Downloading v2

Discuss the future of the AutoHotkey language
User avatar
kczx3
Posts: 586
Joined: 06 Oct 2015, 21:39

Downloading v2

13 Jun 2018, 08:24

Just wanting to check if anyone else is getting a warning on the download page for AHK v2 about potential viruses. I am sure it is fine to continue forward but am curious.

ahk_v2_warning.png
ahk_v2_warning.png (24.73 KiB) Viewed 1123 times
lexikos
Posts: 6045
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: Downloading v2

14 Jun 2018, 19:15

I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.

Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip

Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).

Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
User avatar
Ragnar
Posts: 189
Joined: 30 Sep 2013, 15:25

Re: Downloading v2

15 Jun 2018, 03:14

Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/

In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.
User avatar
kczx3
Posts: 586
Joined: 06 Oct 2015, 21:39

Re: Downloading v2

15 Jun 2018, 05:05

I can certainly do that. Thanks!
AquaeAtrae

Re: Downloading v2

17 Jun 2018, 18:18

lexikos wrote:I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.

Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip

Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).

Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.


@lexikos
On Reddit, we've posted the link to initiate the Google Review process for false positives, but I believe you'll need to do this. It's not crowd-sourced nor automatic.

I also posted a screenshot about the broken re-captcha system that was preventing me from properly logging in, resetting my password, etc.

https://www.reddit.com/r/AutoHotkey/com ... hotkey_20/
lexikos
Posts: 6045
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: Downloading v2

18 Jun 2018, 18:44

I have submitted a review.

I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.
AquaeAtrae
Posts: 1
Joined: 18 Jun 2018, 05:43
GitHub: AquaeAtrae

Re: Downloading v2

19 Jun 2018, 01:24

Thanks for doing that lexikos and for efforts with the code. Great utility!

I was posting anonymously before. Somehow I navigated from here to a password reset page with the broken captcha.

But I've since found I was able to make an completely new account so best guess is I somehow found my way into the old, archived forum system at https://autohotkey.com/board (with no s). Unless it comes up again, I won't worry about it.
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Downloading v2

14 Jul 2018, 21:02

Ragnar wrote:Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/

In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.



Unfortunately you can't do this. I tried. The downloads are blacklisted internal to Google and have not been reported by Google to StopBadware.org Clearinghouse. The URLs have to be in the Clearinghouse for StopBadware.org to review them.

See my post from this evening: https://autohotkey.com/boards/viewtopic ... 33#p228633
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Downloading v2

14 Jul 2018, 21:17

lexikos wrote:I have submitted a review.

I know nothing about the captcha; tank and joedf manage the website and forum. If you have issues but are able to post, I would suggest posting in the Forum Issues subforum.


Lexikos,

1. Google Safe Browsing states that the autohotkey.com Webmaster should be receiving emails from them regarding any Google blacklistings.
2. The downloads that are blocked almost certainly are CLEAN so there is no way to fix them. (I base this upon checking them and the download page URLs at virustotal.com. GSB is flagging the pages and files as MALICIOUS despite >95% (60+) of the remaining virus/malware engines stating they are CLEAN.
3. StopBadware.org states that the files appear to be blacklisted internally at Google and that they have not been reported to the StopBadware Clearinghouse by Google as containing MALICIOUS software.
4. Perhaps copies of the email warnings from Google to the autohotkey.com webmaster will provide you with more information about why the site is partially blacklisted.

I have posted details at https://autohotkey.com/boards/viewtopic ... 33#p228633
lexikos
Posts: 6045
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: Downloading v2

14 Jul 2018, 22:05

DrReflex,
tank and joedf manage the website and forum.

I have a responsibility to ensure the binaries I upload are malware-free. Beyond that, I have no wish to spend my time fighting against Google and antivirus vendors or otherwise managing the site.

Perhaps copies of the email warnings from Google to the autohotkey.com webmaster will provide you with more information about why the site is partially blacklisted.
The emails have never provided me more information than Search Console itself, which merely shows a list of "example URLs" of "Harmful Downloads" and no further information. The current examples are 1.0/, 2.0/ and the same two URLs I mentioned in my first reply in this topic.

I currently have the email warnings turned off for the above reason. joedf is also registered as an admin under Google Search Console and might be receiving these warnings.
The downloads that are blocked almost certainly are CLEAN so there is no way to fix them.
Given that both of the example URLs shown by Search Console (noted in my first reply) show multiple detections on virustotal, it is reasonable to assume that they are not "CLEAN" from Google's viewpoint, and the apparent solution would be to get these antivirus vendors to fix the false positives.
User avatar
tank
Posts: 2310
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: Downloading v2

17 Jul 2018, 08:33

DrReflex wrote:1. Google Safe Browsing states that the autohotkey.com Webmaster should be receiving emails from them regarding any Google blacklistings.
As i monitor that inbox i can say it simply isn't true.

The current working theory is that we need to post a EULA and uninstall instructions on the download pages to comply with google. That is being worked on by @joeDF
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
User avatar
kczx3
Posts: 586
Joined: 06 Oct 2015, 21:39

Re: Downloading v2

17 Jul 2018, 13:32

Cool, thanks for the update tank!

Return to “AutoHotkey v2 Development”

Who is online

Users browsing this forum: No registered users and 6 guests