topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 7:47 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Download appears malicious - Google Chrome  (Read 8619 times)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Download appears malicious - Google Chrome
« on: March 12, 2012, 05:33 AM »
Anyone seen this before?
Snap 2012-03-12 at 10.30.41.png

It's just an autohotkey compiled script (no executable packer) inside an innosetup executable. Jotti tells me there are no viruses found, so why is Google Chrome not happy?

Chrome's learn more links goes to http://support.googl...-GB&answer=99020 but it's typically unhelpful. Any ideas?
If now we have to petition the browsers as well as the virusscanners I will have to switch platforms..
« Last Edit: March 12, 2012, 05:40 AM by justice »

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #1 on: March 12, 2012, 05:57 AM »
That link only seems to mention things about potential scam WEBSITES and nothing about SOFTWARE

However, you might be pleased to know, your not the only one who is irritated by this:

https://www.google.c...le+appears+malicious

The above link brings up a whole bunch of other posts about this...most seem to have started around Feb of this year, so maybe from whatever update was released in Feb? (Not a Chrome user, so don't know)

If your still PO'ed about it...I'll say to you, what I say to everyone who has a problem with FF or Chrome...

www.opera.com

 ;D

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #2 on: March 12, 2012, 07:06 AM »
I've found an explanation of the 'feature', but no solution:
http://chrome.blogsp...ed-and-security.html
To help protect you against malicious downloads, Chrome now includes expanded functionality to analyze executable files (such as “.exe” and “.msi” files) that you download. If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it. We’re starting small with this initial Beta release, but we’ll be ramping up coverage for more and more malicious files in the coming months. Remember, no technical mechanism can ever protect you completely from malicious downloads. You should always be careful about which files you download and consider the reputation of their source.
Emphasis added. Excuse me.

I'm now verifying my site with mywot.com and google webmaster tools, will see if Google flagged any downloads. If not, clearly they should use a blacklist approach not whitelist.

update: ok done: Google has not detected any malware on this site. Guess they're just flagging for the hell of it. Guess  You should always be careful about which browser you download and consider the reputation of their source.
« Last Edit: March 12, 2012, 07:15 AM by justice »

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,612
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #3 on: March 12, 2012, 07:23 AM »
I've seen similar 'issues' with downloads using IE9 on other Inno Setup based installers lately (in the Inno Setup newsgroups). Case of 'meh' I guess, or another way of pestering small software vendors.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #4 on: March 12, 2012, 07:50 AM »
Inno Setup files periodically trigger AV warnings. One of the reasons is because of compression.

Virus signatures and compression both hold a common theme: Uniqueness and maximum entropy. This is why that happens.

Still, always double-check, but just be aware that the AV methods used will always have false positives. That will never stop. (Ok, it might stop if larger spaces are used, but that becomes impractical... so it will never stop.)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

bastik

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 14
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #5 on: March 12, 2012, 01:49 PM »
I had a lot of warnings in the far past with compiled autohotkey scripts. They were detected as "autohotkey trojan" (or similar). Apparently the AV picked something that was present in most/some of the compiled versions of the scripts as well as the actual malware.

Double-checking never hurts.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #6 on: March 12, 2012, 05:40 PM »
IIUC, more recent AHK things are compressed with mpress, whereas before compression of such things was much more often done using upx.  My current impression is that the triggering (if any) of recent AHK things (i.e. using mpress) is much less frequent.

If someone knows otherwise, perhaps they can chime in :)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #7 on: March 13, 2012, 09:20 AM »
I made sure my executables are not compressed at all, in this case it maybe has to do with the innosetup executable not being signed with a level 2 object code signing certificate?
http://stackoverflow...icious-file-warning/

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Download appears malicious - Google Chrome
« Reply #8 on: March 16, 2012, 04:03 AM »
Update.
Still not sure how it happened. However, a solution is to join Google Webmaster Tools. After a few days the warning is no longer shown:
http://stackoverflow.com/a/9727960/997