-
-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Streamlink 2.1.0 getting flagged as trojan by windows defender and 2 other AVEs #914
Comments
Report it as a false positive, this is nothing that I can fix here... Or better yet, don't use snake oil software like anti virus software. If you don't trust the pre-builts for whatever reason, then build the application yourself. This is a free software project. The application code is also reproducible, and the NW.js binaries are official ones, downloaded by nw-builder from the NW.js developer site, which are signed by the developer, Roger Wang. https://dl.nwjs.io/v0.64.1/SHASUMS256.txt And btw, this is Streamlink Twitch GUI, and not Streamlink. |
I don't mean to be rude and try to label this project's thing as malware or anything. I had a feeling that this might be a false positive. Good to know |
All good. This is not the first time this has happened. The Streamlink installer has also already been flagged as malicious multiple times. What's annoying about this is that most users simply don't understand how any of this works at all, especially those without any software development background, and we've also already had users which had to be banned from the issue trackers because they kept insisting that we would ship malicious code, despite this all being open source software under a free software license, with public build configs and build logs. As said, if anyone doesn't trust any pre-built binaries by Streamlink or Streamlink Twitch GUI, then they can build the stuff themselves. Btw, the checksum of the main application executable won't match, because on Windows, icons are embedded in the portable executable format (.exe) (which is ridiculous btw), and the default NW.js icon needs to get replaced with the Streamlink Twitch GUI icon by nw-builder's I've also already commented on Gitter/Matrix yesterday that it probably would make sense signing the Streamlink Twitch GUI builds myself via gpg, but that wouldn't have any use because on Windows, executables have a different signing mechanism that allows embedding developer signatures based on paid certificates from Microsoft and partners, and this costs a lot of money, hundreds of dollars each year. As you can probably guess, I am not interested in this as a FOSS developer. |
Checklist
Streamlink Twitch GUI version
2.1.0
Streamlink version
5.0.1
Operating system, environment and configuration details
WIN10 21H2
Security intelligence version (Windows Defender definitions version) - 1.377.471.0
Description
The executable is got flagged as a trojan by 3 AVEs
Virustotal link - https://www.virustotal.com/gui/file/80efa793f91af6fc5a119307db036ab627d23230f3d6036b42e02819c34c5613
I checked virustotal after I got a notification from window defender
I have installed the program using scoop
Debug log
No response
The text was updated successfully, but these errors were encountered: