x/sys/windows: `windows/svc/example` is detected as malware

[t00ts]

What version of Go are you using (go version)?

$ go version
go version go1.19 windows/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Akila\AppData\Local\go-build
set GOENV=C:\Users\Akila\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\Akila\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\Akila\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=C:\Program Files\Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.19
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=C:\Users\Akila\Desktop\service tests\go.mod
set GOWORK=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=C:\Users\Akila\AppData\Local\Temp\go-build4169214643=/tmp/go-build -gno-record-gcc-switches

What did you do?

1. Download the example service.
2. Build the example: go build .
3. Run the example: Install and start the service

> win_svc.exe install
> win_svc.exe start

What did you expect to see?

The service running normally

What did you see instead?

Windows has stopped the service from running and uninstalled it from the registry. It cannot be run or re-installed:

> win_svc.exe start
failed to start myservice: could not access service: The specified service does not exist as an installed service.

> win_svc.exe install
failed to install myservice: SetupEventLogSource() failed: SYSTEM\CurrentControlSet\Services\EventLog\Application\myservice registry key already exists

[thanm]

See https://golang.org/doc/faq#virus

[t00ts]

Hi @seankhliao, given you've closed the issue, I'd like to know what's the solution to build and ship software for Windows users using Go, if any. Thanks!

[seankhliao]

this is an issue for your antivirus vendor, not the go project

[t00ts]

Example provided is a clean Windows install, not any commercial anti-virus software

[seankhliao]

Microsoft / Windows is also an antivirus vendor.

[t00ts]

It's also (maybe unfortunately) the most widely used Desktop operating system, by far.

I'm surprised on how quickly this was disregarded as a non-issue when it's in fact quite a blocker in shipping a Go-based product to Windows users.

[alexbrainman]

I'm surprised on how quickly this was disregarded as a non-issue when it's in fact quite a blocker in shipping a Go-based product to Windows users.

What do you suggest Go project should do instead of pointing affected users to the antivirus vendor?

Alex

[t00ts]

Hi Alex, I don't know what the Go project should do. I truly wish I did, but I don't.

All I know is there's no way of justifying further development efforts using Go if the moment our product reaches the (paying) customer's computer there's a high chance of it getting flagged as malware.

Customers are not engineers nor Go developers. You can't "point them" to their antivirus vendor (Microsoft).

Have you ever downloaded a desktop application and have the installer come up with a message like: "Hey, please whitelist our software before Windows flags it as a virus"?

I don't think so.

[alexbrainman]

All I know is there's no way of justifying further development efforts using Go if the moment our product reaches the (paying) customer's computer there's a high chance of it getting flagged as malware.

I have never done this myself, but I suspect you can use some tools to sign your Go executable. This will make you executable not marked as malware. I just googled for it, and I can find

https://docs.microsoft.com/en-us/windows/win32/appxpkg/how-to-sign-a-package-using-signtool

https://stackoverflow.com/questions/252226/signing-a-windows-exe-file

Perhaps there are better solutions, if you are willing to look.

Have you ever downloaded a desktop application and have the installer come up with a message like: "Hey, please whitelist our software before Windows flags it as a virus"?

I don't download random software from the Internet and run it on my computer.

@qmuntal is there a way for Microsoft antivirus team to include Go built executable in their testing when they develop their product? Sorry for pinging you here, if you are the wrong person to ask that question. Thank you.

Alex

[qmuntal]

@qmuntal is there a way for Microsoft antivirus team to include Go built executable in their testing when they develop their product? Sorry for pinging you here, if you are the wrong person to ask that question. Thank you.

I can't reproduce this issue, but I like the idea. I'll try to move this forward.

[alexbrainman]

I like the idea. I'll try to move this forward.

Thank you for doing that.

Alex