MindWorkAI / AI-Studio

AI Studio is an independent app for utilizing LLM.
https://MindWorkAI.org/
Other
165 stars 12 forks source link

AI studio gets detected as a virus #54

Open MrBenzWorld opened 3 months ago

MrBenzWorld commented 3 months ago

Kaspersky detected AI studio as a virus, deleted it completely 0.8.3 , 0.8.4 versions.

SommerEngineering commented 3 months ago

Yes, unfortunately, this happens 🙁. It has also happened to me on a computer. If you compile the code on your computer yourself, everything is fine. The problem arises because the app is built through a GitHub pipeline and is not signed. We need an expensive EV code signing certificate. That would make the installer and the app trustworthy. As long as there are no supporters, we unfortunately have to deal with it. I hope that some company will donate around 1000 dollars per year, so we can get that certificate.

As long as we do not have a certificate, we need to define an exception in the virus scanner. On a personal computer, this is not a problem. It becomes more difficult in a company where the virus scanners are centrally managed by an IT department. However, often you can also apply for an exception in such situations.

As an interim solution, I have published the results of various virus scanners on the release page to gain trust. The app is checked by 74 virus scanners with each release. The assumption is: If something were really wrong, many of the 74 scanners would have to raise an alarm. Currently, however, only 2 out of 74 scanners say that something is wrong. And they are little-known scanners Bkav Pro and DeepInstinct. All other scanners find no issues. To find this report, search for MindWork AI Studio_x64-setup.exe on the release page for the Windows installer. The link then leads to the scan report.

In theory, there is another solution that I would like to briefly explain: We could publish AI Studio in the Microsoft and Apple App Store. This way we would get the certificate for free (or 99 dollars for Apple). Then we can extract the certificate and also use it for the GitHub releases. At the moment, however, it seems like too much effort to configure all this. Because: the app would have to be uploaded from GitHub to the App Store automatically with each release. This is all possible, but it is a lot of initial effort.

MrBenzWorld commented 3 months ago

@SommerEngineering Thank you for detailed response.

I have installed similar non-licensed LLM UI apps before and received warnings from Kaspersky. However, I was able to allow them and use the apps without issues.

In the case of your AI-Studio app, it is automatically deleting files, including the downloaded .exe file. This seems to be more than just a licensing problem; there may be some bugs involved. I'm not certain about the exact issue, but I received a high threat alert for your app from the entire list of apps provided below.

image

Please look into this matter and resolve the problem.

sais-github commented 3 months ago

As an interim solution, I have published the results of various virus scanners on the release page to gain trust. The app is checked by 74 virus scanners with each release. The assumption is: If something were really wrong, many of the 74 scanners would have to raise an alarm. Currently, however, only 2 out of 74 scanners say that something is wrong. And they are little-known scanners Bkav Pro and DeepInstinct. All other scanners find no issues. To find this report, search for MindWork AI Studio_x64-setup.exe on the release page for the Windows installer. The link then leads to the scan report.

Both Bkav & Deep Instinct use AI to "detect" malware and end up flagging more false positives than they do actual malware.

This explains in detail why heuristic analysis tools are being set off incase it helps you work this out:
https://tria.ge/240801-f12ecaybkb/behavioral1 You can see here too that everything it is flagging as "malicious" is due to it touching webview. https://www.hybrid-analysis.com/sample/f655576465177916f3f010f439dbfd092ae31c0bbe851e6fa83b8bdb6716f16d/66ab1c8f397ac24042098021

Kaspersky uses heuristic analysis on device which is probabaly what is falsely flagging it as malware (like the above links). You can see that in the behaviour tab of VirusTotal none of the sandboxes that have actually ran the file flag it as malicious

I'm not versed in how exes' work exactly but there may be a less "suspicous" way of interacting with webview?

SommerEngineering commented 3 months ago

Currently, I see no way to solve the issue in the short term. Let's look at the details of the malicious indicators (thanks @sais-github for the link):

Some of these issues might improve with future updates of the Tauri framework. For example, if Tauri allows a different form of inter-process communication or by preventing standard browser queries, etc. However, we can't change anything in the short term, at least I would not know how.

The problem is known in the Tauri world and is being observed there.

mtomas7 commented 1 month ago

Today I also got a warning for the new version: https://www.virustotal.com/gui/file/70e9c112be239e7344617702af912723105e5a3cf852bfe22ffa6f9f6d96af15/detection

MrBenzWorld commented 3 weeks ago

@SommerEngineering

Now, please fix this virus issue. It is preventing to use your app.