Downloading v2

Discuss issues and requests related with the forum software
User avatar
kczx3
Posts: 1640
Joined: 06 Oct 2015, 21:39

Downloading v2

13 Jun 2018, 08:24

Just wanting to check if anyone else is getting a warning on the download page for AHK v2 about potential viruses. I am sure it is fine to continue forward but am curious.
ahk_v2_warning.png
ahk_v2_warning.png (24.73 KiB) Viewed 7301 times
lexikos
Posts: 9553
Joined: 30 Sep 2013, 04:07
Contact:

Re: Downloading v2

14 Jun 2018, 19:15

I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.

Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip

Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).

Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
User avatar
Ragnar
Posts: 611
Joined: 30 Sep 2013, 15:25

Re: Downloading v2

15 Jun 2018, 03:14

Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/

In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.
User avatar
kczx3
Posts: 1640
Joined: 06 Oct 2015, 21:39

Re: Downloading v2

15 Jun 2018, 05:05

I can certainly do that. Thanks!
AquaeAtrae

Re: Downloading v2

17 Jun 2018, 18:18

lexikos wrote:I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.

Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip

Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).

Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
@lexikos
On Reddit, we've posted the link to initiate the Google Review process for false positives, but I believe you'll need to do this. It's not crowd-sourced nor automatic.

I also posted a screenshot about the broken re-captcha system that was preventing me from properly logging in, resetting my password, etc.

https://www.reddit.com/r/AutoHotkey/com ... hotkey_20/
lexikos
Posts: 9553
Joined: 30 Sep 2013, 04:07
Contact:

Re: Downloading v2

18 Jun 2018, 18:44

I have submitted a review.

I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.
AquaeAtrae
Posts: 1
Joined: 18 Jun 2018, 05:43
Contact:

Re: Downloading v2

19 Jun 2018, 01:24

Thanks for doing that lexikos and for efforts with the code. Great utility!

I was posting anonymously before. Somehow I navigated from here to a password reset page with the broken captcha.

But I've since found I was able to make an completely new account so best guess is I somehow found my way into the old, archived forum system at https://autohotkey.com/board (with no s). Unless it comes up again, I won't worry about it.
User avatar
DrReflex
Posts: 42
Joined: 25 May 2015, 02:57
Location: Greer, SC

Re: Downloading v2

14 Jul 2018, 21:02

Ragnar wrote:Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/

In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.

Unfortunately you can't do this. I tried. The downloads are blacklisted internal to Google and have not been reported by Google to StopBadware.org Clearinghouse. The URLs have to be in the Clearinghouse for StopBadware.org to review them.

See my post from this evening: https://autohotkey.com/boards/viewtopic ... 33#p228633
User avatar
DrReflex
Posts: 42
Joined: 25 May 2015, 02:57
Location: Greer, SC

Re: Downloading v2

14 Jul 2018, 21:17

lexikos wrote:I have submitted a review.

I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.
Lexikos,

1. Google Safe Browsing states that the autohotkey.com Webmaster should be receiving emails from them regarding any Google blacklistings.
2. The downloads that are blocked almost certainly are CLEAN so there is no way to fix them. (I base this upon checking them and the download page URLs at virustotal.com. GSB is flagging the pages and files as MALICIOUS despite >95% (60+) of the remaining virus/malware engines stating they are CLEAN.
3. StopBadware.org states that the files appear to be blacklisted internally at Google and that they have not been reported to the StopBadware Clearinghouse by Google as containing MALICIOUS software.
4. Perhaps copies of the email warnings from Google to the autohotkey.com webmaster will provide you with more information about why the site is partially blacklisted.

I have posted details at https://autohotkey.com/boards/viewtopic ... 33#p228633
lexikos
Posts: 9553
Joined: 30 Sep 2013, 04:07
Contact:

Re: Downloading v2

14 Jul 2018, 22:05

DrReflex,
tank and joedf manage the website and forum.
I have a responsibility to ensure the binaries I upload are malware-free. Beyond that, I have no wish to spend my time fighting against Google and antivirus vendors or otherwise managing the site.
Perhaps copies of the email warnings from Google to the autohotkey.com webmaster will provide you with more information about why the site is partially blacklisted.
The emails have never provided me more information than Search Console itself, which merely shows a list of "example URLs" of "Harmful Downloads" and no further information. The current examples are 1.0/, 2.0/ and the same two URLs I mentioned in my first reply in this topic.

I currently have the email warnings turned off for the above reason. joedf is also registered as an admin under Google Search Console and might be receiving these warnings.
The downloads that are blocked almost certainly are CLEAN so there is no way to fix them.
Given that both of the example URLs shown by Search Console (noted in my first reply) show multiple detections on virustotal, it is reasonable to assume that they are not "CLEAN" from Google's viewpoint, and the apparent solution would be to get these antivirus vendors to fix the false positives.
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: Downloading v2

17 Jul 2018, 08:33

DrReflex wrote:1. Google Safe Browsing states that the autohotkey.com Webmaster should be receiving emails from them regarding any Google blacklistings.
As i monitor that inbox i can say it simply isn't true.

The current working theory is that we need to post a EULA and uninstall instructions on the download pages to comply with google. That is being worked on by @joeDF
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
User avatar
kczx3
Posts: 1640
Joined: 06 Oct 2015, 21:39

Re: Downloading v2

17 Jul 2018, 13:32

Cool, thanks for the update tank!
CynicalSam

Re: Downloading v2

31 Aug 2018, 17:51

Excuse me for being sceptical, but wouldn't a software company pushing a virus out say - its a false positive, you'll be fine!! - its a bit like the foxs guarding the hen house.

I'm am definitely NOT saying that this is anything dodgy, its probably completely fine, I am just saying the person offering a file for download isn't always the best source when checking something is safe!

Sorry!
User avatar
nnnik
Posts: 4500
Joined: 30 Sep 2013, 01:01
Location: Germany

Re: Downloading v2

01 Sep 2018, 01:03

Well a person offering the download can simply tell you it's source. It's source is on GitHub and is compiled using Visual Studio Community edition - I think 2015? If you think that's not true you could compile it yourself and compare the hashes.
Additionally you could also upload the files to vitustotal.com and see that it is showing a detection rate of something like 7/68. This is clearly a sign of false positives.

Lastly I think that if someone wants to comment on a topic they should have read through the topic. This is about Google suddenly claiming that we are "unwanted software". There has never been any claims about a virus. You are the first person to bring that on the table.
Recommends AHK Studio

Return to “Forum Issues”

Who is online

Users browsing this forum: No registered users and 49 guests