hello

does gog check every file for security threats?

it's just that some files such as redkit which is the modding tool for witcher 2 is picked up as bad by norton internet security. it's not surprisig to see why either. it shares the same name as a threat called redkit which is supposed to be viruses in pdfs iirc.

:-)

There have been numerous reports of (false positives) antivirus flagging gog installers. GOG can't really do much about these so your best course of action is to report them as false positives in the AV. Not sure about Norton, but most should allow to make such reports.

The problem is that antivirus products are updated regularly and can not and do not know every file that exists out there, so they find files they've never seen before and have to make a prediction about whether the file is safe or not. How they go about doing this will vary from one security product to another however I have seen where some antivirus software will flag a file as "possibly harmful" simply because they have never encountered it before, and that is extremely highly likely for new files just released such as game updates etc.

This is a common problem, and the solution is to submit the files to your antivirus vendor for analysis so that they can flag it as safe for everyone else, and either wait for them to update their database to pass the file, or flag the file as an exception if you trust it. If you don't trust the file, the only option is to submit it to your AV vendor though.

It's important to know that GOG can check all of their files with dozens of AV software but being flagged as "possibly harmful" because an app doesn't know what to do with a file - does not make it actually harmful and so with a non-harmful file being flagged as possibly harmful by one of a couple dozen AV products, there is nothing GOG can do as they don't control the AV products or how their files get classified by them incorrectly.

I see your problem there. You have been infected by Norton Internet Security :-D

Bad jokes aside. As has been mentioned, false positives are common. Both for newer files which aren't verified and for other files which the AV's heuristics might deem suspicious.

That the installers are signed by GOG should make it less likely to get flagged by AV's, but what's inside might be a different story.

As for Norton, it's been a while since I last trifled with them. Couple of years back when I did have to work with Norton though I ended up classing it as Worse than a Virus. I've had it outright delete files it found suspicious (sure it was just a jpg taken by a digital camera, no need to be nitpicky), I've had it slow your system to a crawl regularly (I think that's a stated feature actually), I've had it bluescreen computers on boot because it'd deny the OS access to it's own system files.

And I think the most entertaining time was when I helped someone remove Norton. It's firewall component slowed the internet to a crawl. When the uninstaller was run, it uninstalled Norton, but didn't remove it's hooks meaning the networking capabilities for the computer went from "5kb/s? You wish" to "What do you mean receive data over network? You're crazy". Had to do a system restore for that bit, then download a third party removal tool to get rid of Norton.

So yeah, biased I may be. But take the warnings of your Anti-virus (any vendor) with a grain of salt. Take anything you download from the internet with a spoonful of salt. And in the end, ask yourself if you think you can trust what you get.

AV suites provide a fair thing to block automated threats when browsing, and will alert you and at least make you think if something suspicious might be going on. But blindly trusting an AV's opinion is about as good for you as blindly trusting a GPS with outdated map data.

in the end, I trust Gog enough I'd mark it as not-malicious, but how you feel may vary greatly. I do believe they do run what they get through a couple of anti-virus checks before blindly distributing it.

If you're concerned about the modding tools, try uploading the flagged file to virustotal.com which will run it through a set of anti-virus solutions and tell you what they think.

the reason i use norton is because it is the fastest internet security i have come accross. false positives i can handle. i have 30 exclusions added atleast. i use norton because in terms of performance, it doesn't do anything. i also do realise should i get infected norton wouldn't be of any use and it would be my technical experince of the registry and other areas that would be needed to fix it. :-D

but internet security packages aren't really what i'm after.

when i check a download for security i check it myself. i make my own judgement call. internet security, whatever it may be, norton or not, only supports my claim. dealing with old files is why i'm concerned. let me give you an example. i downloaded an old file a couple of years ago. norton said the file was perfectly fine. however, the way it behaved made me believe the file was not safe. so i don't trust internet security at all. i make my own judgement call and security packages just support it.

if gog is using only security packages then i'm not too happy. if gog is actually testing these things to work and using security packages to aid them, then that's fine. otherwise i have my doubts and i believe rightfully so. :-)

Well, other than GOG themselves, that's not really something anyone can answer.
Why don't you contact them about it?

Well,they had better be making sure they are safe for us.One would assume
that they are,as for Norton it's not crash hot for Security.

i can't really contact support because their routine would be "of course it's safe" and if you ask for evidence your going to end up in a loop. ideally we need a representative. no idea how to get hold of one and simple assuming it's safe is not really a way forward. we've also confirmed norton is absolutely rubbish for security - never doubted you :-D

also, a couple of days ago i downloaded my first game from humble bundle. except the secure download page was blocked by norton. norton has never blocked a page ever and this is a unique secure download page by humble bundle. why on earth would norton flag this as dangerous?!? so doubt after doubt really.

of course i could manually check my entire gog library of installers/uninstallers, game data and goodies. YAY! :-|

Don't forget that even well-intentioned software can contain security vulnerabilities. For instance, it may be possible for something like a save file or alternate character portrait to trigger the execution of arbitrary code. (Save files actually have been used to hack video game consoles to run homebrew.)

what exactly would you expect as "evidence" that a program is safe?
A detailed code analysis? That certainly is not gonna happen :p

They actually run all the games during their QA checks. That gives me more confidence that something malicious would be noticed than unreliable virus scanner results.

Of course they do, what reason would you have to think otherwise from a major game distributor?

The funniest thing a couple of months ago was when Avira Antivirus flagged the Malwarebytes installer as malware, preventing me from installing it. Way to go, now antivirus software are flagging even each other. :)

Well, you're creating the loop. You want to know if the files are safe and are unwilling to believe anyone who tells you they are safe including GOG telling you "of course it is safe". Do you really think they should scan all of their files and publish daily virus scan reports on the game card pages to "prove" it to people? Maybe then you'd think it does't prove anything because the website could have been hacked into and the people who put viruses in the game also updated the website to say it was virus-free. That game can go on endlessly.

If someone needs that kind of proof or even something better they're just not going to get it from GOG, Steam, Origin, Uplay or any other gaming service. If that's actually a problem then your only option is to not buy games online really. These are professional companies building and supplying software, they have security infrastructure in place to manage common threats and monitor emerging threats regularly and adjust their infrastructure accordingly as a part of doing business. If one can't trust them to do that, or requires extraordinary proof of some sort that can easily be discounted anyway in a loop then I'm not sure what the point is.

You really have 2 options.

1) Trust GOG knows what they're doing and your security software has false positives. Report them to the security product vendor and add an exception for the files because you trust the vendor.

or

2) Don't trust the vendor unless their files pass your security software's checking. Report the files to the security vendor and wait until they approve them, which is likely to take days/weeks/months. Only then do you trust the files.

But then I have to ask - does Norton virus scan their own files on their webserver? What proof did they give you that Norton Anti-virus does not contain malware, or did you just trust them implicitly? Afterall it is a known fact that malware is out on the Internet for an average of 10-12 months exploiting computers before it is known by antivirus/antimalware software, so your updates for Norton could be compromised too.

I'm just saying.

You decide what you trust and make your decisions around that based on how you perceive the threats to be and which company you trust more - only you can do that. Security is not black and white, and there is no absolute security. It's all about risk management and gauging both trust and risk. You have to choose what works best for you for your own metrics in the end.