Re: Inquiry about release date of nvda2018.2.


Quentin Christensen
 

Well, NVDA 2018.2 is now out, so let me know how you go with that :)


On Wed, Jun 13, 2018 at 4:32 PM, Brian's Mail list account via Groups.Io <bglists@...> wrote:
This this file is not normally downloaded is quite a pain as snaps change all the time I end up having to find the checkbox and uncheck it as it affects most things I download. There is also some oddity sometimes when a page redirects as well as having a different file name that ends up in only a partial download, at least in firefox and waterfox. I know often people need to be protected from themselves but I do also think that if you are on a reputable site you should not get all this hassle.
Brian

bglists@...
Sent via blueyonder.
Please address personal E-mail to:-
briang1@..., putting 'Brian Gaff'
in the display name field.
----- Original Message ----- From: "Quentin Christensen" <quentin@...>
To: <nvda@nvda.groups.io>
Sent: Wednesday, June 13, 2018 12:29 AM
Subject: Re: [nvda] Inquiry about release date of nvda2018.2.


Are you sure Symantec thinks it is a virus, and if so, which one?  Symantec
is listing the file as clean on VirusTotal, so I'm not sure whether it is
using a newer or older version than yours.

I know Windows Defender will recommend blocking downloadable executables
which haven't been downloaded many times - you often notice this if you are
one of the first to download a new build of NVDA for instance.  Could
Symantec be doing something similar?

I just got Virus Total to rescan the file and I notice now that Anity is
also coming up clean - I wrote to them last night to report the false
positive.

https://www.virustotal.com/en/file/1f8b180bc955bf59d21840bb79701372ea3b4563e57ec07d2b7ae231e83517ff/analysis/1528845976/

Kind regards

Quentin.

On Tue, Jun 12, 2018 at 11:23 PM, Michael Chopra <michaelchopra38@...>
wrote:

 Hi. It’s definitely Rc 3.
Thanks.
From Michael.

<https://aka.ms/o0ukef>
------------------------------
*From:* nvda@nvda.groups.io <nvda@nvda.groups.io> on behalf of Quentin
Christensen <quentin@...>
*Sent:* Tuesday, June 12, 2018 10:00:16 PM

*To:* nvda@nvda.groups.io
*Subject:* Re: [nvda] Inquiry about release date of nvda2018.2.


Hi Michael,

Was it RC1 or 2 then?  As I'm not seeing it with RC3?

The way AV programs work, or one way at least, is they look for
"signatures" of known viruses.  Each virus tends to have a group of bytes
that distinguishes it from other programs - in the same way, if you wanted,
you could probably go through a library and pick say the first sentence out
of each book.  You could then bring in a new book without a cover, compare
the first sentence against your list of known sentences, and decide whether
it matched anything you'd seen before.

Occasionally you might get two books that have the same first sentence,
and so one might be misidentified as the other.  It basically works exactly
the same way with viruses.  Because it is just a string of characters, they
could appear in other programs, and occasionally do, that is how false
positives occur.

So, when we built rc2 (or 1?) it just happened that the exact sequence of
characters appeared in our setup file as must appear in some virus.  It's
something that Symantec have to update in their database, and once I know
which build I can let them know - they have a set process for letting them
know about false positives.  They'll then double check our file, confirm
with what else they know about that virus that it definitely is a false
positive and then update their definition list, and that will go out the
next time they send out an update (usually in a day or so).

For now, RC3 seems ok so you should be able to download and run that if
needed.

Kind regards

Quentin.

On Tue, Jun 12, 2018 at 7:17 PM, Michael Chopra <michaelchopra38@...
> wrote:

 Hi. As far as I understand, it is flagging the release candidate
versions. I am not sure about the snapshot builds, as I have not downloaded
any of them.  With this issue, is it something that you have to sort out or
is it for Symantec?
Thanks.
From Michael.

<https://aka.ms/o0ukef>
------------------------------
*From:* nvda@nvda.groups.io <nvda@nvda.groups.io> on behalf of Quentin
Christensen <quentin@...>
*Sent:* Tuesday, June 12, 2018 8:53:11 PM
*To:* nvda@nvda.groups.io

*Subject:* Re: [nvda] Inquiry about release date of nvda2018.2.


Hi Michael,

No problem at all, we're transparent here.  Thanks for the heads-up!  Can
you advise which version is being flagged?  Is it 2018.1.1 (on the main
download page), NVDA 2018.2rc3 (the current release candidate) or one of
the snapshot or other builds?

I just ran a couple of builds through VirusTotal:
https://www.virustotal.com/en/ - they run any file or site you specify
through many of the reputable and unknown AV scanners and tell you what
comes back positive

RC3 is being flagged by something called  "Antiy-AVL" that I've never
heard of, as "Trojan/Win32.AGeneric".  If I can figure out who they are,
I'll write to them.

Symantec is happy with the RC as far as I can see.

NVDA 2018.1.1 is coming up clean on everything.

I tried nvda_snapshot_next-15180,4479f3ab.exe which I had lying around
from the 7th of June and it came back clean.

As Brian noted, one AV or another will flag programs from time to time.
The easiest way to allay any fears is to check whether other reputable AV
programs which also detect whatever it was also detect it.  In the case of
Trojan/Win32.AGeneric, it's a bit hard, as it's simply claiming it looks
like a generic trojan, without actually have the "signature" of any known
virus.

On Tue, Jun 12, 2018 at 6:13 PM, Brian's Mail list account via Groups.Io
<bglists=blueyonder.co.uk@groups.io> wrote:

This sort of thing seems to occur with many pieces of software from time
to time though. I would hope that feedback to the company would immediately
prompt them to put in an exception for it. There was a similar issue over a
password manager a while back I seem to remember.
Brian

bglists@...
Sent via blueyonder.
Please address personal E-mail to:-
briang1@..., putting 'Brian Gaff'
in the display name field.
----- Original Message ----- From: "Michael Chopra" <
michaelchopra38@...>
To: <nvda@nvda.groups.io>
Sent: Tuesday, June 12, 2018 5:37 AM
Subject: Re: [nvda] Inquiry about release date of nvda2018.2.


Hi Quentin and all. Are you aware that NVDA is being treated as a virus
by Symantec endpoint protection? It just deletes the file and does not
let me do anything with it. It's probably not the best place to bring
this up, but I thought I would let you know.

Thanks.

From Michael.


On 12/06/18 16:30, Quentin Christensen wrote:

We released NVDA 2018.2rc3 the other day:
https://www.nvaccess.org/post/nvda-2018-2rc3-released/

So, the final version should be out within a week or so, unless
anything big is found.

Kind regards

Quentin.

On Tue, Jun 12, 2018 at 1:26 PM, Angaragerdene
<b.angaragerdene@... <mailto:b.angaragerdene@gmail.com>> wrote:

    Hi guys:
    Is there any set date for nvda 2018.2 to release? Couldn't find
    it anywhere.






--
Quentin Christensen
Training and Support Manager

Official NVDA Training modules and expert certification now available:
http://www.nvaccess.org/shop/

www.nvaccess.org <http://www.nvaccess.org/>
Facebook: http://www.facebook.com/NVAccess
Twitter: @NVAccess













--
Quentin Christensen
Training and Support Manager

Official NVDA Training modules and expert certification now available:
http://www.nvaccess.org/shop/

www.nvaccess.org
Facebook: http://www.facebook.com/NVAccess
Twitter: @NVAccess




--
Quentin Christensen
Training and Support Manager

Official NVDA Training modules and expert certification now available:
http://www.nvaccess.org/shop/

www.nvaccess.org
Facebook: http://www.facebook.com/NVAccess
Twitter: @NVAccess





--
Quentin Christensen
Training and Support Manager

Official NVDA Training modules and expert certification now available:
http://www.nvaccess.org/shop/

www.nvaccess.org
Facebook: http://www.facebook.com/NVAccess
Twitter: @NVAccess










--
Quentin Christensen
Training and Support Manager

Official NVDA Training modules and expert certification now available: http://www.nvaccess.org/shop/

Facebook: http://www.facebook.com/NVAccess 
Twitter: @NVAccess 

Join nvda@nvda.groups.io to automatically receive all group messages.