2006-10-31: The default prefix used to be "sqlite_". But then Mcafee started using SQLite in their anti-virus product and it started putting files with the "sqlite" name in the c:/temp folder.
This annoyed many windows users. Those users would then do a Google search for "sqlite", find the telephone numbers of the developers and call to wake them up at night and complain.
For this reason, the default name prefix is changed to be "sqlite" spelled backwards. So the temp files are still identified, but anybody smart enough to figure out the code is also likely smart enough to know that calling the developer will not help get rid of the file.
Looks like most links are about antivirus software or Firefox. So it does seem to be working; people are getting pointed to the buggy application code actually causing their problem and not the SQLite project itself
Thanks for this, I was wondering why people would care so much about these files that they go and complain. Reading through these forum questions, looks like most people are trying to free up disk space by clearing temp files, but the SQLite ones can't be deleted - because they are in use and locked - which causes confusion.
Similar to how Daniel Stenberg (`curl` author) gets complain e-mails unrelated to `curl`, because his address end up being in the license or credits screen of plenty of software.
> Apparently, people often have problems finding an appropriate address to contact when they have issues with this app.
> This leads a disproportionate amount of them to send emails to me asking for solutions and fixes to their situations.
SQLite's temp file prefix was originally "sqlite_" until McAfee's antivirus started creating temp files in Windows' `c:/temp` folder, frustrating users who then tracked down and called SQLite developers to complain. In response, the prefix was changed to "etilqs_" (SQLite reversed).
I don't think they have a free number. Just people searching the personal phone numbers of developers from somewhere they might have mistakenly posted it.
> But then Mcafee started using SQLite in their anti-virus product and it started putting files with the "sqlite" name in the c:/temp folder. This annoyed many windows users.
Why did it annoy them? I don’t picture most people noticing such things, and in my mental model, almost everyone that would notice such things would know better than to fly off the handle about it. But clearly I’m miscalculating in some way, so I’m curious if anyone can help me to understand.
> I don’t picture most people noticing such things
It doesn’t need to be most people. All it takes is a small number of people annoying you disproportionately (calling in the middle of the night) to precipitate a change.
> and in my mental model, almost everyone that would notice such things would know better than to fly off the handle about it.
Try doing tech support in any serious capacity for any moderately popular piece of consumer software. There are always “power users” who understand enough to poke around but not enough to follow their investigation to the end. As soon as they find the first place in the chain with a contact (email, phone, forum), they’ll contact it and lambast the person on the other end for all their problems. Just ask the curl developer.
This is the interface description. It's not the .c file that implements the abstraction. There is lots of code behind this, redundantly implementing the calls using either Win32 or POSIX.
Yeah, but that is the abstraction. The associated .c files are not the abstraction, because they could be implemented any number of different ways, and it would still be the same abstraction.
It's incredible that even the header file is around 200 LOC. For state-of-the-art, very performant database, I would have thought that all manner of Os-specific IO api's would have to be used.
The dividends of damn near everyone who still matters copying Unix and developing similar ideas about subdirectories and filenames and so on.
There's still differences between Windows and Everything Else, but it's easier to ignore them now that, for example, all of the old flat file systems with no directories (like on the original MacOS, CP/M, MS-DOS 1) are all comprehensively obsolete and ignored.
> all of the old flat file systems with no directories (like on the original MacOS, CP/M, MS-DOS 1) are all comprehensively obsolete and ignored.
not quite true. The classic flat OS/360 filesystem is still heavily used on IBM mainframes. Of course, probably your app will never run on a mainframe, and if it does, it will probably run either under z/Linux or the z/OS UNIX filesystem (zFS). But there is still a lot of actively supported in-production software which does, since born-on-the-mainframe apps mostly use the classic filesystem and the POSIX file API is mainly used by apps ported from elsewhere
Antivirus products are worse than viruses. Change my mind.
(AV hogs CPU, RAM, disk, and network resources. AV comes with their own exploitable vulnerabilities, often running in kernel mode. AV has their own zero-days and zero-click exploits.)
Counterpoint: I have a very non-technical friend that visited recently, and I was horrified to see that her macbook was full of malware. She casually talked about how someone stole money through her credit card. An AV scan actually found something on the laptop.
The AV industry is, unfortunately, terrible. Also unfortunately, some people really need them. I have no idea how one even gets a virus these days, but it does happen. People really do get infected all the time, and basic security advice that people get is not up to the task.
I’m guessing her OS was very out of date? Because I’m having a hard time imagining how this happens in 2024 with XProtect, Gatekeeper, and Notarization all turned on by default. Non-technical people are unlikely to turn these off.
About the only protection most third party AV provides is that it so badly cripples computer performance that PCs become incapable of running sophisticated malware
I think it's a relatively consensus viewpoint in the security industry that AV products are worse than no AV product. I don't think that makes them worse than viruses, though.
The AV our company uses regularly pops up obnoxious warnings about things that are benign. This trains people to click through warnings without reading them (on any product).
Is the consensus that third-party AV is worse than no AV, or that any AV (including Windows Defender) is worse than no AV?
In the corperate security "industry", anti-virus use is always recommended and required. The more invasive, buggy and annoying for users the better the AV probably is /s
My comment will not aim to change your mind, but I felt the need to make my case:
I used to work for an AV vendor. I'm quite familiar with its internals. I used to look at some C++ and disassembled malware samples. I'm technically skilled for that kind of reverse engineering.
The engine is so lightweight and optimized that other vendors license it.
It's so lightweight that those underspec'd bank ATM machines you use on the streets with the unfortunate Windows XP or earlier will use that AV with nearly zero performance impact.
> AV hogs CPU, RAM, disk, and network resources.
I hear you, but this is not the case with the AV vendor I used to work for. Years after leaving the company, I still pay for my license (at a legacy discount of course).
Actually, one of the reasons I pay for my license is precisely computer performance. Windows Defender has some BS file indexer[0] that clogs the SSD with 100% continued usage. I just dread it. This bug still remains since the days of Windows 7.
Once you get a proper AV product in your computer, Windows Defender steps down. Bug fixed by myself. Done deal.
The other reason is peace of mind: Windows Defender is not a real security product. I know the protection capabilities of the AV product I licensed. I'm not a complete idiot using my computer, and yet, even I prefer to have it installed and paid for.
It triggers me people saying Windows Defender is enough. It's quite irresponsible. People haven't seen half the crap I've seen. Windows Defender is a little weak kitten compared to the beasts' proper AV products are.
I'm not saying buy the one I use. All I ask is that people buy a lightweight one that has been properly tested by an unbiased third party like AVTest or Virus Bulletin (look for their VB100 100% Detection award).
> AV comes with their own exploitable vulnerabilities, often running in kernel mode. AV has their own zero-days and zero-click exploits.)
As Windows Defender does. Remember, if you don't have any AV product, you have Windows Defender.
I feel that you made a moot point, as every software under the sun comes with vulnerabilities (whether zero-day or known).
The issue for me is privacy, practically all AV are root level spyware, you don't know what are they sending or how, EULA are nightmarish.
They can send logs, files to outside server because so, the code is not available or even opt out of diagnostics.
They monitor browser data and send it to outside servers.
For paid one lets look for EULA (that one mentioned above with VB100 100% Detection )
eset
https://help.eset.com/eav/18/en-US/eula.html
>b) Forwarding of infiltrations and information to the Provider. The Software contains functions which collect samples of computer viruses and other malicious computer programs and suspicious, problematic, potentially unwanted or potentially unsafe objects such as files, URLs, IP packets and ethernet frames ("Infiltrations") and then send them to the Provider, including but not limited to information about the installation process, the Computer and/or the platform on which the Software is installed and, information about the operations and functionality of the Software ("Information"). The Information and Infiltrations may contain data (including randomly or accidentally obtained personal data) about the End User or other users of the Computer on which the Software is installed, and files affected by Infiltrations with associated metadata
...
>For the purpose of this Agreement, it is necessary to collect, process and store data enabling the Provider to identify You in compliance with Privacy Policy
Ive discovered outdated viruses on old backup media that were quickly picked up by AV; new threats aside, old well known threats can still be dangerous if you're not expecting them
> Apple-maintained antivirus system called XProtect which works great
Earlier this year it began detecting Apple-distributed iOS simulator bundles as malware and deleted those [0]. This was a major headache for several days as different headless CI systems developed the problem; we could not figure out how to get a 'good' version of XProtect installed in-place and ended up removing and rebuilding machines.
I don't see any way you can possibly justify that claim. So you're saying the deliberately hostile software, which will cause damage if you install it, is somehow better than the software which can accidentally damage your computer? Even if AV is dangerous 99.999999% of the time (which I think is a bold claim), it would still be better than something which is malicious 100% of the time.
Also I note that half of your argument basically boils down to "it has vulnerabilities". But as bad as that is, it's still not as bad as being exploited. This argument is like saying "being immunocompromised is worse than actually having a deadly illness". It makes no sense.
> Even if AV is dangerous 99.999999% of the time (which I think is a bold claim), it would still be better than something which is malicious 100% of the time.
You are missing the fact that you are supposed to run the AV software 100% of the time, while you are unlikely to ever download a malicious software, let alone execute it with all kinds of countermeasures, such as code signing, in place these days.
> Also I note that half of your argument basically boils down to "it has vulnerabilities". But as bad as that is, it's still not as bad as being exploited.
The point is that it increases your risk of being exploited. With an AV installed there's a lot more code running with extremely high privileges that malware can possibly exploit. While this may be a risk you are willing to take, AV softwares do undoubtedly increase your attack surface and have a history of being exploited.
The relevant comment here: https://github.com/sqlite/sqlite/blob/e8346d0a889c89ec8a78e6...
2006-10-31: The default prefix used to be "sqlite_". But then Mcafee started using SQLite in their anti-virus product and it started putting files with the "sqlite" name in the c:/temp folder. This annoyed many windows users. Those users would then do a Google search for "sqlite", find the telephone numbers of the developers and call to wake them up at night and complain. For this reason, the default name prefix is changed to be "sqlite" spelled backwards. So the temp files are still identified, but anybody smart enough to figure out the code is also likely smart enough to know that calling the developer will not help get rid of the file.
I wonder how well it's working--
https://www.google.com/search?q=how+to+fix+etilqs
Looks like most links are about antivirus software or Firefox. So it does seem to be working; people are getting pointed to the buggy application code actually causing their problem and not the SQLite project itself
Thanks for this, I was wondering why people would care so much about these files that they go and complain. Reading through these forum questions, looks like most people are trying to free up disk space by clearing temp files, but the SQLite ones can't be deleted - because they are in use and locked - which causes confusion.
6 replies →
Similar to how Daniel Stenberg (`curl` author) gets complain e-mails unrelated to `curl`, because his address end up being in the license or credits screen of plenty of software.
> Apparently, people often have problems finding an appropriate address to contact when they have issues with this app.
> This leads a disproportionate amount of them to send emails to me asking for solutions and fixes to their situations.
— https://daniel.haxx.se/blog/2024/12/03/no-need-to-email-me-a...
Reminds me of the open source licenses on the BMW infotainment system: https://www.youtube.com/watch?v=Kal-MjsNcFQ
I notice libcurl is included.
SQLite's temp file prefix was originally "sqlite_" until McAfee's antivirus started creating temp files in Windows' `c:/temp` folder, frustrating users who then tracked down and called SQLite developers to complain. In response, the prefix was changed to "etilqs_" (SQLite reversed).
Here is the fix in action - multiple people look into the “etilqs” files, but without automatically starting from sqlite:
- https://superuser.com/questions/373683/what-is-the-purpose-o...
- https://old.reddit.com/r/techsupport/comments/8yv2tn/what_ar...
- https://community.wd.com/t/etilqs-files-in-temp-folder-consu...
To be fair, to non-technical users I assume both “sqlite” and “etilqs” would look suspicious :)
There was a fun thread last year about this topic: https://news.ycombinator.com/item?id=36302805 396 points on June 12, 2023 | 141 comments
Fun alternative is to get a paid number. You can complain for but it will cost $100 per minute.
Unfortunately those don't exist in the US anymore.
I don't think they have a free number. Just people searching the personal phone numbers of developers from somewhere they might have mistakenly posted it.
> But then Mcafee started using SQLite in their anti-virus product and it started putting files with the "sqlite" name in the c:/temp folder. This annoyed many windows users.
Why did it annoy them? I don’t picture most people noticing such things, and in my mental model, almost everyone that would notice such things would know better than to fly off the handle about it. But clearly I’m miscalculating in some way, so I’m curious if anyone can help me to understand.
> I don’t picture most people noticing such things
It doesn’t need to be most people. All it takes is a small number of people annoying you disproportionately (calling in the middle of the night) to precipitate a change.
> and in my mental model, almost everyone that would notice such things would know better than to fly off the handle about it.
Try doing tech support in any serious capacity for any moderately popular piece of consumer software. There are always “power users” who understand enough to poke around but not enough to follow their investigation to the end. As soon as they find the first place in the chain with a contact (email, phone, forum), they’ll contact it and lambast the person on the other end for all their problems. Just ask the curl developer.
But still… what’s the problem with files in the temp directory? You expect there to be files in the temp directory.
1 reply →
[2006]
Indeed, and here's the specific commit where the change happened: https://github.com/sqlite/sqlite/commit/fd288f3549a1ab9a309a...
Its kind of cool that you can abstract the operating system with only a 200-line long header file.
This is the interface description. It's not the .c file that implements the abstraction. There is lots of code behind this, redundantly implementing the calls using either Win32 or POSIX.
But you do not need to know about them if abstraction works, I assume it is sufficient for SQLite use case.
3 replies →
// This is the interface description //
Yeah, but that is the abstraction. The associated .c files are not the abstraction, because they could be implemented any number of different ways, and it would still be the same abstraction.
It's incredible that even the header file is around 200 LOC. For state-of-the-art, very performant database, I would have thought that all manner of Os-specific IO api's would have to be used.
1 reply →
The dividends of damn near everyone who still matters copying Unix and developing similar ideas about subdirectories and filenames and so on.
There's still differences between Windows and Everything Else, but it's easier to ignore them now that, for example, all of the old flat file systems with no directories (like on the original MacOS, CP/M, MS-DOS 1) are all comprehensively obsolete and ignored.
> all of the old flat file systems with no directories (like on the original MacOS, CP/M, MS-DOS 1) are all comprehensively obsolete and ignored.
not quite true. The classic flat OS/360 filesystem is still heavily used on IBM mainframes. Of course, probably your app will never run on a mainframe, and if it does, it will probably run either under z/Linux or the z/OS UNIX filesystem (zFS). But there is still a lot of actively supported in-production software which does, since born-on-the-mainframe apps mostly use the classic filesystem and the POSIX file API is mainly used by apps ported from elsewhere
It is missing threading and networking. Also permissions.
I can abstract the entire sun with a pair of sunglasses
Antivirus products are worse than viruses. Change my mind.
(AV hogs CPU, RAM, disk, and network resources. AV comes with their own exploitable vulnerabilities, often running in kernel mode. AV has their own zero-days and zero-click exploits.)
Counterpoint: I have a very non-technical friend that visited recently, and I was horrified to see that her macbook was full of malware. She casually talked about how someone stole money through her credit card. An AV scan actually found something on the laptop.
The AV industry is, unfortunately, terrible. Also unfortunately, some people really need them. I have no idea how one even gets a virus these days, but it does happen. People really do get infected all the time, and basic security advice that people get is not up to the task.
> her macbook was full of malware
I’m guessing her OS was very out of date? Because I’m having a hard time imagining how this happens in 2024 with XProtect, Gatekeeper, and Notarization all turned on by default. Non-technical people are unlikely to turn these off.
3 replies →
Phones are a bigger problem. Nothing stops people from installing applications with insane permissions.
The basic security advice is install adblockers everywhere. You see someone using a browser without it? Talk to them.
9 replies →
About the only protection most third party AV provides is that it so badly cripples computer performance that PCs become incapable of running sophisticated malware
@nayuki Did this comment change your mind?
I think it's a relatively consensus viewpoint in the security industry that AV products are worse than no AV product. I don't think that makes them worse than viruses, though.
The AV our company uses regularly pops up obnoxious warnings about things that are benign. This trains people to click through warnings without reading them (on any product).
Is the consensus that third-party AV is worse than no AV, or that any AV (including Windows Defender) is worse than no AV?
In the corperate security "industry", anti-virus use is always recommended and required. The more invasive, buggy and annoying for users the better the AV probably is /s
14 replies →
My comment will not aim to change your mind, but I felt the need to make my case:
I used to work for an AV vendor. I'm quite familiar with its internals. I used to look at some C++ and disassembled malware samples. I'm technically skilled for that kind of reverse engineering.
The engine is so lightweight and optimized that other vendors license it.
It's so lightweight that those underspec'd bank ATM machines you use on the streets with the unfortunate Windows XP or earlier will use that AV with nearly zero performance impact.
> AV hogs CPU, RAM, disk, and network resources.
I hear you, but this is not the case with the AV vendor I used to work for. Years after leaving the company, I still pay for my license (at a legacy discount of course).
Actually, one of the reasons I pay for my license is precisely computer performance. Windows Defender has some BS file indexer[0] that clogs the SSD with 100% continued usage. I just dread it. This bug still remains since the days of Windows 7.
Once you get a proper AV product in your computer, Windows Defender steps down. Bug fixed by myself. Done deal.
The other reason is peace of mind: Windows Defender is not a real security product. I know the protection capabilities of the AV product I licensed. I'm not a complete idiot using my computer, and yet, even I prefer to have it installed and paid for.
It triggers me people saying Windows Defender is enough. It's quite irresponsible. People haven't seen half the crap I've seen. Windows Defender is a little weak kitten compared to the beasts' proper AV products are.
I'm not saying buy the one I use. All I ask is that people buy a lightweight one that has been properly tested by an unbiased third party like AVTest or Virus Bulletin (look for their VB100 100% Detection award).
> AV comes with their own exploitable vulnerabilities, often running in kernel mode. AV has their own zero-days and zero-click exploits.)
As Windows Defender does. Remember, if you don't have any AV product, you have Windows Defender.
I feel that you made a moot point, as every software under the sun comes with vulnerabilities (whether zero-day or known).
--
[0]: https://nerdschalk.com/how-to-fix-100-disk-usage-issue-on-wi... (read the 15th reason).
For all you say about Defender, AV Test rates it highly, and 100% on protection.
How is anyone supposed to pick a product when the recommended sites say its fine, and you're saying its an irresponsible choice
The issue for me is privacy, practically all AV are root level spyware, you don't know what are they sending or how, EULA are nightmarish. They can send logs, files to outside server because so, the code is not available or even opt out of diagnostics. They monitor browser data and send it to outside servers.
I mean I can't say all of them do it, but most of them and those I have checked out. Examples: https://www.tomsguide.com/news/avast-avg-data-collection
For paid one lets look for EULA (that one mentioned above with VB100 100% Detection ) eset
https://help.eset.com/eav/18/en-US/eula.html >b) Forwarding of infiltrations and information to the Provider. The Software contains functions which collect samples of computer viruses and other malicious computer programs and suspicious, problematic, potentially unwanted or potentially unsafe objects such as files, URLs, IP packets and ethernet frames ("Infiltrations") and then send them to the Provider, including but not limited to information about the installation process, the Computer and/or the platform on which the Software is installed and, information about the operations and functionality of the Software ("Information"). The Information and Infiltrations may contain data (including randomly or accidentally obtained personal data) about the End User or other users of the Computer on which the Software is installed, and files affected by Infiltrations with associated metadata ... >For the purpose of this Agreement, it is necessary to collect, process and store data enabling the Provider to identify You in compliance with Privacy Policy
How is it lightweight to scan entire disk every week?
I joked to a friend yesterday that, having removed Defender, my computer is now malware free.
Ive discovered outdated viruses on old backup media that were quickly picked up by AV; new threats aside, old well known threats can still be dangerous if you're not expecting them
macOS has a built in, invisible, Apple-maintained antivirus system called XProtect which works great and most people don’t even know exists.
Bad antivirus software is indeed terrible, but the good stuff is performant and invisible.
> Apple-maintained antivirus system called XProtect which works great
Earlier this year it began detecting Apple-distributed iOS simulator bundles as malware and deleted those [0]. This was a major headache for several days as different headless CI systems developed the problem; we could not figure out how to get a 'good' version of XProtect installed in-place and ended up removing and rebuilding machines.
[0]: https://eclecticlight.co/2024/05/03/did-xprotect-remediator-...
> and most people don’t even know exists.
This part is for sure correct.
I don't see any way you can possibly justify that claim. So you're saying the deliberately hostile software, which will cause damage if you install it, is somehow better than the software which can accidentally damage your computer? Even if AV is dangerous 99.999999% of the time (which I think is a bold claim), it would still be better than something which is malicious 100% of the time.
Also I note that half of your argument basically boils down to "it has vulnerabilities". But as bad as that is, it's still not as bad as being exploited. This argument is like saying "being immunocompromised is worse than actually having a deadly illness". It makes no sense.
> Even if AV is dangerous 99.999999% of the time (which I think is a bold claim), it would still be better than something which is malicious 100% of the time.
You are missing the fact that you are supposed to run the AV software 100% of the time, while you are unlikely to ever download a malicious software, let alone execute it with all kinds of countermeasures, such as code signing, in place these days.
> Also I note that half of your argument basically boils down to "it has vulnerabilities". But as bad as that is, it's still not as bad as being exploited.
The point is that it increases your risk of being exploited. With an AV installed there's a lot more code running with extremely high privileges that malware can possibly exploit. While this may be a risk you are willing to take, AV softwares do undoubtedly increase your attack surface and have a history of being exploited.
https://www.theverge.com/2024/2/22/24080135/avast-security-p...
They reduce overal risk to the business while having bearable impact (ransomware also hogs CPU, RAM, disk and net).
Obligatory post. One of my favorite videos. RIP John Mcafee https://www.youtube.com/watch?v=yIaNZXgDtRU
Nice to see Portland's Club Exotica getting screen credits for a technical software presentation.