Closed GoogleCodeExporter closed 9 years ago
The executable comes out clean both with my local scanner and on
http://virustotal.com, so I expect this is a false positive in Norton's
heuristic scanning. This seems to happen to Cygwin programs fairly frequently,
probably due to the low-level Windows hackery Cygwin has to do to implement
POSIX semantics. Nothing I can do about that. Did Norton at least tell you what
it thought mintty was doing wrong? Of course there's also the possibility that
it got infected on your system.
As the wise Computius said: "Given the choice between Norton and a virus, take
the virus."
Original comment by andy.koppe
on 19 Apr 2011 at 5:13
Yeah, I figured it was a problem on Norton's end, as I scanned the executable
at work and home and it came out clean. Cycling back to the previous version
of mintty doesn't seem to offend Norton, it operates as expected. Norton just
claimed that mintty was engaging in "suspicious activity", which was no help.
I'll send Norton some info on this today and see if they can tell their system
to back off.
Cheers.
Original comment by s.pat.mu...@gmail.com
on 19 Apr 2011 at 1:04
As an update, I did some poking around in Norton's history and it finally
updated the "suspicious activity" it was accusing mintty of performing.
Norton sez: Code/thread injection-Shield (performed by
c:\cygwin\bin\mintty.exe, PID 468.
So, it seems to me like Norton panicked because mintty was trying to write
data, and, (oh no!) viruses write data, so let's overreact.
Oh well.
Original comment by s.pat.mu...@gmail.com
on 19 Apr 2011 at 1:45
Thanks very much for reporting back with your findings.
Original comment by andy.koppe
on 19 Apr 2011 at 5:54
All right, so I've found a way around Norton's overeager treatment of the
mintty update. You can force Norton into accepting mintty as a trusted program
by using the Norton Insight network scan.
First, update mintty via Cygwin setup.
Next, and this is important, do not launch mintty's terminal window, instead go
to c:\cygwin\bin\mintty.exe and right click on the .exe file.
Find your Norton scans in the menu and select Norton File Insight, a Norton
window will come up with info regarding mintty.exe. The last category should
read "User Trusted" and will have an option to Trust Now. Click on that option
and Norton will no longer live in fear of the updated mintty executable.
I think that the percentage of mintty users on Windows 7 might be low enough to
cast doubt on the program, in Norton's myopic view (when the only tool you have
is a hammer..). I really don't have another explanation, but it seems to make
sense in light of XP and Vista not having issues with mintty.
Good luck, everyone.
Original comment by s.pat.mu...@gmail.com
on 19 Apr 2011 at 9:14
Thought I'd throw it out there if anyone is still listening: The latest update
to mintty passes muster with Norton. Whatever was causing Norton's hackles to
raise seems to have evaporated.
Original comment by s.pat.mu...@gmail.com
on 23 May 2011 at 6:15
Original issue reported on code.google.com by
s.pat.mu...@gmail.com
on 19 Apr 2011 at 1:00