Author Topic: Solstice (now at v0.0.44b Alpha)  (Read 61365 times)

Samildanach

  • 7DRL Reviewer
  • Rogueliker
  • *
  • Posts: 453
  • Karma: +1/-0
    • View Profile
    • The Indie Ocean
Re: Solstice (now at v0.0.37 Alpha)
« Reply #30 on: July 31, 2014, 02:47:14 AM »
My antivirus insists that the newest Solstice download contains a specific item of keylogging malware, so even though I think it probably doesn't I'm going to play it safe. Hopefully a future version won't set off these alarm bells, in which case I'll download and play it again. I was enjoying playing an ambitious open world RL that doesn't require a manual the size of a paving slab.
« Last Edit: July 31, 2014, 12:18:58 PM by Samildanach »

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #31 on: July 31, 2014, 04:03:59 AM »
This is more worrying. According to my antivirus, the Solstice download contains a specific item of known, identified malware. A keylogging thing, no less. No longer willing to have this on my PC.

Wow....theres no key logger and there never has been. Theres no malware of any kind. Do you want to see the uncompiled source code? Please don't post stuff like this. Your anti-virus is overzealous and probably doesn't like the fact its from a 10 year old compiler that doesn't have some signature that it expects.

What anti-virus are you using that is reporting this? Neither AVG nor Symantec on both my computers are reporting any virus.

Also, I just checked the downloaded version against the compiled version on my computer. They are 100% identical, byte for byte - the website provider is not inserting anything malicious into the code.

Again, I invite anyone who wants to to examine the code, compile it, and see that its malware free.

Specific Files or Folders Scan
No infection was found during this scan
Scanned folders:;"C:\Solstice\"
Started:;"7/31/2014, 12:14:05 AM"
Finished:;"7/31/2014, 12:14:07 AM"
Scanned items:;"56"
Launched by:;"Mark"

« Last Edit: July 31, 2014, 04:16:54 AM by Brigand »

chooseusername

  • Rogueliker
  • ***
  • Posts: 329
  • Karma: +0/-0
    • View Profile
    • Email
Re: Solstice (now at v0.0.37 Alpha)
« Reply #32 on: July 31, 2014, 04:20:54 AM »
This is more worrying. According to my antivirus, the Solstice download contains a specific item of known, identified malware. A keylogging thing, no less. No longer willing to have this on my PC.


You're thinking it out wrong.  That's why you have to install it.  It and the NSA keylogger we all have installed will conflict and give partial data to each.  This way you can discuss poppy cultivation tips with your Al Quaida contacts, and neither will get the full picture.

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #33 on: July 31, 2014, 04:24:54 AM »
This is more worrying. According to my antivirus, the Solstice download contains a specific item of known, identified malware. A keylogging thing, no less. No longer willing to have this on my PC.
You're thinking it out wrong.  That's why you have to install it.  It and the NSA keylogger we all have installed will conflict and give partial data to each.  This way you can discuss poppy cultivation tips with your Al Quaida contacts, and neither will get the full picture.

Sigh, there's no installer.... Any funny how when I look up the malware your software identifed my program as, the first 2 hits are for pages on your antivirus software sellers website, prompting you to use (buy) Sophos to diagnose the problem.

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #34 on: July 31, 2014, 05:06:27 AM »
Redacted for now until I decide what to do.
« Last Edit: July 31, 2014, 05:39:54 AM by Brigand »

Xan

  • Rogueliker
  • ***
  • Posts: 78
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #35 on: July 31, 2014, 05:20:05 AM »
I haven't inspected the .exe, but even so I'm 99% confident that there is no key logger (malware) in Solstice.

Several programs I wrote myself in C were flagged by my antivirus as being/having a keylogger (note that what the antivirus is pointing out is not a specific segment of code identified as malware; it's a generic behavioral pattern); the reason for this is almost certainly that I was using inappropriately low level input methods (which at least has the capability of picking up on keystrokes that are sent with another window in focus). I don't know what kind of access VB has to the WinAPI, but this is likely the issue here as well.

Now, I do have an old copy of Solstice from near the end of 2012 which is not detected as a keylogger by Sophos.  So you probably simply changed how you handle or get input from Windows such that Sophos thinks it is possibly a keylogger. (Virustotal shows only Sophos as reporting this: all other antivirus scans are clear.)

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #36 on: July 31, 2014, 05:29:20 AM »
I haven't inspected the .exe, but even so I'm 99% confident that there is no key logger (malware) in Solstice.

Several programs I wrote myself in C were flagged by my antivirus as being/having a keylogger (note that what the antivirus is pointing out is not a specific segment of code identified as malware; it's a generic behavioral pattern); the reason for this is almost certainly that I was using inappropriately low level input methods (which at least has the capability of picking up on keystrokes that are sent with another window in focus). I don't know what kind of access VB has to the WinAPI, but this is likely the issue here as well.

Now, I do have an old copy of Solstice from near the end of 2012 which is not detected as a keylogger by Sophos.  So you probably simply changed how you handle or get input from Windows such that Sophos thinks it is possibly a keylogger. (Virustotal shows only Sophos as reporting this: all other antivirus scans are clear.)

Thanks a ton for looking for me, Xan. Behaviorally, I do read individual keystrokes (and log them, if you define writing the players name to a file as key logging.)

Honestly, I'm not entirely sure what to do except give up. I've put a lot in so far and have a long way to go, but it seems pointless if no one will play because they think I'm recording what porn sites they are visiting :)  the code is wayyyyy too far along to migrate to something else without completely starting over. Any suggestions? If it were you would you continue on?
« Last Edit: July 31, 2014, 05:32:21 AM by Brigand »

Xan

  • Rogueliker
  • ***
  • Posts: 78
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #37 on: July 31, 2014, 05:46:55 AM »
Thanks a ton for looking for me, Xan. Behaviorally, I do read individual keystrokes (and log them, if you define writing the players name to a file as key logging.)

Honestly, I'm not entirely sure what to do except give up. I've put a lot in so far and have a long way to go, but it seems pointless if no one will play because they think I'm recording what porn sites they are visiting :)  the code is wayyyyy too far along to migrate to something else without completely starting over. Any suggestions? If it were you would you continue on?

Well, I wouldn't stop just yet.  It's been a long time, but if I remember correctly, what triggered the alert on one of my programs was checking the state of every key on the keyboard and writing it to a buffer.  The issue with this I think would be that the program would still detect keys being down even if the window wasn't in focus (e.g. if you were running the program and also typing in a web browser, it would pickup those keypresses).  From what you said, if you are using a low level form of input like this, and then writing the results to a file, it's quite possible that that is the reason for the identification as a keylogger.  If so, I'd just look for some way to get around it.  If you want, I could take a look at your input handling code and see if there's anything that stands out (although it's been ages since I've done anything with VB).

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #38 on: July 31, 2014, 06:22:52 AM »
Well, I wouldn't stop just yet.  It's been a long time, but if I remember correctly, what triggered the alert on one of my programs was checking the state of every key on the keyboard and writing it to a buffer.  The issue with this I think would be that the program would still detect keys being down even if the window wasn't in focus (e.g. if you were running the program and also typing in a web browser, it would pickup those keypresses).  From what you said, if you are using a low level form of input like this, and then writing the results to a file, it's quite possible that that is the reason for the identification as a keylogger.  If so, I'd just look for some way to get around it.  If you want, I could take a look at your input handling code and see if there's anything that stands out (although it's been ages since I've done anything with VB).

Your comments have got me thinking about anything I do codewise that could be construed as key logging by anti virus software. The only thing in the latest release I could think of would be the addition of an auto target toggle. Pressing control + a toggles it on and off, and immediately updates a config file with true or false. Maybe I should only update on exit. I will put it up as version 0.0.37b - could you possibly try downloading it and see if it still flags it?
« Last Edit: July 31, 2014, 06:29:45 AM by Brigand »

Samildanach

  • 7DRL Reviewer
  • Rogueliker
  • *
  • Posts: 453
  • Karma: +1/-0
    • View Profile
    • The Indie Ocean
Re: Solstice (now at v0.0.37 Alpha)
« Reply #39 on: July 31, 2014, 09:07:47 AM »
This is more worrying. According to my antivirus, the Solstice download contains a specific item of known, identified malware. A keylogging thing, no less. No longer willing to have this on my PC.

Wow....theres no key logger and there never has been. Theres no malware of any kind. Do you want to see the uncompiled source code? Please don't post stuff like this. Your anti-virus is overzealous and probably doesn't like the fact its from a 10 year old compiler that doesn't have some signature that it expects.

What anti-virus are you using that is reporting this? Neither AVG nor Symantec on both my computers are reporting any virus.
I'm using the business version of Sophos provided by my employer. I don't want to be suspicious and I certainly don't bear you any ill will but it's not inconceivable that someone might take advantage of roguelike players' willingness to trustingly download all kinds of files. I don't have the tech knowledge to identify whether or not there's a keylogger in there, so I have to err on the side of caution, particularly since it's not saying "this looks a bit dodgy" but actually "this contains a specific named item of malware". My brother has recently been hit by something similar and it's cost him thousands of pounds. I like Solstice but I'm not willing to take that risk.
« Last Edit: July 31, 2014, 09:27:32 AM by Samildanach »

getter77

  • Protector of the Temple
  • Global Moderator
  • Rogueliker
  • *****
  • Posts: 4957
  • Karma: +4/-1
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #40 on: July 31, 2014, 11:36:30 AM »
 ???  ...never had a single issue with the download of this, MSE brings up no warnings and neither did Avast back in the day and I use Firefox---I don't know what the deal is with the lot of this lately as I routinely ignore, for instance, Chrome's download warnings since all are beget from things simply being rarely downloaded items or not using Google's web API wranglings as per Eniko's recent twitterings from July 30.  https://twitter.com/Enichan

I definitely implore you to keep developing on this project Brigand---rare is the newcomer large scale Roguelike nowadays, rare is the comeback such as this has had after life intervened, and too many of your contemporaries were felled or foiled by misfortune and circumstances these past couple years despite their technical savvy(Crown of Alegare, Middlecrest, ...) to make it happen.  Maybe add a disclaimer and/or further tinker with VB and site wranglings as to how things are logged as otherwise this current situation would retroactively make every VB program "suspect"---which is kinda nuts right?
Brian Emre Jeffears
Aspiring Designer/Programmer/Composer
In Training

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #41 on: July 31, 2014, 11:51:24 AM »

I'm using the business version of Sophos provided by my employer. I don't want to be suspicious and I certainly don't bear you any ill will but it's not inconceivable that someone might take advantage of roguelike players' willingness to trustingly download all kinds of files. I don't have the tech knowledge to identify whether or not there's a keylogger in there, so I have to err on the side of caution, particularly since it's not saying "this looks a bit dodgy" but actually "this contains a specific named item of malware". My brother has recently been hit by something similar and it's cost him thousands of pounds. I like Solstice but I'm not willing to take that risk.

I understand and completely respect your position - I certainly wouldn't ask anyone to download a program they are suspicious of, especially in light of having been hit by malware before.

My concern is not that you suspect malware and don't want to download it, it's that you've gone ahead and declared that it definitely is to everyone on the forums based on a single uncorroborated antivirus report. And certainly no malware detector has ever flagged a file as malware incorrectly.

I've been putting versions of the game for years, as Xan said, and there's never been a detection before. It's years of work - I'm not going to throw that away on an easily detectable piece of malware.

Samildanach

  • 7DRL Reviewer
  • Rogueliker
  • *
  • Posts: 453
  • Karma: +1/-0
    • View Profile
    • The Indie Ocean
Re: Solstice (now at v0.0.37 Alpha)
« Reply #42 on: July 31, 2014, 12:16:24 PM »

I understand and completely respect your position - I certainly wouldn't ask anyone to download a program they are suspicious of, especially in light of having been hit by malware before.

My concern is not that you suspect malware and don't want to download it, it's that you've gone ahead and declared that it definitely is to everyone on the forums based on a single uncorroborated antivirus report. And certainly no malware detector has ever flagged a file as malware incorrectly.

I've been putting versions of the game for years, as Xan said, and there's never been a detection before. It's years of work - I'm not going to throw that away on an easily detectable piece of malware.
It wasn't meant to be a definite declaration of malware, it was meant to be a caution to those who might not have my industrial-strength antivirus (I'll edit the post to sound less alarmist).

For me, Chrome and Firefox both completely block it now, and Sophos won't allow me to touch it either, so I basically physically can't download it even if I was willing to take the risk.

Brigand

  • Rogueliker
  • ***
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #43 on: July 31, 2014, 01:10:23 PM »
It wasn't meant to be a definite declaration of malware, it was meant to be a caution to those who might not have my industrial-strength antivirus (I'll edit the post to sound less alarmist).

For me, Chrome and Firefox both completely block it now, and Sophos won't allow me to touch it either, so I basically physically can't download it even if I was willing to take the risk.

Firefox is not blocking your download; it's likely Sophos has a plugin for Firefox, so it's the same thing doing the blocking. I use Firefox exclusively and have never gotten a report of malware.

Just want to add, I work for a big, very well known software developer (enterprise software, not video games), and their enterprise level malware/antivirus protection is not picking anything up. Other than the apparently very well known Google "protection racket" thing about downloading from sites that Google hasn't blessed (via Google Webmaster Tools),  no one else has ever reported an instance of present malware/antivirus.

getter77

  • Protector of the Temple
  • Global Moderator
  • Rogueliker
  • *****
  • Posts: 4957
  • Karma: +4/-1
    • View Profile
Re: Solstice (now at v0.0.37 Alpha)
« Reply #44 on: July 31, 2014, 01:50:23 PM »
I went ahead and created a thread over on Bay12 to see about getting some further visibility and players---perhaps the biggest place out there were ASCII sensibilities are fine and well.
Brian Emre Jeffears
Aspiring Designer/Programmer/Composer
In Training