Sophos AV software warns of "anti-vm" code on installation of Realflight 9, and/or subsequent scan

[Fidd88]

This is rather disappointing to say the least, as Sophos is commercial grade AV software, and I'm very nervous indeed about "allowing" Sophos to run Realflight9 as a consequence. As "anti-vm" properties in code are, as I understand it, employed by virus writers to recognise "honey-trap" pc's (Virtual Machines - VM's) and to then conceal or otherwise cause said viruses not to run, then it's really hard to see why code interpretable by Sophos as malign "anti-vm" is in the realflight 9 installation at all.

Note that I am NOT suggesting that there's any malicious code in the installation, but I do think Knife-edge software need to contact Sophos urgently to identify why this warning is issued, and to get rid of he offending code, so that those of us installing RF9 do not have to over-rule AV software, which is just nuts.

If KE software wish to see the precise warning from Sophos AV, please let me know. Anyone other AV products come up with this warning?

 

[Fidd88]

Ghost129er: Don't install your disappointing software then, simple as that. There's false positives everywhere - corona, STDs, etc...

Ghost129er, for some reason I only received email copy of your reply to this thread. To address your remark, unlike most AV software, Sophos has always adopted a non-heuristic means of identifying threats, (ie not rules-based guesses, but accurate identification of malicious code) and has a vanishingly low "false-positive" rate for viruses and other malicious code. Consequently, if it does trip a warning - and this is the first I've had on over 3 years - you tend to pay attention.

It is NOT acceptable to have code within a product, especially one this expensive, to then discover that it requires over-ruling your AV to operate the software.

I can only think of one other example where I've bought software and encountered the same issue - Silent Hunter III had some very ill-written copy-protection, and that's the best part of 15 years ago. This is not something that happens often - twice since '91 or so in my experience.

If your AV software isn't being tripped by this, my recommendation would be to change it.

My hope is that KE Software urgently contact Sophos to get to the bottom of this and patch out the code, or amend the code in conjunction with them to prevent the warning being tripped, in the (in my experience) very unlikely event that it's a false-positive.

 

[Ghost129er]

Dude I deleted my post ages ago before you even replied to this, if you want to quote an e-mail notification and be that much of a Karen go ahead lmao.

Bet your car's clear coat is flawless too.

 

[Fidd88]

LOL. My car has stuff growing on it! I did wonder if perhaps you'd deleted it, but I wanted to address the point about false-positives/ AV software, as I know for a fact that Sophos is very good in that regard, operating on different principles to say Norton AV, which last I looked, does rely on heuristics. Neither approach is "wrong", but Norton will have many more false-positives than historically Sophos has, precisely because of this difference in approach. Hence the quote/reply, as what you wrote was a not unreasonable view, if you were used to heuristic AV software.

I would like nothing better than for this to be addressed and dealt-with to the mutual satisfaction of KES, Sophos and users, at which point I'll be very happy to run the software. I'm now in the situation of contemplating returning the software and getting a refund - not ideal at all - as I'd like nothing better than being confident it can safely be run. As my then pc was damaged by the previous SH3 debacle - it buggered DVD drives iirc - to the extent that Ubisoft were successfully sued in the US, I'm reluctant to over-rule Sophos with this software, especially as there's absolutely no reason I can see, why such code has a legitimate use in Realflight9.

If you've never suffered damage or data-loss from a virus or bad code, then it's easy to be a bit cavalier about it, once you have, you'll look at it all with a much more jaundiced-eye...

 

[Fidd88]

Post-script:

Mea Culpa. After a conversation with the techies at Sophos, they reassured me that whilst virus identities are non-heuristic, behaviour warnings such as the one I received are machine-learned, and therefore from a reputable software company it's entirely possible this was not malign software in any form, but possibly some unusual calls and behaviour which tripped the warning. Apologies to all, in hindsight I should have checked with the AV company before posting here.