Chrome flags wesnoth-1.12-win32.exe as malicious

Having trouble with the game? Report issues and get help here. Read this first!

Moderator: Forum Moderators

Forum rules
Before reporting issues in this section, you must read the following topic:
BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund »

New user here. Alerted to the Wesnoth update from the post at Rock, Paper, Shotgun: http://www.rockpapershotgun.com/2014/11 ... ng-better/

When I try to download the Windows build from http://sourceforge.net/projects/wesnoth ... e/download, Google Chrome (Version 39.0.2171.62 beta-m (64-bit)) gives me the following message when the download is done:

"wesnoth-1.12-win32.exe is malicious, and Chrome has blocked it."

And sure enough, it deletes the file.

I realize that volunteer compilers, and not the makers of the game, provide Windows downloads. But is this a recurring issue (and therefore one to be ignored), or something new?

Thanks.
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

It's most likely a false positive again. Did it say what virus/trojan it found?
"meh." - zookeeper
BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund »

loonycyborg wrote:It's most likely a false positive again. Did it say what virus/trojan it found?
No it did not. What I quoted was the entirety of the message. Ordinarily I wouldn't be too concerned, but because the binaries are provided by outside volunteers, I don't know what control (if any) the authors of the game have over the files that are uploaded. So I thought I'd be cautious. (Too bad, because I did enjoy this game in one of its iPad incarnations.)
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

It's made by me personally. Pretty much all who works on wesnoth are volunteers. I'm just one of them. There always exist a possibilty that a virus could contaminate my machine, but I think false positive is more likely. Chrome's message is useless without specifying exact virus it found so I can't really verify it.
"meh." - zookeeper
User avatar
Pentarctagon
Project Manager
Posts: 5526
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by Pentarctagon »

Spybot S&D found this. The scan is still ongoing, but it's looking to take hours at the rate it's going, so I figured I'd post what it's found so far.

Info from the Spybot forums and from Microsoft.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

File and dir in screenshot aren't part of wesnoth, and weren't installed by the installer. I double checked by running installer and looking at the dir it made.
It could be seeing internals of NSIS.
"meh." - zookeeper
User avatar
Pentarctagon
Project Manager
Posts: 5526
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by Pentarctagon »

Yes, I extracted it with 7zip before scanning.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

I had no idea that 7zip can extract NSIS installers. But that file seems to be part of NSIS.
"meh." - zookeeper
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

NSIS gets a lot of false positives. Probably it's just another one.
http://nsis.sourceforge.net/NSIS_False_Positives
"meh." - zookeeper
MerlinCross
Posts: 57
Joined: November 25th, 2014, 5:52 am

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by MerlinCross »

Also here from Rock Paper Shotgun.

So can I install this okay or do I have to do something with it first because I'm getting the same problem.
BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund »

MerlinCross wrote:Also here from Rock Paper Shotgun.

So can I install this okay or do I have to do something with it first because I'm getting the same problem.
I have no idea. I of course have no reason to doubt what loonycyborg is saying. But getting flagged by both Chrome and Spybot S&D isn't exactly a clean bill of health. I think it's likely it is a false positive. But the question is whether playing the game is worth the risk. Right now, and speaking only for myself, it isn't, because I've been burned in the past by unintentional passing along of viruses. loonycyborg, are you the only person who provides Windows binaries for this game at the game website, or are there others? No offense intended, of course!
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

No. There's also MacOS releases. And all linux distros package wesnoth too. Neither of those uses NSIS. So maybe consider using a different OS :P

I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
"meh." - zookeeper
BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund »

loonycyborg wrote:No. There's also MacOS releases. And all linux distros package wesnoth too. Neither of those uses NSIS. So maybe consider using a different OS :P

I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
I totally understand where you're coming from. It's a frustrating situation. The problem is that the typical Windows user has no way to independently verify your claims, but also lacks your skills in compiling binaries. So we're sort of stuck looking for alternatives until this gets resolved. I personally hate installers and love .zip files, so I would have no problem with a .zip file. But I certainly understand your declining to do more than what you have done. You're not getting paid for your service!
User avatar
loonycyborg
Windows Packager
Posts: 295
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg »

Whether I'm not paid or not is irrelevant in this situation, since even "classic" commercial software companies provide installers only nowadays some using this same NSIS. And such issue would result in exactly the same response from them.
"meh." - zookeeper
User avatar
Wintermute
Inactive Developer
Posts: 840
Joined: March 23rd, 2006, 10:28 pm
Location: On IRC as "happygrue" at: #wesnoth-mp

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by Wintermute »

I wonder if it's worth contacting some folks at chrome to see if they can do anything about it? Or perhaps after enough downloads they might notice and investigate anyway?
"I just started playing this game a few days ago, and I already see some balance issues."
Post Reply