Question: If you can answer this, I have IObit Malware Fighter Pro running on my system all the time; it scans in real time. I once had it scan the entire folder of a Renpy game. Nothing was found, but your tool shows that something is wrong. In this case, should I rely on your tool or on IObit Malware Fighter Pro as far as the accuracy of the scan is concerned?
Renpy scanner is not reliable yet at all, so you shouldn't really trust it for now, however it will show you the list of files that are different from real clean engine files. You're supposed to look on what it tells you and check for yourself is it dangerous or just a false positive. For example if it's only one .png that is different - it should be OK, but if there is a python script file that's been modified - you should check why is it different since this seems suspicious enough to not run the game right away
Any Antivirus | My Scanner |
Can't tell the difference between legit downloader and malicious downloader | Screams on any downloader |
Can't tell you what line of code is potentially dangerous because of the way it works
| Will show you exactly where potentially dangerous code was found |
Allows execution of outside code and running new processes | Triggered by execution of any code that is not embedded into the game or by starting any new process |
Designed to find any real malware patterns |
Designed specifically to find potentially dangerous or suspicious code in Unity/Renpy porn games
|
Can potentially stop unwanted behaviour in realtime | Can't stop what's already running |
Here's the table to better show the difference. My scanner is not an antivirus, it is designed for a very limited purpose, so it understands much better what is it scanning and what to look for while the real antivirus is designed to catch malware that is known, that is alreay running or that uses some obfuscation/patterns mainly used to steal data or for other evil purposes
So when it comes to static analysis of the game my program is good to know what can be potentially dangerous in the game files that seems not right and real antivirus could miss, while real antivirus is good for catching actual malware if it is there
Meaning they should work in tandem. If either of them tells you the game isn't safe you really should double check if it's false positive or something is actually wrong. My scanner may miss actual malware if it's code is embedded inside the game itself, but does not allow for any "outside code" to get in, so everything that will be executed is guaranteed to be inside the game folder and won't be downloaded later
So the only way left for malware to pass my scanner (at least on Unity) is to include the malware itself into the game (and malware must not use any of the patterns that trigger scan). But in this case any real antivirus should find that without any problem
.
