Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
July 21, 2019
arrowPress Releases







If you enjoy reading this site, you might also want to check out these UBM Tech sites:


 

Battling BitDefender

by Robert Basler on 10/08/15 01:39:00 pm   Featured Blogs

4 comments Share on Twitter    RSS

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.

 

[Originally from onemanmmo.com.]

There is nothing like trying to get software running in an environment that is actively screwing with it.


[Rolling Strike Force Alpha]
 

I borrowed a laptop with a 3K (3200x1800) screen from a friend to do some debugging on high resolution displays. Bugs like Windows reporting the 3K laptop's screen resolution as 1067x603?! (I wasn't calling SetProcessDPIAware early enough.) There were an assortment of minor issues I was able to quickly fix, but when I went to test them, things really started to go off the rails.

Miranda is designed so that I can easily set up a standalone game and patch server on a PC for testing, so I set this up on my development PC, then downloaded and ran the signed and elevated installer on the 3K test PC. Easy peasy.

First try, the installer immediately stopped with an error, the log showed that the web server was returning an HTTP 403 Forbidden error code downloading laircrashreporter.exe (LairCrashReporter is a tool I wrote to - you guessed it - report crashes to Secret Lair Games.) Oddly enough, checking the logs on the server, it showed 200 OK status instead. Somewhere between the server and the installer the status code was being changed. Weird.

I tried downloading the file using Mozilla Firefox and up popped an error message from BitDefender, the antivirus software installed on the 3K PC, stating that laircrashreporter.exe is in fact Gen:Variant.Kazy.721075 - a Trojan. My first concern was that my development system might be compromised despite the antivirus software it runs, but some testing quickly confirmed that laircrashreporter.exe was in fact just laircrashreporter.exe. BitDefender was reporting a false positive. I then ran laircrashreporter.exe against virustotal.com which tests a file against 56 different virus scanners, 8 of those reported it was Gen:Variant.Kazy.721075. That could be a problem.

Once I modified the installer to report the 403 error and point the user at their antivirus software, BitDefender mysteriously changed its MO. The next test the installer downloaded the file perfectly and it was successfully written to a temporary location while it waited to be moved to its final location. A moment later when the installer went to move the file to its final location, the installer crashed on an unhandled exception. Oops, my bad that.

Checking the log, the installer had failed trying to move the laircrashreporter.exe file to its final location because the file it just wrote had vanished. I took a look at BitDefender again, and sure enough, BitDefender had "fixed" the temporary file for me by deleting it. Awesome.

I spent a lot of time thinking about how to address these attacks by BitDefender, but in the end, all I could really do was provide additional error messages and hope the user figures it out before they contact Tech Support. Unlike a lot of software projects, Miranda verifies its installation on startup so at least it is guaranteed that players can't get into game with a damaged installation.

After two days of struggles, I had to admit defeat and add exceptions to BitDefender for the locations where the installer writes files in order to be able to get through the installation. But the first time LairCrashReporter attempted to report a crash, BitDefender chimed in yet again with The application laircrashreporter.exe attempted to connect to the internet using TCP protocol on port 50482. BitDefender Firewall detected malicious activity and denied access for this application. So I manually added a firewall exception for laircrashreporter.exe. This issue could probably be addressed by encrypting the crash data but I'll leave that hack for another day.

Steam has a page all about false positives in antivirus software so obviously I'm not the first developer to encounter this. Still it feels like a problem I just shouldn't have to deal with. Going through all of this made the software better, but it is sort of like the devs of Guild Wars figuring out that 1% of their game crashes are actually hardware failures. Oh, and since I'm picking on BitDefender, it is completely DPI-dysfunctional, I practically needed a magnifying glass to read it on the 3K laptop.


Related Jobs

DMG Entertainment
DMG Entertainment — Beverly Hills, California, United States
[07.19.19]

Game Engineer
Hi-Rez Studios
Hi-Rez Studios — Alpharetta, Georgia, United States
[07.18.19]

Senior Technical Artist
Hi-Rez Studios
Hi-Rez Studios — Alpharetta, Georgia, United States
[07.18.19]

Unannounced Project - Gameplay Programmer
Build A Rocket Boy Games
Build A Rocket Boy Games — Edinburgh, Scotland, United Kingdom
[07.18.19]

Senior Animation Programmer





Loading Comments

loader image