F-Secure blocks Low Orbit Ion Cannon (LOIC) for no reason. Why?

Scholar

F-Secure blocks Low Orbit Ion Cannon (LOIC) for no reason. Why?

In fact, it even blocks me downloading LOIC directly from Sourceforge.net where it is VERIFIED VIRUS-FREE. Here: XXXXXXXXXXXXXXXXX

What is the reason for this? LOIC is a perfectly valid network pentesting tool. For some bizarre reason F-Secure even blocks the download when I turn off all its security features and the browser plugin. Can someone at F-Secure please explain the reasoning behind this?

This means I will have to completely uninstall F-Secure to use LOIC. Which is ridiculous. None of my old AV had any problems with LOIC. Again LOIC is a perfectly valid network testing tool, and there is no reason whatsoever that it should be blocked by any AV. Please, good people of F-Secure, allow people to use LOIC without having to completely uninstall FS.

This is a major dealbreaker. If I have to switch to a better AV for this I will, but I'd rather use FS since its subscription is bundled for free with my ISP. If you want, you can examine the source code for LOIC directly at sourceforge.net if you want to verify first-hand that it's completely clean. Because it is.

 

EDIT: REMOVED POTENTIALLY DANGEROUS LINK

2 REPLIES 2
F-Secure Product Expert
F-Secure Product Expert

Re: F-Secure blocks Low Orbit Ion Cannon (LOIC) for no reason. Why?

This program seems to be allowing its user to perform malicious tasks such as Denial-Of-Service attacks.

It is currently detected as Gen:Variant.Application.Hacktool.1

 

If you consider a rating inappropriate you can always report it to our lab.

 

PS:@Desidurrious I moved you post to a more appropriate board.



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: F-Secure blocks Low Orbit Ion Cannon (LOIC) for no reason. Why?

Thanks for you fast reply!

However, the same could be said of Internet Explorer and Firefox or Chrome, since any browser can be used for DOS (if you keep F5 pressed). This is an absurd criterium. LOIC is the go-to tool for network testing for DOS. There is nothing wrong with that. This is not an infected file.

 

I wish I could submit it to your lab, but F-Secure doesn't even allow me to download the file in the first place (otherwise I might be able to add it to F-Secure's scanning exceptions, but I can't). It flat-out blocks the download from sourceforge.net. And again, if anyone at F-Secure has any indication that LOIC is somehow infected, they can go through the source code line by line since it's open-source.

 

Many programs can be used for good as well as ill. That does not mean AV should block those programs. I don't want AV to prevent me from doing my job, I want AV to protect me from malware. LOIC is not malware.

 

I have submitted the sourceforge.net download link for LOIC to your sample lab. Perhaps you could submit the file itself for analysis. Then we can get this all cleared up.