gz83
commented
4 months ago This is a false alarm and is a sporadic event that cannot be reproduced on everyone's device.
If you are worried, you can choose to compile it yourself or give up using it.
Open andika207 opened 4 months ago
gz83
commented
4 months ago This is a false alarm and is a sporadic event that cannot be reproduced on everyone's device.
If you are worried, you can choose to compile it yourself or give up using it.
andika207
commented
4 months ago This is a false alarm and is a sporadic event that cannot be reproduced on everyone's device.
I have scanned it on two different computers but the threats are still being flagged by Avast
if they are false positive type of threats @Alex313031 would better off get in touch with Avast support center as did @Blaukovitch with Kaspersky https://github.com/win32ss/supermium/issues/217#issuecomment-1920340022
gz83
commented
4 months ago Unless we have digital signatures or pay some money to the antivirus vendors to add the browsers to the whitelist, I think these problems will be difficult to solve.
I have previously tried to submit false positives to Microsoft, Bitdefender and other vendors, but shortly after the false positive was resolved, the browser was marked as a threat again.
In addition, many antivirus software will mark software without digital signatures as threats. For example, they will report a very simple type conversion program written in Go as a virus, even though there is obviously no problem with the code, which is very annoying for developers.
f2s,err := strconv.ParseFloat("10.232", 64) if err != nil { fmt.Println("error: ", err) return }
crudebuster
commented
4 months ago Avast loves to find trouble where there isn't so they can panic unsavvy people into paying for their BS.
Alex313031
commented
4 months ago @crudebuster @andika207 @gz83 I sent an appeal to Avast. The problem is that anytime we appeal to Microsoft, Kapersky, or Avast, they whitelist the file hash of the current release. When a new release is made, it does the same thing all over again. And sometimes it doesn't trigger any virus warnings at all.
It seems to be random, and the "threats" seem to change with each release. I have tried narrowing down some specific codepath or build configuration that causes Thorium to be flagged, whereas Chromium (at least in my personal experience), seems to not be flagged. It's frustrating for sure, because I get issues at least once a month about this, and it causes people to lose trust or worry that I'm spying on them or something.
If I ever get expendable money, or enough donations to Thorium, I will definitely invest in getting a developer signature straight from Microsoft, which would put an end to the bullcrap.
crudebuster
commented
4 months ago I remember when a developer of a joystick driver for parallel ports (PPJoy) had the drama of having his driver not signed by MS turning into a donation request then finally made him gave up entirely due to hardware aging. Sometimes they think the PC platform is their feud to dictate whatever they think is whatever they feel like doing. they tried to block BIOS from booting Linux so people bought a license, now Linux is more or less commercially viable due to their pressure. It's always money.
andika207
commented
4 months ago It seems to be random, and the "threats" seem to change with each release.
my secondary PC does only detect 3 suspicious files however the Thorium 119 is clean from malware
andika207
commented
3 months ago I will definitely invest in getting a developer signature straight from Microsoft, which would put an end to the bullcrap.
https://www.reddit.com/r/browsers/comments/1d9o1ay/my_personal_browser_recommendation_for_2024/
:x: :x: :x: what's this ?