malware detected in Windows version about picocrypt HOT 13 CLOSED

RIP... There's not much that I can do on my end, to be honest. Submitting Picocrypt as a false positive to those providers would be the only reliable way.

from picocrypt.

All of the antiviruses seem to recognize a Win64 Mde class or a Win 64 dropper in the executable. Not sure about what is Mde class, but how could Picocrypt be the dropper if the only file it drops is sdelete exe, which is clean on virustotal. Every normal antivirus seems to be kind to Picocrypt, so it is fine.

Evan, you wouldn't put a malware in your app, right? :p

from picocrypt.

Not sure what exactly is going, but I can definitely promise you that there is no malware 😄. You can build from source code if that's your type of coffee.

Avast owns AVG (IIRC), so those two essentially have the same engine. Avast is a pretty poor AV anyway, so no need to worry about it. I have no idea what McAfee-GW-Edition is, so I wouldn't worry too much about it either. And the last one, Sangfor Engine Zero sounds pretty obscure, so we can ignore it. As long as the big players like Bitdefender, Kaspersky, etc. are okay, we should be fine.

Picocrypt only drops one file, which as you have correctly pointed out, is sdelete64.exe, which is directly from Microsoft Sysinternals and used to shred files. No other file is dropped, although since Picocrypt is packed with UPX and I also embed files within the executable, there may be one or two additional dropped files. There also is a network request, which is just to check if a new version is available (not for telemetry), if anyone was wondering.

Some similar cases:
https://community.mcafee.com/t5/Malware/BehavesLike-Win32-Dropper-vc/td-p/638414
vercel/pkg-fetch#93

These issues seem to be a problem for many other FOSS projects, since most people can't afford a signing certificate which costs hundreds if not thousands of US dollars a year. I guess we can't do much other than submit false positives.

from picocrypt.

What's interesting is that I uploaded a 1.20 preview which you posted here in issue #49 on VirusTotal (https://www.virustotal.com/gui/file/ec4fddf9f865298cf086aa595910903b2721ef4ab58dd012966dc2d17be307ad) and all of the antiviruses say that there is no malware in it. Not sure, but maybe it has something to do with the rework/update of the app you're working on.

from picocrypt.

I didn't pack it with UPX, which I'm starting to suspect is the reason. I think we don't need to worry about this for now, unless it becomes a serious problem. Welcome to the wonderful world of antiviruses :P

from picocrypt.

I didn't pack it with UPX, which I'm starting to suspect is the reason. I think we don't need to worry about this for now, unless it becomes a serious problem. Welcome to the wonderful world of antiviruses :P

This world is really wonderful, haha. Just wondering, are you going to pack the final version with UPX or you will consider changing the utility?

from picocrypt.

I'll probably still pack each official release with UPX because it compresses very well and is very fast with decompression. UPX's last release was more than a year ago, so hopefully when the latest branch gets released, some of the AV issues might be solved 🤷

from picocrypt.

so hopefully when the latest branch gets released, some of the AV issues might be solved 🤷

I hope so. Anyway, waiting for the final release to come out, maybe wiil give a try to the preview version you posted, just to get a taste of the new version :p

from picocrypt.

If you mean final version as in the final revision of v1.20, that'll come in a couple of weeks. If you mean the final version of Picocrypt, that'll probably be a year since there are still things I have yet to implement.

from picocrypt.

If you mean final version as in the final revision of v1.20, that'll come in a couple of weeks. If you mean the final version of Picocrypt, that'll probably be a year since there are still things I have yet to implement.

Meant the final of the v1,20, didn't know that the FINAL version could be a thing

from picocrypt.

This issue went far from the malware problem I suppose. However, have you considered publishing the pre-releases via the so-called github release. Just an idea that came into my head :p
Just think it would be more convenient.

from picocrypt.

FINAL version
It's not really a "final" version, but some time in the future when I've complete all features, I won't be adding any new features and will only focus on rock-solid stability and security. At that point, it's safe to say that it's pretty much a final version since there won't be any new functionality.

I did consider using a GitHub release candidate, but that would potentially confuse the less-experienced people, so I decided to just drop a link from a GH issue to prevent any confusion. I'll publish v1.20 soon!

from picocrypt.

I did consider using a GitHub release candidate, but that would potentially confuse the less-experienced people, so I decided to just drop a link from a GH issue to prevent any confusion.

Got it.

I'll publish v1.20 soon!

Waiting for it!

from picocrypt.