Open MrBenzWorld opened 3 months ago
Yes, unfortunately, this happens 🙁. It has also happened to me on a computer. If you compile the code on your computer yourself, everything is fine. The problem arises because the app is built through a GitHub pipeline and is not signed. We need an expensive EV code signing certificate. That would make the installer and the app trustworthy. As long as there are no supporters, we unfortunately have to deal with it. I hope that some company will donate around 1000 dollars per year, so we can get that certificate.
As long as we do not have a certificate, we need to define an exception in the virus scanner. On a personal computer, this is not a problem. It becomes more difficult in a company where the virus scanners are centrally managed by an IT department. However, often you can also apply for an exception in such situations.
As an interim solution, I have published the results of various virus scanners on the release page to gain trust. The app is checked by 74 virus scanners with each release. The assumption is: If something were really wrong, many of the 74 scanners would have to raise an alarm. Currently, however, only 2 out of 74 scanners say that something is wrong. And they are little-known scanners Bkav Pro
and DeepInstinct
. All other scanners find no issues. To find this report, search for MindWork AI Studio_x64-setup.exe
on the release page for the Windows installer. The link then leads to the scan report.
In theory, there is another solution that I would like to briefly explain: We could publish AI Studio in the Microsoft and Apple App Store. This way we would get the certificate for free (or 99 dollars for Apple). Then we can extract the certificate and also use it for the GitHub releases. At the moment, however, it seems like too much effort to configure all this. Because: the app would have to be uploaded from GitHub to the App Store automatically with each release. This is all possible, but it is a lot of initial effort.
@SommerEngineering Thank you for detailed response.
I have installed similar non-licensed LLM UI apps before and received warnings from Kaspersky. However, I was able to allow them and use the apps without issues.
In the case of your AI-Studio app, it is automatically deleting files, including the downloaded .exe file. This seems to be more than just a licensing problem; there may be some bugs involved. I'm not certain about the exact issue, but I received a high threat alert for your app from the entire list of apps provided below.
Please look into this matter and resolve the problem.
As an interim solution, I have published the results of various virus scanners on the release page to gain trust. The app is checked by 74 virus scanners with each release. The assumption is: If something were really wrong, many of the 74 scanners would have to raise an alarm. Currently, however, only 2 out of 74 scanners say that something is wrong. And they are little-known scanners
Bkav Pro
andDeepInstinct
. All other scanners find no issues. To find this report, search forMindWork AI Studio_x64-setup.exe
on the release page for the Windows installer. The link then leads to the scan report.
Both Bkav & Deep Instinct use AI to "detect" malware and end up flagging more false positives than they do actual malware.
This explains in detail why heuristic analysis tools are being set off incase it helps you work this out:
https://tria.ge/240801-f12ecaybkb/behavioral1
You can see here too that everything it is flagging as "malicious" is due to it touching webview.
https://www.hybrid-analysis.com/sample/f655576465177916f3f010f439dbfd092ae31c0bbe851e6fa83b8bdb6716f16d/66ab1c8f397ac24042098021
Kaspersky uses heuristic analysis on device which is probabaly what is falsely flagging it as malware (like the above links). You can see that in the behaviour tab of VirusTotal none of the sandboxes that have actually ran the file flag it as malicious
I'm not versed in how exes' work exactly but there may be a less "suspicous" way of interacting with webview?
Currently, I see no way to solve the issue in the short term. Let's look at the details of the malicious indicators (thanks @sais-github for the link):
"Creates a process in suspended mode": This cannot be avoided. The runtime written in Rust and the Tauri framework used there must start an invisible browser. The UI of AI Studio is HTML-based.
"Writes data to a remote process": The Rust runtime must exchange data with the browser we have started. This also cannot be avoided.
"Tries to steal mail credentials from registry": As you can see in the report, these are all accesses from the browser instance to the registry. On Windows, this is Microsoft Edge. I have no idea why this report speaks of mail credentials. Our code does not attempt to access such data. I can imagine that Microsoft Edge performs standard queries here. I have observed similar behavior on macOS. There, it is Safari. The system there sometimes reports that AI Studio wants to access the desktop, even though we do not do this in our code. This also seems to be a standard browser access.
"Spawns a lot of processes": This cannot be avoided at the moment. Naturally, the browser must be launched. The browser then starts various processes for itself. Then our Rust runtime starts our own .NET server (Tauri calls this a "sidecar"). We also can't change much at this point.
Some of these issues might improve with future updates of the Tauri framework. For example, if Tauri allows a different form of inter-process communication or by preventing standard browser queries, etc. However, we can't change anything in the short term, at least I would not know how.
The problem is known in the Tauri world and is being observed there.
Today I also got a warning for the new version: https://www.virustotal.com/gui/file/70e9c112be239e7344617702af912723105e5a3cf852bfe22ffa6f9f6d96af15/detection
@SommerEngineering
Now, please fix this virus issue. It is preventing to use your app.
Kaspersky detected AI studio as a virus, deleted it completely 0.8.3 , 0.8.4 versions.