SLPlugin.exe is a small viewer component which allows us to run a web-browser and a video player outside of the viewer's main executable. In contrast with other viewers, Singularity's SLPlugin also handles chosing files for upload and download, to separate it out and provide an extra convenience of not suspending communication with the grid while you're looking for a file.
SLPlugin contains no function of its own, instead it uses inter-process communication to allow the viewer to load bundled modules, and to pump the video output back into the viewer. Because of its seeming ability to execute arbitrary code and inter-process communication use, it may look like possibly-malicious code to non-specific detection routines, but we firmly believe that its use of these techniques does not compromise your system, on the contrary, it increases safety of the viewer by keeping untrusted communication with the internet outside of the main executable, which handles your precious private data and communicates with a trusted service, such as Second Life.
If SLPlugin executable is removed by antivirus, you will suffer severe loss of functionality. You will also see an error message of the form "No Media Plugin was found to handle the 'text/html' mime type" upon startup.
Here linked is a typical example VirusTotal report on SLPlugin.exe. As can be clearly seen, all anti-virus solutions except for two consider us clean, those two being Symantec and PC Tools. Note that there have been occasional false positives from other anti-viruses on the list, but we have been able to work with them to adjust their detection routines such, that SLPlugin doesn't trip them. The two that still trip, don't find any specific known virus, but consider the executable suspicious, perhaps for the reasons outlined above. Also although detection name is different, note that PC Tools is a subsidiary of Symantec, so technically, it might not be a coincidence - except Symantec is fully able to professionally maintain their anti-virus solution, PC Tools appears not to be.
This problem is not unique to Singularity. I have heard from Imprudence and Firestorm teams experiencing similar problems.
I am only able to receive an automated reply like this:
But hey, there is a web chat widget on a web site, so let's try this!
There's a phone number, feel free to use it. I certainly won't make a phone call to the other side of the globe to hang in a waiting line and then possibly talk to a menu driven robot. Or, you, as a customer, can draw your own conclusion whether you really want to deal with these clowns. Truly, PC Tools - Nomen est Omen.
Now, i have been suggested and try to be accepted into Symantec's developer programme, where i can link to the whole installer and have them do the work. However, this promises even longer lead times on white-listing, but maybe, just maybe, this can lead to a proper solution eventually, like them actually adjusting detection routines someday not to trip on our SLPlugin.exe, but considering they are big and we aren't, this may never happen - you would think, alone reporting them the same named executable bi-weekly as we have been doing might cause some kind of attention, but so far it hasn't.
The way Firestorm project will be coping with this, is purchasing a code-signing certificate, and having the executables signed with it during build process, which disables heuristic detection in Symantec for those. This poses organizational problems - as opposed to Firestorm, we are not incorporated, because this is not a cheap and easy thing in my country, and I'm not very keen on having my real name shine on our product - i don't want to become a real-life harassment target which as you all know SL and its grieferdom, very well may happen. Besides, it's expensive - costs will be somewhere between 100 and 500 USD per year, again depending on what can be arranged there, i'm not sure which ones would allow me to purchase as an individual but have only project name, Singularity Viewer, on a certificate. Financially, the donation volume within our nearly one complete year of operation, has not been anywhere close to cover even the cheapest possible code-signing certificate, so i would have to either pay this from my own pocket (how much more do i have to donate to Singularity than just my time?), or discontinue Singularity as a free product and sell it for money, which is frankly not something i can impose on our user community nor the co-developers, keeping in consideration that we must stay open-source because of our heritage. Puh, so much trouble just to keep a single antivirus happy!
Microsoft Security Essentials - you paid for it when you bought Windows or your Windows-equipped computer, it offers real protection and at the same time, is not known to have false positives or any kind of user annoyance really.
You can turn off Heuristic or Zero-Day threat detection in your antivirus. It's invariably slow and, at least in my opinion, doesn't offer you any protection - it's there to feed suspicious code to the antivirus company to possibly, with some low probability, identify new virii faster.
You can see whether you can de-quarantine SLPlugin.exe in your antivirus and convince it that it doesn't really contain the specific kind of threat that your antivirus claims. If you can come up with a clear instruction, preferably with screenshots, on how to do this, send it to me and i'll post it here.
What you should in NO event do, is exclude SLPlugin.exe from real-time protection. A web-browser and a QuickTime video player run hosted inside it, accessing untrusted sites on the internet, as directed to by parcel media or links you might click in-world. All files written and read by web-browser should to be checked for threats in real time.
Knowledge Base >