Norton regards Hugin as a threat and removes it

[Richard S]

Hi

I downloaded Hugin.  However my Norton antivirus classes it as untrustworthy, and immediately removed it (before I could install).

I have pasted the information Norton displayed, including tips on how to whitelist the program, below.  It would be good if this situation could be avoided.  As it stands this naturally makes me very uneasy about recovering Hugin from quarantine and installing it.

~~~

Updated:

February 15, 2012 3:15:47 PM

Type:

Other

Risk Impact:

High

Systems Affected:

Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

Antivirus Protection Dates

• Initial Rapid Release version March 27, 2009
• Latest Rapid Release version April 20, 2010 revision 025
• Initial Daily Certified version March 27, 2009 revision 005
• Latest Daily Certified version April 20, 2010 revision 024
• Initial Weekly Certified release date April 1, 2009

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
~~~

Updated:

February 15, 2012 3:15:47 PM

Type:

Other

Risk Impact:

High

Systems Affected:

Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Symantec’s reputation technology system tracks the attributes of software files (applications, drivers and DLLs) from multiple sources, including:

• Anonymous data contributed by tens of millions of Norton Community Watch members
• Anonymous data contributed by enterprise customers in a data collection program tailored to large enterprises
• Data provided by software publishers
• Symantec’s Global Intelligence Network

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

The system considers many aspects of a file, including file age, file download source, digital signature, and file prevalence. These attributes are combined using a proprietary algorithm to determine a file’s safety reputation. The system maintains a rating for all files rather than just malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS rating.

Symantec’s reputation-based security engine continuously monitors all files and over time a file’s reputation may change.

~~~

Updated:

February 15, 2012 3:15:47 PM

Type:

Other

Risk Impact:

High

Systems Affected:

Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

WHITE-LISTING
Software developers who want to accelerate the reputation building process for their new software applications should submit new applications to the Symantec white-listing program. Details of that program can be found here.


DISPUTES
If you believe that a program has been incorrectly classified by the Symantec reputation-based security system, then you may submit a dispute using this Web form.


REMOVING A FILE FROM QUARANTINE
It is possible to restore a file from quarantine to its previous location on your computer. This should only be done if you are certain that the file is not malicious. Symantec strongly recommend that you submit the file that was detected even if you choose to restore the file from quarantine.

[David W. Jones]

Strange, but I quit recommending Norton for AV a long time ago. I like
AVG Free or ClamAV.

Where'd you get the download - Hugin's official site?

I encountered something related to another F/OSS program, the very
useful audio editor called Audacity. (I use the Linux version installed
from my distro's repositories.) I was searching for an ebook version of
"Slaughterhouse-Five" and found a link at Megadownloads.com. I followed
the link. It let me download an encrypted ZIP file containing the ebook
and a couple of files giving me a link to follow to get the password to
decrypt the ZIP file. I followed the link. It required me to pick from
one of about 8 options - take online surveys, etc, etc. One option was
to download the Windows version of Audacity. So I did that. Since I
don't use Windows, I couldn't install it, but the download worked, left
me with an EXE file named something like "Audacity.WindowsInstaller.exe".

Having downloaded it, I figured I was good, so switched back to the
Magedownloads site. It was waiting for me to INSTALL the program. I
presume its installer would then signal back to their site that I'd
installed it, then give me the password for the ebook file.

Instead, I decided that their site was possibly distributing something
infected with malware/spyware, and deleted everything I'd downloaded.

Not saying that the Windows Hugin you downloaded is actually infected,
but if you didn't get it from anything like an official Hugin source,
I'd be pretty suspicious of it.

On 07/10/2014 10:12 AM, Richard S wrote:
> Hi
>
> I downloaded Hugin. However my Norton antivirus classes it as
> untrustworthy, and immediately removed it (before I could install).
>
> I have pasted the information Norton displayed, including tips on how to
> whitelist the program, below. It would be good if this situation could
> be avoided. As it stands this naturally makes me very uneasy about
> recovering Hugin from quarantine and installing it.
>
> ~~~
>

> *Updated: *

> February 15, 2012 3:15:47 PM

> *Type: *
> Other
> *Risk Impact: *
> High
> *Systems Affected: *

> Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
>
>
> Behavior
>
> WS.Reputation.1 is a detection for files that have a low reputation
> score based on analyzing data from Symantec’s community of users and
> therefore are likely to be security risks. Detections of this type are
> based on Symantec’s reputation-based security technology. Because this
> detection is based on a reputation score, it does not represent a
> specific class of threat like adware or spyware, but instead applies to
> all threat categories.
>
> The reputation-based system uses "the wisdom of crowds" (Symantec’s tens
> of millions of end users) connected to cloud-based intelligence to
> compute a reputation score for an application, and in the process
> identify malicious software in an entirely new way beyond traditional
> signatures and behavior-based detection techniques.
>
>
> Antivirus Protection Dates
>

> * *Initial Rapid Release version *March 27, 2009
> * *Latest Rapid Release version *April 20, 2010 revision 025
> * *Initial Daily Certified version *March 27, 2009 revision 005
> * *Latest Daily Certified version *April 20, 2010 revision 024
> * *Initial Weekly Certified release date *April 1, 2009
>
> Click here
> <http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854-99#>

> for a more detailed description of Rapid Release and Daily Certified
> virus definitions.
> ~~~
>

> *Updated: *

> February 15, 2012 3:15:47 PM

> *Type: *
> Other
> *Risk Impact: *
> High
> *Systems Affected: *

> Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
>
> Symantec’s reputation technology system tracks the attributes of
> software files (applications, drivers and DLLs) from multiple sources,
> including:
>

> * Anonymous data contributed by tens of millions of Norton Community
> Watch
> <http://www.symantec.com/about/profile/policies/ncwprivacy.jsp> members
> * Anonymous data contributed by enterprise customers in a data

> collection program tailored to large enterprises

> * Data provided by software publishers
> * Symantec’s Global Intelligence Network
> <http://www.symantec.com/business/playerdetail.jsp?cid=enhanced_secur_protection_gin&sg=business&type=videos&lg=en&ct=us&fp=y>

>
>
> The reputation-based system uses "the wisdom of crowds" (Symantec’s tens
> of millions of end users) connected to cloud-based intelligence to
> compute a reputation score for an application, and in the process
> identify malicious software in an entirely new way beyond traditional
> signatures and behavior-based detection techniques.
>
> The system considers many aspects of a file, including file age, file
> download source, digital signature, and file prevalence. These
> attributes are combined using a proprietary algorithm to determine a
> file’s safety reputation. The system maintains a rating for all files
> rather than just malicious files. Each software file is given a GOOD,
> BAD or SUSPICIOUS rating.
>
> Symantec’s reputation-based security engine continuously monitors all
> files and over time a file’s reputation may change.
>
> ~~~
>
>

> *Updated: *

> February 15, 2012 3:15:47 PM

> *Type: *
> Other
> *Risk Impact: *
> High
> *Systems Affected: *

> Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
>

> *WHITE-LISTING*

> Software developers who want to accelerate the reputation building
> process for their new software applications should submit new
> applications to the Symantec white-listing program. Details of that

> program can be found here <https://submit.symantec.com/whitelist/>.
>
>
> *DISPUTES*

> If you believe that a program has been incorrectly classified by the
> Symantec reputation-based security system, then you may submit a dispute

> using this Web form <https://submit.symantec.com/dispute/insight/>.
>
>
> *REMOVING A FILE FROM QUARANTINE*

> It is possible to restore a file from quarantine to its previous
> location on your computer. This should only be done if you are certain
> that the file is not malicious. Symantec strongly recommend that you
> submit the file that was detected even if you choose to restore the file
> from quarantine.
>

> --
> A list of frequently asked questions is available at:
> http://wiki.panotools.org/Hugin_FAQ
> ---
> You received this message because you are subscribed to the Google
> Groups "hugin and other free panoramic software" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hugin-ptx+...@googlegroups.com
> <mailto:hugin-ptx+...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/hugin-ptx/f7900838-a12a-4045-b354-b15bca9662dc%40googlegroups.com
> <https://groups.google.com/d/msgid/hugin-ptx/f7900838-a12a-4045-b354-b15bca9662dc%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.


--
David W. Jones
gnome...@gmail.com
wandering the landscape of god
http://dancingtreefrog.com

[Frederic Da Vitoria]

According to your log, the most recent update is from February 2012. 

- I don't know how Norton works, but shouldn't there be a more recent date somewhere? Most anti-malware systems use heuristic algorithms, and those algorithms are improved with time. If your anti-malware is too old, you will have both too many false positives and to few correct detections. But this is not the issue here, the reputation system may not use an heuristic algorithm.

- I don't know which version of Hugin you downloaded, but if you got it from SourceForge, I suppose it is the latest (2013). I wonder how in February 2012 someone could have any informed opinion about a software which would be issued one year later.

I suggest you use online scanners to check your download

--
Frederic Da Vitoria
(davitof)

Membre de l'April - « promouvoir et défendre le logiciel libre » - http://www.april.org

[Richard S]

Dear All,

You are missing the point.  Norton doesn't currently trust the Hugin download because it doesn't know anything about it - that is all.

My Norton is up to date, in both engine and definition files.  The 2012 date in the logs is simply the date Norton last updated the entry for threat category "WS.Reputation.1"; the date has nothing to do with Hugin or my AV install. 
 
I got the Hugin download from the official site*.  No-one is saying there is actually a problem with it. 

Yes, Norton has its faults but that is missing the point.  Norton is a popular AV and Hugin is not doing itself any favours if it is rejected by a major AV tool when all it has to do is to apply to be whitelisted.

Exiftool used to have a simlar problem and was constantly quarantined; they got themselves whitelisted and - no more problems.

To summarise - could Hugin please get itself whitelisted with Norton to avoid these issues.  Thanks.

(*http:/heanet.dl.sourceforge.net/project/hugin/hugin/hugin-2013.0/HuginSetup_2013.0.0_64bit_windows.exe)

[Richard S]

PS here is a link to the info about how Norton works and how to whitelist  (I should have simply posted this rather than cut and pasting it, apologies!)

http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854-99&tabid=3

[Carlos Eduardo G. Carvalho (Cartola)]

Hi Richard,

I am not a hugin developer, but went there to try to help with something. In fact that web form is intented for users, like you, who experimented the problem, and not the developers. They ask some specific questions that only you, that have the product and had the problem, can know. I started to answer with some info you gave us, but then it starts to ask the product version and things like that.

Can you do that?

Bests,

Carlos E G Carvalho (Cartola)
http://cartola.org/360
http://www.panoforum.com.br/

--

A list of frequently asked questions is available at: http://wiki.panotools.org/Hugin_FAQ
---
You received this message because you are subscribed to the Google Groups "hugin and other free panoramic software" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hugin-ptx+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hugin-ptx/f8ce5fd7-9b09-47af-9f9d-1135903305bf%40googlegroups.com.