Why is old software detected as a virus or a pup?

groze · 08 Nov 2014

Why is old software detected as a virus or a pup?

I let the mod decided if this needs to move to the chill out room.

I have some old software on a usb that cause MSE to go off.

Here is a list of the tools.

PSPV.EXE (The owner of this program complained to Microsoft & other virus providers it is for xp though-It is a good program if you forgot your password.)

FIREHOLE.EXE (Got it from the Gibson Research Corporation it is for xp though)
WFPS10.EXE (Got it from the Gibson Research Corporation it is for xp though, it not a key generator though)

At least, I know there false positives. I wonder why they go off. I am sure they know about their tweaking tools. Shouldn't this be changed to something like an advisory, that these tools are for early operating systems. Have there been copy cats made of those tools that are real viruses? I have to disable MSE if I want to copy this to another USB drive.

Why do I still have the tools, my old computer has 98se & xp sp3 on it.

A Guy · 09 Nov 2014

Often programs will be flagged as PUPs based on the way they work. Programs that access Windows in such a way as to mimic the way viruses work can and will be flagged. They could also be flagged as viruses, or trojans. But since yours are flagged as PUPs, the AV is only saying they are POTENTIALLY unwanted programs. It is not only old software that can be flagged. Things like WebBrowserPassView, or ProduKey can be flagged. The AV program is not saying those programs are bad by identity, just by behavior. You should be able to whitelist them in your security programs. A Guy

LMiller7 · 09 Nov 2014

Malware has become highly sophisticated in recent years and a large part of this is avoiding detection, even by the very best AV products with the latest definitions. More tricks are being devised all the time to evade AV detection. A modern trick is for malicious software to have many variations, just different enough to fool the AV software. AV software capable of detecting such malware must be very complex and it is inevitable that mistakes will be made. Some malware will get through and some legitimate software be be falsely detected.

Have there been copy cats made of those that tools that are real viruses?

Probably.

AV software has no inbuilt knowledge of legitimate software. This would be very difficult to provide and could be exploited by malicious software.

And as "A Guy" has pointed out, some legitimate software is flagged because of it's potentially malicious behavior.

Far better to falsely report some legitimate software as malicious than let dangerous software through. Security always has it's price.

The providers of AV software are well aware of the potential for false detection. That is why they provide a means whereby the user can mark files as legitimate.

Callender · 09 Nov 2014

I don't know about MSE PUP detections but Malwarebytes lists the following criteria for deciding if a program is a Potentially Unwanted Program:

Malwarebytes | PUP Reconsideration Information & Request Form

So if your software is doing anything contained in that list maybe that's why MSE flags it up.

Why is old software detected as a virus or a pup?

Why is old software detected as a virus or a pup?

MSE detects PUP