Virus Report? #276
Comments
|
Magpie is free software, you can compile it yourself if you are sensitive to security. I'm investigating why it is being misreported. |
well appreciate the effort. No detection on the previous release of 0.7.1 version, so I'll use that one for now. |
|
I don't know why, but the latest dev version is much less likely to be misreported. https://www.virustotal.com/gui/file/0ea878b4ffc93b4f2f84c6d726c4c45834c69841b94c872e0ba423e81f56cc6d
|
|
You can go in the behaviour tab of virustotal. https://www.virustotal.com/gui/file/b575485c0ee300d3a219f35c5dc5f7ec519f9a2ea9550e1958d733c1f1a09daf/behavior/Microsoft%20Sysinternals Two things are very suspicious (hence the detections) I'm no expert in computer security so maybe someone can better explain if these are false positives but I would be suspicious of that specific file.
|
|
Another project has basically the same problem: jart/cosmopolitan#342 TLDR: unsigned binaries automatically trigger some kind of reporting to microsoft, which appears in the behaviour tab. Furthermore, some constants/variable names within the source code can trigger false AV detections, removing them should clear any false positives. They also outline other possible fixes: jart/cosmopolitan#342 (comment) |
|
Magpie is currently an offline application. 23.215.176.152 is owned by Microsoft Magpie does not inject either, except for the registration of a global shortcut key, so I have no idea of what happened to WMIADAP.EXE. Considering that these behaviors are all produced by Magpie.dll, I suspect this is some mechanism of .NET 6 or Windows. In my opinion, AVs don't like independent developers. They love Google, Microsoft or any other company, even if they steal users' privacy and deprive them of their freedom. Users don't like independent developers either. Even if the project is completely open source, it's still not immune to suspicion. I hope this is the last time we discuss security issues. |
I 100% agree with that |
While I completely agree with these points, false positives do harm the reputation of a project as most people won't care about a project's stance on cybersecurity and privacy. I think it would be best to at least inform users about potential false positives and trying to release versions without false positives. However that is only my opinion, how this issue is handled is still up to you, but ignoring it will definitively harm any independent project's reputation. |
You are right, I have to pay for the stupidity of AVs. I'm not an expert here, so if there are any future false positive, please let me know. |
Question 问题
https://www.virustotal.com/gui/file/90d338dcd6507ce1f3e87beea61e3853ca8c59ce726587b6835fb90fc05bb956
This seems really sus... You guys sure this app is actually safe?
Logs files (optional) 日志文件(可选)
No response
The text was updated successfully, but these errors were encountered: