Downloading v2

Discuss the future of the AutoHotkey language
User avatar
kczx3
Posts: 563
Joined: 06 Oct 2015, 21:39

Downloading v2

13 Jun 2018, 08:24

Just wanting to check if anyone else is getting a warning on the download page for AHK v2 about potential viruses. I am sure it is fine to continue forward but am curious.

ahk_v2_warning.png
ahk_v2_warning.png (24.73 KiB) Viewed 188 times
lexikos
Posts: 5933
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: Downloading v2

14 Jun 2018, 19:15

I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.

Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip

Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).

Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.
User avatar
Ragnar
Posts: 178
Joined: 30 Sep 2013, 15:25

Re: Downloading v2

15 Jun 2018, 03:14

Maybe it would help if a certain number of people reported these links as false positive with the following site: https://safebrowsing.google.com/safebro ... ort_error/

In addition, https://autohotkey.com/download/ahk-v2.zip could be reported to inform indirectly that future releases will also be harmless.
User avatar
kczx3
Posts: 563
Joined: 06 Oct 2015, 21:39

Re: Downloading v2

15 Jun 2018, 05:05

I can certainly do that. Thanks!
AquaeAtrae

Re: Downloading v2

Yesterday, 18:18

lexikos wrote:I did. Anyone with a web browser which utilizes Google Safe Browsing (including Chrome and Firefox, at least) is likely to get that. I presume at least one build was affected by a false positive. It is not the first, or even second time, and frankly, I generally can't be bothered to fight against it. It is futile.

Google Search Console currently shows two sample URLs of "Harmful Downloads":
https:// autohotkey.com/download/1.0/AutoHotkey104414_Install.exe
https:// autohotkey.com/download/2.0/AutoHotkey_2.0-a092-840a364.zip

Not only new files cause false positives, but even well established ones: I think v1.0.0.44.14 is now 14 years old. virustotal currently shows 17/66 detections, and first submission in 2008 (which I think shows that the file hasn't changed in at least 10 years, making it likely to be the original file and not recently infected).

Google does not say which engines they use, or why else a download URL would be marked as malicious. I think that the false positives must be resolved with whatever engines they use before the alert can be removed, unless we remove every such file from the site.


@lexikos
On Reddit, we've posted the link to initiate the Google Review process for false positives, but I believe you'll need to do this. It's not crowd-sourced nor automatic.

I also posted a screenshot about the broken re-captcha system that was preventing me from properly logging in, resetting my password, etc.

https://www.reddit.com/r/AutoHotkey/com ... hotkey_20/

Return to “AutoHotkey v2 Development”

Who is online

Users browsing this forum: No registered users and 4 guests