Virus report in binary #800
Comments
This was referenced Mar 14, 2022
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Since some time now, our binaries are sometimes reported by AntiVirus software to contain malicious code. This is a meta-issue to collect information about this. I'll update the information as I learn more.
in short: our binaries do not contain a virus or malicious code - the reports are false-positives caused by something triggering machine learning models of the AntiVirus software.
Relates issues: #782, #793
What causes this?
AntiVirus software tries to detect programs that behave in a bad way. To do this, they look at patterns in the programs. It looks like AI is used increasingly for this. This means that if your executable contains patterns that look like patterns used in known malicious code, your code may be marked as malicious too.
It can be assumed that the widespread use of Pyzo also means that people writing malicious code use Python with PyInstaller, just like we do. This might explain why many binaries build with PyInstaller seem to be affected.
What can you do to run Pyzo?
pip install pyzo.Also, you can help us report the false positive. E.g. for Windows Defender you can use this form.
How can I know that Pyzo does not contain a virus?
Honestly, you can't. Pyzo is open source, but in theory I could put some extra code in the binaries. There is no way to tell from a binary. For what it's worth, if I did this and it was found out, I think that Pyzo's usage (and my reputation) would be in rapid decline :)
What can we do?
After a release, we should probably:
It likely helps build a positive reputation with AntiVirus software if we'd sign the binaries. This is not trivial though, because we'd have to do it per-platform, certificates can cost up to a few hundred dollars, and I suspect making all this work on CI may be tricky.
The text was updated successfully, but these errors were encountered: