Malware false positive report

[wapcrazut]

Hi, first things first thanks for the excellent tool.

I scanned both the installable and portable versions, which were detected by at least one vendor in Virustotal.

• https://www.virustotal.com/gui/file/e5dec707fd3571c495caeeea37b2c37b4a8401ee841ffb7b2bac9db28a779df8/detection
• https://www.virustotal.com/gui/file/fbb86f990e2f20afed56729b71e1af4167a5053295ad3650df02a87b23ce1665/detection

Do we have an idea why? Is it possible to improve the source code or the compiling process not to trigger those false positives?

[Calinou]

Do we have an idea why? Is it possible to improve the source code or the compiling process not to trigger those false positives?

Nothing can be done about it, other than reporting it as a false positive to Microsoft and/or various AV vendors.

Alternatively, @azagaya could release Laigter on Steam and have people download it from Steam, so that the codesigning requirement is bypassed. This is far cheaper than buying an EV codesigning certificate (one-time $100 fee instead of $500+ per year).

[azagaya]

I should probably make it available through steam too yeah.

[wapcrazut]

...release Laigter on Steam and have people download it from Steam, so that the codesigning requirement is bypassed. This is far cheaper than buying an EV codesigning certificate (one-time $100 fee instead of $500+ per year).

That's an interesting idea, if project donations are opened, contributors could help to pay the Steam fee.

[azagaya]

I usually receive voluntary tips through itch, as the price is set to "Pay what you want". I guess i should make something more specific and clear for this, like "rising 100u$d to put it on steam" as a goal. Ill try to do so in a couple weeks, because right now I'm a bit short of time.

[Calinou]

Note that the Steam fee is refunded if you sell for $1,500 worth of copies on Steam. You'd need to make Laigter paid there though.

[azagaya]

I guess i could do as Krita, and put a paid version of the binaries in the store. In that case I would put the 100u$d out of my pocket, and the users would have the benefit of easy updates. But im not sure if Laigter users would be ok with that tbh.

[wapcrazut]

But im not sure if Laigter users would be ok with that tbh.

It depends if you have time to maintain both versions of the software. Users with paid versions should at least have priority support of some sort. IMO, I like better the rise money because is a simpler option but of course, that's your decision.