Wibbles Posted July 20, 2020 Share Posted July 20, 2020 RM-2 Our favourite console emulator, simply place it in your track and hear it come alive! RM-2 Analog Channel captures the warmth of an uncelebrated Japanese console, the Panasonic Ramsa WR-S4424. Take it to the extreme and it's great for squeezing the juce out of any track! Best of all it's only $5 for the next 48 hours! (Reduced from $49.99) https://audioassault.mx/rm2 1 1 Link to comment Share on other sites More sharing options...
Piotr Posted July 20, 2020 Share Posted July 20, 2020 I wish more plugin manufacturers were doing more detailed antivir control and adjust compilation if needed. How did we know if it was false positive alert or maybe a hacker modified their binary at their server? 😕 Some of their binaries - especially older products - are giving alerts on virustotal. Link to comment Share on other sites More sharing options...
TheSteven Posted July 20, 2020 Share Posted July 20, 2020 (edited) 2 hours ago, Piotr said: I wish more plugin manufacturers were doing more detailed antivir control and adjust compilation if needed. How did we know if it was false positive alert or maybe a hacker modified their binary at their server? 😕 Some of their binaries - especially older products - are giving alerts on virustotal. 'adjusting compilation' is not how it usually works... False positives happen all the time and A/V company may need to tweak their algorithms. If you're getting alerts you need to notify plugin creator about it so that they contact the A/V company about getting it corrected. They'll need to know what plugin gets what error with what version of the A/V program. Edited July 20, 2020 by TheSteven Link to comment Share on other sites More sharing options...
Piotr Posted July 20, 2020 Share Posted July 20, 2020 1 hour ago, TheSteven said: 'adjusting compilation' is not how it usually works... False positives happen all the time and A/V company may need to tweak their algorithms. Yep, you are right I was not precise. It was needed to be compiled something what would not trigger alert so it was about little more just a compilation itself. 1 hour ago, TheSteven said: If you're getting alerts you need to notify plugin creator about it so that they contact the A/V company about getting it corrected. They'll need to know what plugin gets what error with what version of the A/V program. Steven, this is what I am talking about. I would like whole process of creation which should include testing also included procedure for antivir checks/reporting if false positive to all popular antivir service providers. I created plugin, compiled, tested it so next step before providing to whole world is using tools like virustotal not to let users have any concerns or doubts... This is how good brands are built. No leaving any possible doubts about quality of the process. Not just pass the work to users... You could say it is cheap plugin so it it is a trade but having zylion plugins user is not looking for another work (after installation, plugin management, updates etc). I was send few times such info and you know what... Only in one case I got answer they will check and thanks for concerns. The rest if anything answered with automatic blind approach they can ensure they are clean... So what? They even didn't try to check I should just take their words? As like it was not possible a hacker can crack their site and infect a few binaries with additional code to spread malware.. To be honest if I have any doubts I am skipping all free plugins with alerting. Having zylion others I don't want to take even small risk. No time for this. Little worse case if I can scan after buy and then something trigger alert... Of course problem is little more tricky as when we are passing management to plugin managers we in fact are losing any way to check before installation so only our OS installed antivir is the last point of defense... Link to comment Share on other sites More sharing options...
Mánibranðr Studios Posted July 20, 2020 Share Posted July 20, 2020 This is a pretty good analog plugin for when you need a track to come in hot. 2 Link to comment Share on other sites More sharing options...
antler Posted July 20, 2020 Share Posted July 20, 2020 1 hour ago, Piotr said: Steven, this is what I am talking about. I would like whole process of creation which should include testing also included procedure for antivir checks/reporting if false positive to all popular antivir service providers. I created plugin, compiled, tested it so next step before providing to whole world is using tools like virustotal not to let users have any concerns or doubts... This is how good brands are built. No leaving any possible doubts about quality of the process. I suspect very few plugin creators actually submit samples to AV companies as part of their release process. What probably happens more often is that AV scanners use heuristic scanners and see that the plugin installers don't have malware, and then (as part of the AV T&Cs that the user agrees to when installing) send a sample back to the AV company if necessary; they can then investigate if needed, adding it to their accept/ban lists. The bigger a plugin company is, the more people use their plugins, the more quickly a plugin can be marked as safe by AV vendors; conversely, the smaller a plugin company is, the longer it takes to get to the same place. The thing that all plugin companies can do (and I wish they did) is to digitally sign their installers: this would be an indication that a binary hasn't been modified ('hacked') since it was released. There are some fairly big-name companies that have deals posted on here quite regularly, that don't sign their installers; I know a signing certificate costs money so an independent developer might not want to buy one, but the plugins I'm referring to are reasonably expensive. Link to comment Share on other sites More sharing options...
TheSteven Posted July 20, 2020 Share Posted July 20, 2020 17 minutes ago, antler said: I suspect very few plugin creators actually submit samples to AV companies as part of their release process. Not just plugin creators but most software developers. Never heard of 'virus total' before today. If they mass test software against the majority of a/v programs and the service is free it might be something to check out. Cudos to them is they can stay on top of it, it's a formidable task as the better A/V programs update regularly & often. 18 minutes ago, antler said: The bigger a plugin company is, the more people use their plugins, the more quickly a plugin can be marked as safe by AV vendors; conversely, the smaller a plugin company is, the longer it takes to get to the same place. The popularity setting... Yeah fairly worthless for most plugins and small vendor software. I deal with this with my MenuMagic software - since I don't have 10 million people installing it most A/V programs that use popularity rankings warn people about my software <sigh>. Unfortunately popularity doesn't mean that the copy of the software you're downloading is clean, only that a lot of people have used use it or used previous versions of it. 24 minutes ago, antler said: The thing that all plugin companies can do (and I wish they did) is to digitally sign their installers: this would be an indication that a binary hasn't been modified ('hacked') since it was released. There are some fairly big-name companies that have deals posted on here quite regularly, that don't sign their installers; I know a signing certificate costs money so an independent developer might not want to buy one, but the plugins I'm referring to are reasonably expensive. Yes signing is expensive which is why small shops and many not so small shop don't use it / can't use it. Link to comment Share on other sites More sharing options...
mibby Posted July 20, 2020 Share Posted July 20, 2020 17 minutes ago, TheSteven said: I deal with this with my MenuMagic software - since I don't have 10 million people installing it most A/V programs that use popularity rankings warn people about my software <sigh>. I never realized you had this software. It looks SUPER useful too! What did you program it in? Studio One could use some plugin management in a bad way. That could be another market for you. Link to comment Share on other sites More sharing options...
antler Posted July 20, 2020 Share Posted July 20, 2020 19 minutes ago, TheSteven said: Never heard of 'virus total' before today. If they mass test software against the majority of a/v programs and the service is free it might be something to check out. Cudos to them is they can stay on top of it, it's a formidable task as the better A/V programs update regularly & often. I haven't really looked into them, but if I understand correctly (and I might not), they are a service that runs samples through the free scanners of various AV providers. 21 minutes ago, TheSteven said: The popularity setting... Yeah fairly worthless for most plugins and small vendor software. I deal with this with my MenuMagic software - since I don't have 10 million people installing it most A/V programs that use popularity rankings warn people about my software <sigh>. Unfortunately popularity doesn't mean that the copy of the software you're downloading is clean, only that a lot of people have used use it or used previous versions of it. You're right about that, but it does provide some protection against zero-day attacks. Also, the more common a binary is, the more likely and often it will have been scanned by any particular AV vendor, i.e. the more reasonable it would be that any malicious payload is detected. 29 minutes ago, TheSteven said: Yes signing is expensive which is why small shops and many not so small shop don't use it / can't use it. I agree with you, though I'm thinking of two examples (I don't really want to name names) where it seems like the 'smaller' company signs their binaries, and the 'larger' one (that has a far wider range of products) doesn't. In any case, they could provide SHA1 checksums. Link to comment Share on other sites More sharing options...
mibby Posted July 20, 2020 Share Posted July 20, 2020 1 hour ago, TheSteven said: my MenuMagic software FYI Steven, I tried signing up for your newsletter on your site and it just sits there and spins. I'm on the latest FireFox, ad blocking, blah blah blah... Link to comment Share on other sites More sharing options...
TheSteven Posted July 20, 2020 Share Posted July 20, 2020 43 minutes ago, mibby said: FYI Steven, I tried signing up for your newsletter on your site and it just sits there and spins. I'm on the latest FireFox, ad blocking, blah blah blah... Hi Mibby, I'll check it out this evening. I just got back in town Saturday and I'm still playing catch up. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now