Antivirus issues
SLPlugin.exe is a small viewer component which allows us to run a web-browser and a video player outside of the viewer's main executable. In contrast with other viewers, Singularity's SLPlugin also handles chosing files for upload and download, to separate it out and provide an extra convenience of not suspending communication with the grid while you're looking for a file.
SLPlugin contains no function of its own, instead it uses inter-process communication to allow the viewer to load bundled modules, and to pump the video output back into the viewer. Because of its seeming ability to execute arbitrary code and inter-process communication use, it may look like possibly-malicious code to non-specific detection routines, but we firmly believe that its use of these techniques does not compromise your system, on the contrary, it increases safety of the viewer by keeping untrusted communication with the internet outside of the main executable, which handles your precious private data and communicates with a trusted service, such as Second Life.
If SLPlugin executable is removed by antivirus, you will suffer severe loss of functionality. You will also see an error message of the form "No Media Plugin was found to handle the 'text/html' mime type" upon startup.
Here linked is a typical example VirusTotal report on SLPlugin.exe. As can be clearly seen, all anti-virus solutions except for two consider us clean, those two being Symantec and PC Tools. Note that there have been occasional false positives from other anti-viruses on the list, but we have been able to work with them to adjust their detection routines such, that SLPlugin doesn't trip them. The two that still trip, don't find any specific known virus, but consider the executable suspicious, perhaps for the reasons outlined above. Also although detection name is different, note that PC Tools is a subsidiary of Symantec, so technically, it might not be a coincidence - except Symantec is fully able to professionally maintain their anti-virus solution, PC Tools appears not to be.
This problem is not unique to Singularity. I have heard from Imprudence and Firestorm teams experiencing similar problems.
PC Tools Spyware Doctor with AntiVirus, PC Tools Internet Security
This repeat offender won't accept a false positive report from me as a software developer, because I'm not a paying customer. If you are a paying customer, report false positive to [email protected]
I am only able to receive an automated reply like this:
Dear Customer,
We recently received an email from you sent to the PC Tools customer support team.
While we do everything we can to ensure that all users get answers to the questions they may have, we do prioritize our support services to our paying customers first.
As we were unable to confirm your license ownership, here are some suggestions for getting the support you need.
>> If you're a paying customer:
1. Please locate your license code details from your order confirmation email, or by going into the program itself and clicking 'Help' then 'About', then re-submit your question at www.pctools.com/support/email
2. Or if you've lost your code, you can recover your license code at www.pctools.com/lostcode, and then re-submit your question at the address shown at 1.
>> If you're a free / trial version customer:
1. You can browse hundreds of questions and get the answers instantly from the Knowledge Base support system at www.pctools.com/contact/support.
2. Visit the PC Tools Community Forum at www.pctools.com/forum where you can obtain free advice from our support team as well as other users.
3. If you purchase our software, it includes access to all our support options, including phone, LiveChat and email support. You can make a purchase for the programs at www.pctools.com/purchase.
We hope you find these resources to be useful and we look forward to assisting you!
Kind regards,
PC Tools Support Team
But hey, there is a web chat widget on a web site, so let's try this!
Please be patient, an agent will assist you momentarily.
Hello, welcome to PC Tools Chat. Please briefly describe your goal or question and I will connect you with the best resource to answer your questions.
Cody Russell: Hi! How can I help you today?
Customer: Hello. I'm a developer of software, which, according to VirusTotal and to my users, triggers a false positive in PC Tools AntiVirus.
Customer: i'm unable to report a false positive to [email protected] because i'm not a paying customer of PC Tools, nor do i have any desire to become one.
Customer: It just bounces my message with an automated reply that i have to be a paying customer.
Cody Russell: Okay, let me give you the number for the Customer Service team so they can access your account information and help you with this. You can contact Customer Service by phone at 1.800.764.5783. You may have to wait on hold if the line is busy.
To avoid waiting on hold, I suggest using email support. To use email support, email your question with as much detail as possible, including your account information, and they will research your issue and get back to you. The direct email address is [email protected]
Is there anything else I can help you with today?
Customer: Yes, you can re-read what i said, because you don't understand me.
Customer: You, sir, just failed the turing test -.-
Cody Russell: I understand that you may have been hoping for a quick answer, however, I am here to make sure customers get to the correct resource for their question(s).
Customer: Now to re-iterate, i'm acting on behalf of my customers. I am not your customer.
Cody Russell: Is there anything else we can help you with today?
Customer: Yes, you can give me an e-mail address, to which i, as a DEVELOPER of software which triggers a false positive, can send a false-positive report. I am not a customer of PC Tools, thus i cannot use [email protected]
Customer: Also, please give me permission to publish this conversation on my software's web page.
Cody Russell: To get further assistance with this, you would need to contact the support team.
Customer: Support team refuses contact with me, because i'm not a customer of PC Tools.
Customer: If you won't say that you protest against publishing this conversation, your consent will be implied.
Cody Russell: I recommend having a client email the technical support team, to hasten the process.
Cody Russell: Is there anything else I can help you with today?
Cody Russell: Thank you for taking the time to chat with PC Tools and have a great day!
Thank you for connecting PC Tools, you may now close this chat window.
Your session has ended. You may now close this window.
There's a phone number, feel free to use it. I certainly won't make a phone call to the other side of the globe to hang in a waiting line and then possibly talk to a menu driven robot. Or, you, as a customer, can draw your own conclusion whether you really want to deal with these clowns. Truly, PC Tools - Nomen est Omen.
Symantec Norton
A reasonably professional yet particularly stubborn repeat offender. It goes like this, every time i build a new version, i go to VirusTotal, make sure Symantec still thinks we're suspicious, then using this fill out a false positive submission form and upload SLPlugin.exe. 3 days to a week later, i get notified that my SLPlugin has been, surprise! found to be clean, and will be white-listed (explicitly excluded from detection), and that the white-list will be rolled out next week or so. So far so good, re-checking the executable on VirusTotal a few days later will certainly show it clean. But every time the version number changes or something in one of the libraries, the process has to be repeated! Apparently they don't or can't white-list the particular breed of our code patterns, instead they white-list the whole executable checksum. We aim to bring you fixes as quickly as possible, so we try to release every 2 weeks. The whole whitelisting process is becoming really, really tiresome for me, and for our users which have to wait for a week or more after each version to be certified clean.
Now, I have been suggested and try to be accepted into Symantec's developer programme, where i can link to the whole installer and have them do the work. However, this promises even longer lead times on white-listing, but maybe, just maybe, this can lead to a proper solution eventually, like them actually adjusting detection routines someday not to trip on our SLPlugin.exe, but considering they are big and we aren't, this may never happen - you would think, alone reporting them the same named executable bi-weekly as we have been doing might cause some kind of attention, but so far it hasn't.
The way Firestorm project will be coping with this, is purchasing a code-signing certificate, and having the executables signed with it during build process, which disables heuristic detection in Symantec for those. This poses organizational problems - as opposed to Firestorm, we are not incorporated, because this is not a cheap and easy thing in my country, and I'm not very keen on having my real name shine on our product - I don't want to become a real-life harassment target which as you all know SL and its grieferdom, very well may happen. Besides, it's expensive - costs will be somewhere between 100 and 500 USD per year, again depending on what can be arranged there, I'm not sure which ones would allow me to purchase as an individual but have only project name, Singularity Viewer, on a certificate. Financially, the donation volume within our nearly one complete year of operation, has not been anywhere close to cover even the cheapest possible code-signing certificate, so I would have to either pay this from my own pocket (how much more do I have to donate to Singularity than just my time?), or discontinue Singularity as a free product and sell it for money, which is frankly not something I can impose on our user community nor the co-developers, keeping in consideration that we must stay open-source because of our heritage. Puh, so much trouble just to keep a single antivirus happy!
Ok my antivirus is a problem, what now?
You can hammer at your antivirus support, asking them to get this fixed on their end. Failing this, you can replace your antivirus - this would be the market solution to the problem of them not doing their thing right. I can wholeheartedly recommend Microsoft Security Essentials - you paid for it when you bought Windows or your Windows-equipped computer, it offers real protection and at the same time, is not known to have false positives or any kind of user annoyance really.
You can turn off Heuristic or Zero-Day threat detection in your antivirus. It's invariably slow and, at least in my opinion, doesn't offer you any protection - it's there to feed suspicious code to the antivirus company to possibly, with some low probability, identify new virii faster.
You can see whether you can de-quarantine SLPlugin.exe in your antivirus and convince it that it doesn't really contain the specific kind of threat that your antivirus claims. If you can come up with a clear instruction, preferably with screenshots, on how to do this, send it to me and i'll post it here.
What you should in NO event do, is exclude SLPlugin.exe from real-time protection. A web-browser and a QuickTime video player run hosted inside it, accessing untrusted sites on the internet, as directed to by parcel media or links you might click in-world. All files written and read by web-browser should to be checked for threats in real time.