The GNUBG team takes such reports seriously,
when we know about them. That is the problem. With about 30+ commercial anti virus programs on the market we must rely on feedback when there is an issue. I asked around privately to a few people and checked the mailing lists and bug system. No one seems to have any correspondence from Bill for either of his two complaints. But we did have others that have informed us of false positives and we have dealt with them over the years.
The GNUBG team also can't be on all the forums across the planet in all different languages to see reports by user. People like Mike Mannon (Taper_Mike) do the correct thing and contact us directly if they see an issue. Case in point in the first quarter of 2013, Mike sent me a personal email about a report on twoplustwo about the GNUBG site being hacked. I wasn't a follower of this forum until then. Our team was already aware of the issue at the time, but Mike at least gave us a heads up in the event we didn't know. So kudos there.
Mike Mannon pointed out in another thread on twoplustwo (somewhere) about a
false positive report earlier in the year that someone properly put into our bug tracking system. It was the reputation hit in Norton Anti Virus that gets flagged as what appears to be yet another virus. You'll learn that with such reports we do what we can as fast as possible. I personally contacted Norton letting them know of that false positive, and they responded via email within 24 hour confirming it. I posted Norton's response that they would update their database and the fix would be pushed out in their software. The person reported the next day that Norton had cleared the problem and that the download was no longer an issue. Norton (Symantec) also recommended using their white list service for all our new releases to help alleviate the issue. Since then I have done just that.
Why do I know so much about what viruses are in our installers? Because I am the person who actually builds each release, makes sure the build systems are virus free, and puts them on the website. I'm also the one who during our last website hack was asked to deal with the issue. I had to download every file and scan them for viruses. In 15 years we have had our site attacked twice (the last incident had the attack that spanned a couple weeks until I got full domain privileges to properly secure gnubg.org). Since then I am also tasked with maintaining the website, and making sure the component software we use is up to date etc. One thing I did do to reduce headaches for myself was to split the content management system (CMS) from our download pages. We now have two independent webhosts for our domain. One carries the CMS (which like twoplustwo is often the main point of attack for hackers) and the other is our download media directories. If the CMS is attacked it doesn't influence the downloads.
I'd like to know exactly what Bill thinks we are suppose to do when 3rd party software screws up, and people take it on blind faith that their anti-virus software is infallible. In one case a few years ago, antivirus software declared a component of MS Windows as a problem, and for some it made their systems non functional. One can read this
article . Even better is when Microsoft Security Essentials flags files in Google Chrome as suspicion forcing users to re-install Chrome as is discussed in this
article
Bill is a very intelligent person, and he understands Backgammon but I think he has a misconception about Anti-Virus software in general, and just how wide spread the idea of false positives is. I finally drew the line after his commentary about the GNUBG staff implying that we were incompetent and don't care about such issues. It is one thing to say "Hey I don't use GnUBG because I had this particular experience", it is another to imply that the GNUBG team doesn't take this type of thing seriously when it is patently false.
Bill has been told by others on here about such issue and how they have been resolved, but it seems Bill completely disregards that, and continues with the disinformation. I do believe it is partially political in nature.
One final point about false positives. Since they are quite common there is a website that was designed to help people make more informed decisions about whether the report of malicious software may be a real threat or not. If you download software that you think is probably safe but is flagged, I recommend going to
VirusTotal, upload the file (if it fits) and have it scanned. It takes more than 30 virus scanners and analyses the file with each. Although not full proof, in general you can get an idea of false positives when just one virus program flags the software and the others don't. In the case of Norton if it says the virus check failed because of Reputation it means the software isn't known to be trusted and it is flagged as potentially suspicious even if it is completely harmless.
This may not be widely known but the software developers of the major bots on the market these days actually have a good working relationship. In particular Xavier, Frank Berger, and I collaborate on projects that are of mutual interest for the Backgammon users in general whether it is about rollouts, Deprelli study, or discussions on open formats. The GNUBG team take no issue with people writing commercial proprietary software for Backgammon, nor do we see it as a threat since our product's target market is different.
Last edited by mpetch; 09-17-2013 at 03:41 PM.