To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
Few other AV software does the same:
https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection

I think, we should do something about it, at very least report
for false-positive to Kaspersky or something.

On 25/07/2018 8:27 PM, Rel wrote:
> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
> Few other AV software does the same:
> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection 
> 
> 
> I think, we should do something about it, at very least report
> for false-positive to Kaspersky or something.

This is a pretty regular problem for Windows.
Until we start signing the executables, it will never end.

On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:
> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
> Few other AV software does the same:
> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection
>
> I think, we should do something about it, at very least report
> for false-positive to Kaspersky or something.

It's been reported at  https://issues.dlang.org/show_bug.cgi?id=18786

For some reason it's not being taken seriously.  It's embarrassing to say the least.

Mike

On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:
> On 25/07/2018 8:27 PM, Rel wrote:
>> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
>> Few other AV software does the same:
>> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection
>> 
>> 
>> I think, we should do something about it, at very least report
>> for false-positive to Kaspersky or something.
>
> This is a pretty regular problem for Windows.
> Until we start signing the executables, it will never end.

It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap.

Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.

On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote:
> On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:
>> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
>> Few other AV software does the same:
>> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection
>>
>> I think, we should do something about it, at very least report
>> for false-positive to Kaspersky or something.
>
> It's been reported at  https://issues.dlang.org/show_bug.cgi?id=18786
>
> For some reason it's not being taken seriously.  It's embarrassing to say the least.
>
> Mike

Possibly because anything that says "pay money or we'll flag your binary and scare our users about it!" sounds like a scam. Also, nowadays virus scanners arguably cause more problems than they prevent - viruses have already exploited vulns in virus scanners, which usually run as root. And if somebody breaks into Github or dlang.org and replaces the binary with a backdoored one, they won't use a backdoor that'll be detected by common scanners because why would they?

On Wednesday, 25 July 2018 at 14:30:57 UTC, FeepingCreature wrote:
> On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote:
>> On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:
> Possibly because anything that says "pay money or we'll flag your binary and scare our users about it!" sounds like a scam. Also, nowadays virus scanners arguably cause more problems than they prevent - viruses have already exploited vulns in virus scanners, which usually run as root. And if somebody breaks into Github or dlang.org and replaces the binary with a backdoored one, they won't use a backdoor that'll be detected by common scanners because why would they?

To add to this, I've had issues with kaspersky tagging any 50 line program I wrote as a virus, as long as it had a do{} while() loop in main. Very annoying. At some point people need to realize that anti-viruses are not simply never going to improve computer security.

On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote:
> On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:
>> On 25/07/2018 8:27 PM, Rel wrote:
>>> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
>>> Few other AV software does the same:
>>> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection
>>> 
>>> 
>>> I think, we should do something about it, at very least report
>>> for false-positive to Kaspersky or something.
>>
>> This is a pretty regular problem for Windows.
>> Until we start signing the executables, it will never end.
>
> It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap.
>
> Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.

It's not about paying for the certificate, if that would be all, we would have done this long ago!

The problem is to integrate it in our release process and that no one involved has much experience with Windows. It doesn't make things easier that we run Windows via VirtualBox for the release building and the snake oil industry requires a hardware 2FA process when signing binaries with their certificate.

Let me quote Martin (our release tzar) from one of the many internal mails:

>>>
I can figure this all out, it's again a small but lower-priority issue cutting the line though.

After my vacation I'm currently finalizing the highly-available code.dlang.org migration.
Next will be migrating ci.dlang.io to Buildkite, then beginning the research for use-after-free/alias tracking.

---
Would be great if someone with actual interest in this would take care of it completely.

Win binary builds to sign .exe and .dll:
https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268
Win installer build:
https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322
Setup script for Win box in case we need to install tools:
https://gist.github.com/MartinNowak/8270666
---

<<<

On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote:
> On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:
>> To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
>> Few other AV software does the same:
>> https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection
>>
>> I think, we should do something about it, at very least report
>> for false-positive to Kaspersky or something.
>
> It's been reported at  https://issues.dlang.org/show_bug.cgi?id=18786
>
> For some reason it's not being taken seriously.  It's embarrassing to say the least.
>
> Mike

See https://forum.dlang.org/post/reccnvpdbboenpomexxz@forum.dlang.org - I also forwarded a few internal mails to you.

On Thursday, 26 July 2018 at 07:25:24 UTC, Seb wrote:
> On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote:
>> On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:
>>> [...]
>>
>> It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap.
>>
>> Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.
>
> It's not about paying for the certificate, if that would be all, we would have done this long ago!
>
> The problem is to integrate it in our release process and that no one involved has much experience with Windows. It doesn't make things easier that we run Windows via VirtualBox for the release building and the snake oil industry requires a hardware 2FA process when signing binaries with their certificate.
>
> Let me quote Martin (our release tzar) from one of the many internal mails:
>
>>>>[...]
> I can figure this all out, it's again a small but lower-priority issue cutting the line though.
>
> After my vacation I'm currently finalizing the highly-available code.dlang.org migration.
> Next will be migrating ci.dlang.io to Buildkite, then beginning the research for use-after-free/alias tracking.
>
> ---
> Would be great if someone with actual interest in this would take care of it completely.
>
> Win binary builds to sign .exe and .dll:
> https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268
> Win installer build:
> https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322
> Setup script for Win box in case we need to install tools:
> https://gist.github.com/MartinNowak/8270666
> ---
>
> <<<

It is important to have that certificate, as you can see from this https://forum.dlang.org/post/siugqkvkngnzdgqulaxo@forum.dlang.org signing the installer is not a big deal. `osslsigncode` runs on Linux so I think it should be fairly straight forward to add it as a step in the build script.
The example command from the link I gave is used in production somewhere and it works.

So, buy a certificate :)

On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:
> On 25/07/2018 8:27 PM, Rel wrote:
>> I think, we should do something about it, at very least report
>> for false-positive to Kaspersky or something.
>
> This is a pretty regular problem for Windows.
> Until we start signing the executables, it will never end.

Does anti-virus software exempt signed executables?