Chrome flags wesnoth-1.12-win32.exe as malicious
Moderator: Forum Moderators
Forum rules
Before reporting issues in this section, you must read the following topic:
Before reporting issues in this section, you must read the following topic:
-
- Posts: 6
- Joined: November 24th, 2014, 3:49 pm
Chrome flags wesnoth-1.12-win32.exe as malicious
New user here. Alerted to the Wesnoth update from the post at Rock, Paper, Shotgun: http://www.rockpapershotgun.com/2014/11 ... ng-better/
When I try to download the Windows build from http://sourceforge.net/projects/wesnoth ... e/download, Google Chrome (Version 39.0.2171.62 beta-m (64-bit)) gives me the following message when the download is done:
"wesnoth-1.12-win32.exe is malicious, and Chrome has blocked it."
And sure enough, it deletes the file.
I realize that volunteer compilers, and not the makers of the game, provide Windows downloads. But is this a recurring issue (and therefore one to be ignored), or something new?
Thanks.
When I try to download the Windows build from http://sourceforge.net/projects/wesnoth ... e/download, Google Chrome (Version 39.0.2171.62 beta-m (64-bit)) gives me the following message when the download is done:
"wesnoth-1.12-win32.exe is malicious, and Chrome has blocked it."
And sure enough, it deletes the file.
I realize that volunteer compilers, and not the makers of the game, provide Windows downloads. But is this a recurring issue (and therefore one to be ignored), or something new?
Thanks.
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
It's most likely a false positive again. Did it say what virus/trojan it found?
"meh." - zookeeper
-
- Posts: 6
- Joined: November 24th, 2014, 3:49 pm
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
No it did not. What I quoted was the entirety of the message. Ordinarily I wouldn't be too concerned, but because the binaries are provided by outside volunteers, I don't know what control (if any) the authors of the game have over the files that are uploaded. So I thought I'd be cautious. (Too bad, because I did enjoy this game in one of its iPad incarnations.)loonycyborg wrote:It's most likely a false positive again. Did it say what virus/trojan it found?
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
It's made by me personally. Pretty much all who works on wesnoth are volunteers. I'm just one of them. There always exist a possibilty that a virus could contaminate my machine, but I think false positive is more likely. Chrome's message is useless without specifying exact virus it found so I can't really verify it.
"meh." - zookeeper
- Pentarctagon
- Project Manager
- Posts: 5576
- Joined: March 22nd, 2009, 10:50 pm
- Location: Earth (occasionally)
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
Spybot S&D found this. The scan is still ongoing, but it's looking to take hours at the rate it's going, so I figured I'd post what it's found so far.
Info from the Spybot forums and from Microsoft.
Info from the Spybot forums and from Microsoft.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
take one down, patch it around
-2,147,483,648 little bugs in the code
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
File and dir in screenshot aren't part of wesnoth, and weren't installed by the installer. I double checked by running installer and looking at the dir it made.
It could be seeing internals of NSIS.
It could be seeing internals of NSIS.
"meh." - zookeeper
- Pentarctagon
- Project Manager
- Posts: 5576
- Joined: March 22nd, 2009, 10:50 pm
- Location: Earth (occasionally)
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
Yes, I extracted it with 7zip before scanning.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
take one down, patch it around
-2,147,483,648 little bugs in the code
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
I had no idea that 7zip can extract NSIS installers. But that file seems to be part of NSIS.
"meh." - zookeeper
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
NSIS gets a lot of false positives. Probably it's just another one.
http://nsis.sourceforge.net/NSIS_False_Positives
http://nsis.sourceforge.net/NSIS_False_Positives
"meh." - zookeeper
-
- Posts: 57
- Joined: November 25th, 2014, 5:52 am
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
Also here from Rock Paper Shotgun.
So can I install this okay or do I have to do something with it first because I'm getting the same problem.
So can I install this okay or do I have to do something with it first because I'm getting the same problem.
-
- Posts: 6
- Joined: November 24th, 2014, 3:49 pm
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
I have no idea. I of course have no reason to doubt what loonycyborg is saying. But getting flagged by both Chrome and Spybot S&D isn't exactly a clean bill of health. I think it's likely it is a false positive. But the question is whether playing the game is worth the risk. Right now, and speaking only for myself, it isn't, because I've been burned in the past by unintentional passing along of viruses. loonycyborg, are you the only person who provides Windows binaries for this game at the game website, or are there others? No offense intended, of course!MerlinCross wrote:Also here from Rock Paper Shotgun.
So can I install this okay or do I have to do something with it first because I'm getting the same problem.
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
No. There's also MacOS releases. And all linux distros package wesnoth too. Neither of those uses NSIS. So maybe consider using a different OS
I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
"meh." - zookeeper
-
- Posts: 6
- Joined: November 24th, 2014, 3:49 pm
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
I totally understand where you're coming from. It's a frustrating situation. The problem is that the typical Windows user has no way to independently verify your claims, but also lacks your skills in compiling binaries. So we're sort of stuck looking for alternatives until this gets resolved. I personally hate installers and love .zip files, so I would have no problem with a .zip file. But I certainly understand your declining to do more than what you have done. You're not getting paid for your service!loonycyborg wrote:No. There's also MacOS releases. And all linux distros package wesnoth too. Neither of those uses NSIS. So maybe consider using a different OS
I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
- loonycyborg
- Windows Packager
- Posts: 295
- Joined: April 1st, 2008, 4:45 pm
- Location: Russia/Moscow
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
Whether I'm not paid or not is irrelevant in this situation, since even "classic" commercial software companies provide installers only nowadays some using this same NSIS. And such issue would result in exactly the same response from them.
"meh." - zookeeper
- Wintermute
- Inactive Developer
- Posts: 840
- Joined: March 23rd, 2006, 10:28 pm
- Location: On IRC as "happygrue" at: #wesnoth-mp
Re: Chrome flags wesnoth-1.12-win32.exe as malicious
I wonder if it's worth contacting some folks at chrome to see if they can do anything about it? Or perhaps after enough downloads they might notice and investigate anyway?
"I just started playing this game a few days ago, and I already see some balance issues."