Ransomware & Windows Defender

[regis586]

Hi, Today, I've got the same thing than the closed issue -> https://github.com/lenmus/lenmus/issues/111

And the CRC-SHA is right (Nom: lenmus-5.6.0-x64-setup.exe Taille: 136719812 octets (130 MiB) SHA256: 53CF9A2BCEED45424CA9171DD1F66C2B405200A0AB859304FE7F787705F34520)

[cecilios]

Thanks for reporting but it is a false positive. Anyway, try checking the binaries with an online antivirus service that uses several antivirus, such as Virus Total (https://www.virustotal.com) or the Jotti malware scanner (https: //virusscan.jotti. org) that quickly check a file against more than 50 virus and malware detectors.

This false positive seems to be caused because both the installer and the uninstaller are created with NSIS software. It is due to the way NSIS works, that Microsoft does't like: http://stackoverflow.com/questions/48833995/ddg#48835095

It seems to be a frequent problem when using NSIS, but it hasn't happened to LenMus until now: https://nsis.sourceforge.io/NSIS_False_Positives

I have reported the problem to Microsoft and they just answered this:

But I cannot send them more information as I do not use Windows.

This issue of the false positive is a problem for LenMus but I cannot fight against Microsoft. A new Microsoft strategy against free software?

[regis586]

Thanks for your return,

It would be highly unlikely for MS, to have such thoughts…

😊

Sent from Mail for Windows 10

From: Cecilio Salmeron Sent: lundi 6 juillet 2020 15:30 To: lenmus/lenmus Cc: regis586; Author Subject: Re: [lenmus/lenmus] Ransomware & Windows Defender (#123)

Thanks for reporting but it is a false positive. Anyway, try checking the binaries with an online antivirus service that uses several antivirus, such as Virus Total (https://www.virustotal.com) or the Jotti malware scanner (https: //virusscan.jotti. org) that quickly check a file against more than 50 virus and malware detectors. This false positive seems to be caused because both the installer and the uninstaller are created with NSIS software. It is due to the way NSIS works, that Microsoft does't like: http://stackoverflow.com/questions/48833995/ddg#48835095 It seems to be a frequent problem when using NSIS, but it hasn't happened to LenMus until now: https://nsis.sourceforge.io/NSIS_False_Positives I have reported the problem to Microsoft and they just answered this:

But I cannot send them more information as I do not use Windows. This issue of the false positive is a problem for LenMus but I cannot fight against Microsoft. A new Microsoft strategy against free software? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[aubreyz]

Since I think the software works perfectly as a portable application, it is probably best to get rid of the installer altogether, and just zip it up (or have a simple self extracting exe).

[cecilios]

Yes, it can be used as a portable application as installation could be reduced to copying a tree of folders. Apart from the .exe file it is necessary to install some folders with resources (icons, eBooks, translations, ...).

But apart from these files, users expect to find the program in the start menu or, alternatively, to have a shortcut on the screen.

I stopped using Windows more than ten years ago. Current installer dates from then. But I don't know how to do what you suggest. Can a self-extracting zip file install a tree of folders with its content? In that case this could be a solution for installing the program. But, how to add the program to the start menu or, alternatively, create a shortcut on the screen?

[aubreyz]

Yes a zip can unpack to a folder structure. I have no experience of windows installers, but it may be worth trying others. It is possible that the one you chose does have some suspicious behavior that could potentially deliver malware.