Just wanting to check if anyone else is getting a warning on the download page for AHK v2 about potential viruses. I am sure it is fine to continue forward but am curious.
Downloading v2
Re: Downloading v2
I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.
Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip
Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).
Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip
Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).
Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
Re: Downloading v2
Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/
In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.
In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.
Re: Downloading v2
I can certainly do that. Thanks!
Re: Downloading v2
@lexikoslexikos wrote:I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.
Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip
Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).
Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
On Reddit, we've posted the link to initiate the Google Review process for false positives, but I believe you'll need to do this. It's not crowd-sourced nor automatic.
I also posted a screenshot about the broken re-captcha system that was preventing me from properly logging in, resetting my password, etc.
https://www.reddit.com/r/AutoHotkey/com ... hotkey_20/
Re: Downloading v2
I have submitted a review.
I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.
I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.
-
- Posts: 1
- Joined: 18 Jun 2018, 05:43
- Contact:
Re: Downloading v2
Thanks for doing that lexikos and for efforts with the code. Great utility!
I was posting anonymously before. Somehow I navigated from here to a password reset page with the broken captcha.
But I've since found I was able to make an completely new account so best guess is I somehow found my way into the old, archived forum system at https://autohotkey.com/board (with no s). Unless it comes up again, I won't worry about it.
I was posting anonymously before. Somehow I navigated from here to a password reset page with the broken captcha.
But I've since found I was able to make an completely new account so best guess is I somehow found my way into the old, archived forum system at https://autohotkey.com/board (with no s). Unless it comes up again, I won't worry about it.
Re: Downloading v2
Ragnar wrote:Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/
In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.
Unfortunately you can't do this. I tried. The downloads are blacklisted internal to Google and have not been reported by Google to StopBadware.org Clearinghouse. The URLs have to be in the Clearinghouse for StopBadware.org to review them.
See my post from this evening: https://autohotkey.com/boards/viewtopic ... 33#p228633
Re: Downloading v2
Lexikos,lexikos wrote:I have submitted a review.
I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.
1. Google Safe Browsing states that the autohotkey.com Webmaster should be receiving emails from them regarding any Google blacklistings.
2. The downloads that are blocked almost certainly are CLEAN so there is no way to fix them. (I base this upon checking them and the download page URLs at virustotal.com. GSB is flagging the pages and files as MALICIOUS despite >95% (60+) of the remaining virus/malware engines stating they are CLEAN.
3. StopBadware.org states that the files appear to be blacklisted internally at Google and that they have not been reported to the StopBadware Clearinghouse by Google as containing MALICIOUS software.
4. Perhaps copies of the email warnings from Google to the autohotkey.com webmaster will provide you with more information about why the site is partially blacklisted.
I have posted details at https://autohotkey.com/boards/viewtopic ... 33#p228633
Re: Downloading v2
DrReflex,
I currently have the email warnings turned off for the above reason. joedf is also registered as an admin under Google Search Console and might be receiving these warnings.
I have a responsibility to ensure the binaries I upload are malware-free. Beyond that, I have no wish to spend my time fighting against Google and antivirus vendors or otherwise managing the site.tank and joedf manage the website and forum.
The emails have never provided me more information than Search Console itself, which merely shows a list of "example URLs" of "Harmful Downloads" and no further information. The current examples are 1.0/, 2.0/ and the same two URLs I mentioned in my first reply in this topic.Perhaps copies of the email warnings from Google to the autohotkey.com webmaster will provide you with more information about why the site is partially blacklisted.
I currently have the email warnings turned off for the above reason. joedf is also registered as an admin under Google Search Console and might be receiving these warnings.
Given that both of the example URLs shown by Search Console (noted in my first reply) show multiple detections on virustotal, it is reasonable to assume that they are not "CLEAN" from Google's viewpoint, and the apparent solution would be to get these antivirus vendors to fix the false positives.The downloads that are blocked almost certainly are CLEAN so there is no way to fix them.
Re: Downloading v2
As i monitor that inbox i can say it simply isn't true.DrReflex wrote:1. Google Safe Browsing states that the autohotkey.com Webmaster should be receiving emails from them regarding any Google blacklistings.
The current working theory is that we need to post a EULA and uninstall instructions on the download pages to comply with google. That is being worked on by @joeDF
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
Re: Downloading v2
Cool, thanks for the update tank!
Re: Downloading v2
Excuse me for being sceptical, but wouldn't a software company pushing a virus out say - its a false positive, you'll be fine!! - its a bit like the foxs guarding the hen house.
I'm am definitely NOT saying that this is anything dodgy, its probably completely fine, I am just saying the person offering a file for download isn't always the best source when checking something is safe!
Sorry!
I'm am definitely NOT saying that this is anything dodgy, its probably completely fine, I am just saying the person offering a file for download isn't always the best source when checking something is safe!
Sorry!
Re: Downloading v2
Well a person offering the download can simply tell you it's source. It's source is on GitHub and is compiled using Visual Studio Community edition - I think 2015? If you think that's not true you could compile it yourself and compare the hashes.
Additionally you could also upload the files to vitustotal.com and see that it is showing a detection rate of something like 7/68. This is clearly a sign of false positives.
Lastly I think that if someone wants to comment on a topic they should have read through the topic. This is about Google suddenly claiming that we are "unwanted software". There has never been any claims about a virus. You are the first person to bring that on the table.
Additionally you could also upload the files to vitustotal.com and see that it is showing a detection rate of something like 7/68. This is clearly a sign of false positives.
Lastly I think that if someone wants to comment on a topic they should have read through the topic. This is about Google suddenly claiming that we are "unwanted software". There has never been any claims about a virus. You are the first person to bring that on the table.
Recommends AHK Studio
Who is online
Users browsing this forum: No registered users and 22 guests