I guess it's like American Soccer. No one outside (or inside, for that matter) the US cares about it because they have their own comparable (or in the case of Soccer, better) leagues. I guess that's why people outside the US care about the NFL at least a little? Simply because there's very little like it?

Get rid of Avast .

My guess would be that a System Administrator that cannot distinguish between a false positive and a real threat would cost his/her company quite a lot of downtime scrubbing the systems for threats that are not there.

How would I react? Well, let's see. If a server I administer would be flagged as behaving suspiciously (doing portscans, attempting suspicious connections, launching attacks, containing malicious scripts), I would first ask the party who flagged it to provide evidence (AFAIK GOG has not done that). They should be able to provide logs containing evidence about attacks from my server, with timestamps and other details.

Then, if there is a reason to suspect the machine in question controled by someone else who can obfuscate his activities via a rootkit, intercepting system calls, etc., the machine would have to be switched off immediately, the disks removed and examined on a different machine so that the rootkit would have no chance to and affect the investigation. If the server is confirmed as compromised, forensic analysis must be done, the method of attack discovered and vulnerability identified (obsolete version of software with an exploit, misconfigured firewall, poorly chosen password, compromised private key, irregularity in network topology such as laptop bypassing firewalls, etc).

Then, the system in question would have to be reinstalled from safe installation files and data recovered from backup. Also, a report detailing the whole incident would have to be generated for future reference. Then the party who discovered the incident would be identified that the problem is resolved.

So if a user came to me complaining about "our site is blocked...", I could refer him to the report about the incident containing all the relevant evidence and steps taken to resolve the matter (if it was an insider), or to a press release that would contain excerpt of the above mentioned in a form suitable for general public.

In any case, saying "Uh... just ignore it, our servers are fine, I promise...", would never have been enough, and such negligence would probably cost me my job eventually.

If you are a single user, fine, at worst, your computer is a part of a botnet attack against Pentagon and the worst you risk is being dragged somewhere for interrogation and having your computer seized.

But if you run an online service, you have much more responsibility, because your sloppiness can affect a lot of users, and you should behave accordingly (obviously, many subjects including banks or content providers do not).
Oh, but he can... once he is provided sufficient evidence. He cannot, however, on blind belief alone.

Maybe, I wouldn't know since I'm not a sports person at all aside form some jogging once in a while.

I think just about every other comment in this thread has expressed why that might be a concern...

And that is what separates an excellent sysadmin from a mediocre one. The ability to reach correct conclusions with less data.
The virustotal report for Rayman Forever setup should be enough data to say if it's a false positive or not. Doing a complete system scrub because you run said file, while safe and commendable, is a very bad decision for someone who claims to know what he's doing. It's similar to changing cars because the oil warning light lit up.

Ubisoft have found a new way to fuck over their paying customers now that GOG have stopped them from using DRM.

This thread is funny.

OP has already been given a direct quote from a GOG employee saying these are false positives, and wanting more from GOG. OP has posted a thread here as well as the Raymond forums were is has been down voted into oblivion because he doesn't like what he is being told.

What I find most interesting here is McAfee didn't flag according the link posted by OP when it was flagging them a month ago for me, so they must have updated there virus definitions because someone probably submitted them. I excluded said files and have had zero issues with any virus, because I was 99% sure it was a false positive. GOG has stated it's a false positive, that is all they need to provide... it's the job of the antivirus companies to test these files themselves and update there virus definitions when it's a false positive.

This ^^^^^ +1.

I didn't know Avast was from Czech Republic, and now I am concern about water contents there.

Maybe you should read your posts again. People explained to you that it's a false positive, even posted a link with one person from the gog team saying there's no viruses. Instead of thanking the users, you keep denying the truth, it's shocking how blind you are, sorry.
And pretending to be a victim won't help you one bit.

100% this ^^^^^^^^

Since this has been coming up a bit lately a more in depth explanation of why there are a lot of false positives may be useful, for some at least.

Many antivirus programs use something called 'heuristics' (predictive/ experience based logic) to flag potentially infected files based on common characteristics with previous viruses/ malware. This technique has advantages in preventing infection by new or variant viruses before there are proper definitions out- but it is notoriously, notoriously bad at false positives. AVG flagged all my gamersgate download launchers as being viruses once, in some cases they'd been on my computer for 6+ years. Why? Because they have certain characteristics in common with viruses and malware such as dialers, they call up an external site and want a password etc. Are they viruses? Of course not they're perfectly fine; they're just predicted, incorrectly, as being viruses by an imperfect algorythm being overly aggressive. It's also pretty random what gets hit, tighten or loosen certain parameters and more/ fewer files are incorrectly detected, but commensurately more/ fewer genuine new viruses are detected. It's a balance between providing protection and annoying the crap out of the user by deciding half their harddrive is afflicted by random non existent viruses.

(I just wish one of those programs would flag steam as being a virus once in a while, much hilarity would ensue and they'd probablu tighten up their programming a bit as a result)

4 out of 56 antivirus softwares say those files are infected.

GOG and all those others say it isn't.

If you only trust facts, why did you choose to trust the former? What facts did it give to you that the later didn't?

One thing is curiosity or a healthy concern, so contacting the support staff of both GOG and AV makers is absolutely fine. But your insistance that GOG is in the wrong and your AV is correct, and everyone else but you is naive tech-wise... it reads like a conspiracy theory.

I knew it all along, GOG is loomynarty!!!