Mintty 0.9.7-1 for Cygwin is treated as a security threat by Norton in Windows 7

[GoogleCodeExporter]

What steps will reproduce the problem?
1.  Updating mintty to 0.9.7-1 (in Windows 7)
2.  Launching the terminal window

What is the expected output? What do you see instead?
The expected output is mintty.exe launching the terminal window.
When launching mintty, Norton prevents it from starting, then announces that 
mintty.exe
is a security risk, and removes mintty.exe.

What versions of mintty, Cygwin/MSYS, and Windows are you using?
As stated above, mintty is 0.9.7-1, and Windows is 7. Cygwin is 1.7.9-1.

Please provide any additional information below.
The upgrade to mintty 0.9.7-1 works with no issues in Windows XP and Windows 
Vista.

Original issue reported on code.google.com by s.pat.mu...@gmail.com on 19 Apr 2011 at 1:00

[GoogleCodeExporter]

The executable comes out clean both with my local scanner and on 
http://virustotal.com, so I expect this is a false positive in Norton's 
heuristic scanning. This seems to happen to Cygwin programs fairly frequently, 
probably due to the low-level Windows hackery Cygwin has to do to implement 
POSIX semantics. Nothing I can do about that. Did Norton at least tell you what 
it thought mintty was doing wrong? Of course there's also the possibility that 
it got infected on your system.

As the wise Computius said: "Given the choice between Norton and a virus, take 
the virus."

Original comment by andy.koppe on 19 Apr 2011 at 5:13

• Changed state: Rejected

[GoogleCodeExporter]

Yeah, I figured it was a problem on Norton's end, as I scanned the executable 
at work and home and it came out clean.  Cycling back to the previous version 
of mintty doesn't seem to offend Norton, it operates as expected.  Norton just 
claimed that mintty was engaging in "suspicious activity", which was no help.  
I'll send Norton some info on this today and see if they can tell their system 
to back off.

Cheers.

Original comment by s.pat.mu...@gmail.com on 19 Apr 2011 at 1:04

[GoogleCodeExporter]

As an update, I did some poking around in Norton's history and it finally 
updated the "suspicious activity" it was accusing mintty of performing. 

Norton sez: Code/thread injection-Shield (performed by 
c:\cygwin\bin\mintty.exe, PID 468.

So, it seems to me like Norton panicked because mintty was trying to write 
data, and, (oh no!) viruses write data, so let's overreact.

Oh well.

Original comment by s.pat.mu...@gmail.com on 19 Apr 2011 at 1:45

[GoogleCodeExporter]

Thanks very much for reporting back with your findings.

Original comment by andy.koppe on 19 Apr 2011 at 5:54

[GoogleCodeExporter]

All right, so I've found a way around Norton's overeager treatment of the 
mintty update.  You can force Norton into accepting mintty as a trusted program 
by using the Norton Insight network scan.  

First, update mintty via Cygwin setup.  

Next, and this is important, do not launch mintty's terminal window, instead go 
to c:\cygwin\bin\mintty.exe and right click on the .exe file.

Find your Norton scans in the menu and select Norton File Insight, a Norton 
window will come up with info regarding mintty.exe.  The last category should 
read "User Trusted" and will have an option to Trust Now.  Click on that option 
and Norton will no longer live in fear of the updated mintty executable.  

I think that the percentage of mintty users on Windows 7 might be low enough to 
cast doubt on the program, in Norton's myopic view (when the only tool you have 
is a hammer..).  I really don't have another explanation, but it seems to make 
sense in light of XP and Vista not having issues with mintty.

Good luck, everyone.

Original comment by s.pat.mu...@gmail.com on 19 Apr 2011 at 9:14

[GoogleCodeExporter]

Thought I'd throw it out there if anyone is still listening: The latest update 
to mintty passes muster with Norton.  Whatever was causing Norton's hackles to 
raise seems to have evaporated.  

Original comment by s.pat.mu...@gmail.com on 23 May 2011 at 6:15