It's most likely a false positive. The packers etc., the demoscene uses employ the same tricks as malware does and thus trigger heuristics in AV software.
Slightly more accurate to say that "heuristics" in most AV software is simply shit.
It's not even the real clever hacks and actual tricks that are used in tiny size compos that trigger the AV. Stuff like polymorphic self-modifying code (to name one actual trick) is generally only used for size compos smaller than 4096 bytes.
It is really just the executable packers that trigger these shitty AV "heuristics"[0]. Not just the demoscene-tools like kkrunchy, but also more "mainstream" ones like UPX. IIRC, certain versions of Opera were packed with UPX, also occasionally triggered the odd virus scanner.
It pissed me off here because they're smearing one of my favourite art forms. Most of the time they don't even qualify it as a "possible threat", but dig up an actual scary-looking malware name from the database and say it's GenericMalDestructoTerroristLoader.1 or whatever.
It's ridiculous. Imagine a world where most virus scanners trigger when they detect minified/uglified JavaScript. Certainly, web-based malware exploits use that for obfuscation.
For commercial AV vendors, false positives are in fact good for business. A virus scanner that never reports anything ever (because you have the good sense not to click on attachments or unexpected download/install/admin prompts) doesn't have a lot of perceived value. That's why at some point, all the virus scanners also wanted to scan your PC for "tracking cookies", which is not their job at all, but made it seem like they do something. Compare to something like MS Security Essentials, whose incentives are the opposite, and aligned with yours: they want Windows to appear as a solid and secure OS, so the scanner keeps quiet doing its darnedest to keep the user from getting hacked.
[0] Weirdly enough, when you apply a packer to a piece of malware that would otherwise be detected as is, it suddenly foils the virus scanner. Especially if you stack two different packers. Can't find the link where they researched this but IIRC, Kaspersky called out the research as "irresponsible".
It's not even the real clever hacks and actual tricks that are used in tiny size compos that trigger the AV. Stuff like polymorphic self-modifying code (to name one actual trick) is generally only used for size compos smaller than 4096 bytes.
It is really just the executable packers that trigger these shitty AV "heuristics"[0]. Not just the demoscene-tools like kkrunchy, but also more "mainstream" ones like UPX. IIRC, certain versions of Opera were packed with UPX, also occasionally triggered the odd virus scanner.
It pissed me off here because they're smearing one of my favourite art forms. Most of the time they don't even qualify it as a "possible threat", but dig up an actual scary-looking malware name from the database and say it's GenericMalDestructoTerroristLoader.1 or whatever.
It's ridiculous. Imagine a world where most virus scanners trigger when they detect minified/uglified JavaScript. Certainly, web-based malware exploits use that for obfuscation.
For commercial AV vendors, false positives are in fact good for business. A virus scanner that never reports anything ever (because you have the good sense not to click on attachments or unexpected download/install/admin prompts) doesn't have a lot of perceived value. That's why at some point, all the virus scanners also wanted to scan your PC for "tracking cookies", which is not their job at all, but made it seem like they do something. Compare to something like MS Security Essentials, whose incentives are the opposite, and aligned with yours: they want Windows to appear as a solid and secure OS, so the scanner keeps quiet doing its darnedest to keep the user from getting hacked.
[0] Weirdly enough, when you apply a packer to a piece of malware that would otherwise be detected as is, it suddenly foils the virus scanner. Especially if you stack two different packers. Can't find the link where they researched this but IIRC, Kaspersky called out the research as "irresponsible".