Announcement

**Umfriend** · 23 June 2014, 11:34

Ouch, that one is a bit touchy. I would say that Faststone is right because (and I speculate a bit), security software is raising a false positive, i.e., intervening while no threat is posed by FS Capture. The authors of the security software, it seems to me, should update _their_ software. There are all kinds of caveats here of course but basically, were I a manufacturer, I would consider it a bug only if it did not perform under situations for which I wrote it. E.g., if I had said it would run on minimum a P4, 4 GB Ram, running Windows XP or higher, and it did, then having some issue with ZoneAlarm ForecField would not constitute a bug in *my* software.

**Jammrock** · 23 June 2014, 18:50

This is one of those point of view situations. The devs probably changed something that made their application act similar to some torjan or virus or something. Probably something that gathers screenshots to retrieve personal information when certain applications are running.

To the devs, what they are doing probably seems totally legit. The purpose of their software is, after all, to take screenshots. The security vendor heuristics say otherwise. So who is wrong?

You can try adding the application executable to your AV exception list. The exception list is used for little one off issues like this. Most security applications has an exception list ... somewhere.

VJ · 24 June 2014, 01:13

It may also be that before they did it in a wrong way that worked, and it the new version this did it as it should be done, causing asecurity issue (in that sense, the fact that the previous version works would be the bug in the security program).

The security application is preventing the normal execution of the program, for whatever reason. I also would not blame the developers of Faststone for this.

Compare it to when you start an exe file for the first time: windows might warn you that it can damage the computer, but still gives you a yes/no box to launch it. If you press no, it will not launch, but that is not the program's fault. Here it is the same, but without the yes/no box.

I would also add it to the exception list.

JÃ¶rg

**dZeus** · 24 June 2014, 04:56

Originally posted by Brian Ellis View Post

I have been using a small application, FastStone Capture, for many years and it has always given great satisfaction over a number of versions.

The makers have recently updated it and, to my chagrin, it exhibited what I considered a bug. Its purpose is to select all or part of a screen, edit it and save it as a graphic or video file. When I tried to use the new version, the screen just went white and it was totally useless. I sent the makers and e-mail to try and resolve the situation, as follows:

I received a reply as follows:

From this reply, I gather that the new version is incompatible with a number of existing softwares, many of which are important security systems. Further exchanges with the makers suggests that the problems are due to the cited software (nonexhaustive list) and not to FS Capture. I maintain that this new version contains a serious bug, as defined by Wikipedia:

Would you consider that a software that has incompatibility problems with other softwares is buggy? This is denied vehemently by the makers, who state that it is up to the user to modify the other software to allow it to be used. I consider that modifying anything in security software may be very hazardous and I refuse point-blank to do so. This does not worry me as I have reinstalled the previous version which works just fine for everything which I wish to do, but that is not the question.

FastStone does not control what these 'security applications' do. You can hardly expect them to take responsibility for this (other than informing these companies that their product is interfering with the proper operation of a legit application).

I'm surprised you insist that this is a bug in their application...

Also keep in mind that generally speaking, lots of 'security applications' are more about giving the user a (false) sense of security than really securing your system much, or they do secure it but they interfere with its proper operation (as you've experienced).

**Brian Ellis** · 24 June 2014, 08:13

The main reason that I suggest this is a bug is because the incompatibility is with a number of different programs and not just one. I suggest that they may have done too little beta testing before release.

I also suggest that whitelisting a program in a security system weakens the security and may even allow a way in for the evil-minded.

**Umfriend** · 24 June 2014, 08:44

Not sure I'd beta-test my software against a plethora of security suits. Now I am ignorant on this but say that security programs are able to see other programs trying to grab the screen and this is seen as a security risk (is that how it works? I though they tested for series of bytes that are found in malicious software but who knows?) becuase that is what is done by malware going for indentity theft. Is there a secure way of doing this? I guess not. So, any program doing this poses a security risk. I don't see how a security program could make the distinction and I certainly would not want any program to be able to tell the security program: "He! I am OK, move on". Whitelisting seems to be the way to go: You as a user must be comfortable with a program to be able to perform certain actions.

Much alike a firewall I guess, no?

VJ · 25 June 2014, 01:38

An important question is perhaps: why did it stop working in the new version?

because it got blacklisted? If so: why did it get blacklisted?
because they implemented it differently? If so: why? Could be to comply with some new API to prevent problems in the future?

This might actually be worth sending a support question to the security software. For sure they can tell you if it got blacklisted or if it is safe to whitelist it.

Screenshots could be potentially dangerous, as there may e.g. be account information on it.

**Brian Ellis** · 25 June 2014, 03:32

what you are saying is that the 7 programs they admit to having this problem plus the others they haven't listed all have this bug while their own program is perfect! Sergeant, I was in step, it was the rest of the platoon that was out of step! Also, I point out that it was not the security program that indicated there was malware or suchlike, it was their own proggy that stopped working. Nothing has been blacklisted or quarantined in Webroot, which has indicated nothing wrong.

I did put a post on the Webroot forum and received one answer from a moderator:

...I also see why certain programs block it, I have seen malware using similar behaviour before. Its kinda like a crude keylogger hoping to catch users inputting plain text passwords into text files etc.

This evoked a thought: the new version of FSC is the first with direct graphics capture/text reading/editing, as opposed to graphic editing only.

**Umfriend** · 25 June 2014, 04:13

Then my question is, if what FSC does is exactly that you are to be protected against, how can FSC cause the security suits to trust it? And once you've found that out, I guess you can bypass the security suits and create havoc.

VJ · 25 June 2014, 04:18

So that basically answers it... The new version adds functionality that raises a red flag in the security software.

Like I wrote before:
Compare it to when you download and start an exe file for the first time: windows might warn you that it can damage the computer, but still gives you a yes/no box to launch it. If you press no, it will not launch, but that is not the program's fault.

In this case, it is not Windows that is blocking it, but the security program. Once the program gets blocked, it cannot do anything, so it cannot put a message that it is blocked. To me, it feels that the responsibility would be with the security software to ask if it is ok to continue execution of this program, and not just kill it without warning.

**Brian Ellis** · 25 June 2014, 05:27

Je ne comprends rien! You say the security program is blocking it, but

1. there are no indications in the Webroot logs, quarantines etc. that it has done anything
2, Where would more than 7 different security programs find the same white screen to mask the original graphics?

**Umfriend** · 25 June 2014, 05:50

Have you tried to take the machine offline, turn off the security program(s) and see if FSC performs?

**Brian Ellis** · 25 June 2014, 08:00

Originally posted by Umfriend View Post

Have you tried to take the machine offline, turn off the security program(s) and see if FSC performs?

No, a bit of a pain uninstalling/installing. I put the new version on another computer which has only MSSE for security and it seems OK. Neither MSSE nor FSC turns a hair. Can we draw a conclusion from this?

**cjolley** · 25 June 2014, 17:17

As a working programmer I would say this qualifies a case where "bug" is a useless word because it makes blame important when what is really important is getting the job done.
The company who wrote the software needs to work WITH the security software companies to find out WHY it is setting them off (assuming that is really what's happening). Then work out a solution with them.
Sitting around trying to figure out who to assign blame to doesn't help get the problem solved.

Announcement

when is a bug a bug?

when is a bug a bug?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment