unique to Format Factory; it is often a consequence of installation checkboxes for third-party executables that were overlooked during the installation of the main software.

Some sources claim that, in the case we are concerned with, PUAs may be installed even if the offending boxes have been unchecked, although I have not verified this.

In such situations, one can often achieve peace by blocking the requests made by these PUAs if one has properly configured firewall and defense software that intercepts these requests while allowing the end user to remain in control: in this regard, the behavior of Avira or Windows Defender is foolish, but the former is known for reporting everything just to push the user to purchase the paid version; this is, in some ways, another form of PUA.

At its core, this behavior is certainly anything but ethical; I understand that, in some areas, free software may not be satisfactory and that developers' work must be compensated: but when one is honest, this should involve a trial period or something similar.
1
MPMP10 Posted messages 47242 Registration date   Status Member Last intervention   18 921 > brucine Posted messages 24681 Registration date   Status Member Last intervention  
 
Hello,
There is not just one potentially unwanted application on the link virustotal.com, but 27 detections, and not just PUA or false positives either…!
1
brucine Posted messages 24681 Registration date   Status Member Last intervention   4 147 > MPMP10 Posted messages 47242 Registration date   Status Member Last intervention  
 
This is not a false positive; these are indeed PUAs, but the number is not certain and surely not cumulative: as with viruses, ransomware, or anything else, each vendor gives a fanciful name of their choice that is not standardized. In other words, it is more than likely that this multi-detection often corresponds, if not always, to the same thing.

But don't make me say what I haven't said: the risk of privacy or annoyance (popups) is real (as in the latter case, the number of false positives from Avira or Avast, which bad tongues will claim only aim to push users to buy the commercial versions), while the risk of viruses is non-existent.

That said, I have also written that, even if there is no danger, I disapprove of this type of software, but if one really wants to use it, it is sufficient to censor via firewalls and defense software the incoming or outgoing communications, whether the unwanted scripts are hard-coded in the main executable or, in my opinion, in separate executables that are downloaded with the software.

In this context, a large number of applications (not just for checking their updates) can be classified in this category: including the latest, the Windows Photos app or Edge, which require internet connections even when we never use them and have not requested anything from them (in the latter case, it seems that Edge runs in the background and regularly seeks to update its widgets that we also haven't asked for and which are very difficult to get rid of, like the weather).
1
MPMP10 Posted messages 47242 Registration date   Status Member Last intervention   18 921 > brucine Posted messages 24681 Registration date   Status Member Last intervention  
 
This is not a false positive; it is indeed PUA.

I have not mentioned anywhere that this PUA was a false positive!
1
MPMP10 Posted messages 47242 Registration date   Status Member Last intervention   18 921
 
Correction for the link:
 27 security vendors and no sandboxes flagged this file as malicious 
1
bazfile Posted messages 58481 Registration date   Status Moderator Last intervention   20 264
 
Hello.
Wow, what a revelation!
All free software has a business model; what Avira finds is nothing but adware (web companion) that can be canceled during the installation of Format Factory by unchecking a box, but for that, you need to read and pay attention before clicking "next."

We need to stop believing that everything is free; if there were no adwares, there would be far fewer free software options. In fact, even free antivirus software uses the same practices by sending pop-ups to prompt the user to buy the paid version as well as additional modules that are mostly unnecessary. In summary, if you don't want adwares, you buy your software; if you want to stay free, you accept ads and other inconveniences.

--
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.
1
VeriFile
 
Hello,
I want to say a big thank you for all your responses. Indeed, Avira (free version) quarantined this stuff, and I understand it's not necessarily harmful, but it could cause trouble if I install it... so it's a waste of time for this gamble. Having stepped back from computing for two years, and obviously not being in the loop anymore, and at the risk of sparking debate, there are two things that still surprise me: 1. the fact that we find adware (malware?) on a reputable download site and 2. what is probably related, the attitude -- since developers need to make a living from their work, adware is a price to pay for free software. Why not, as long as the adware is properly validated and identified beforehand. But that is not the case. It's a bit like buying a car, with a few "options," autopilot, black box, and a bunch of other electronic gadgets whose existence you are unaware of, and which you don't need, and which will only cause future breakdowns. Is this an evolution of morals among the GAFA?
0
brucine Posted messages 24681 Registration date   Status Member Last intervention   4 147
 
Hello,

No, again, not really.

It is an advertising agency, somewhat like website banner sponsorships, where the publisher sometimes receives banners that are, how shall I say, particular or simply in contradiction with the editorial line but often, they are not chosen.

I don't know if the publisher of Format Factory is reputable, that's another question, but in this case, we are not talking about malware but adware: this time, it's about commercial partnerships that the publisher has deliberately chosen.

In the same vein, I was surprised during a Linux Mint update to be imposed, without any memory of the question being asked, a customized and restricted version of Firefox: yet, it seems that both Linux Mint and Mozilla are "respectable" in this "partnership."
0