Latest download link not working

[buddymilo]

Hi there, Recently tried to download the latest version for the x64 version of Arma. The download wouldn't go through as chrome detected a virus. Just thought id give you the heads up as i don't know if i'm the only one who is experiencing this.

[notheotherben]

Hi, that sounds really odd - is it actually warning you that there's a virus or is it simply saying that "this file is not regularly downloaded and may be a virus"?

For your peace of mind, feel free to use VirusTotal to scan the installer.

EDIT: It seems that VirusTotal is picking up something, I'm gonna try and re-upload the file to see if that fixes the issue as well as look into whether older versions have the same thing. What can sometimes happen is that viruses use the same code to access Win32 APIs and get flagged based on that (we're using it to send keypresses to ArmA's window) but I'll let you know what I find.

[notheotherben]

Okay, it looks like it's being detected by VirusTotal (a number of antiviruses) as a "generic trojan" based on some heuristic rules. Heuristics are used by virus scanners to look for behavioural markers which are commonly found in viruses and malware to enable them to detect things before they have a definition for them. Unfortunately, it looks like they're flagging Articulate as being a virus based on some of these.

From what I can see, the causes involve the combination of the following:

1. We're using dwmapi.dll as part of our UI - specifically through MapApps.Metro which is our UI library. In theory, this API could be used to influence the way Windows renders applications on your desktop, so I suppose there could be attack vectors someone would use there.
2. We're using crypto.dll as part of making secure web requests for error logging, but it can also be used to encrypt data to hide it from virus scanners.
3. We're using a number of kernel32.dll and user32.dll API methods to send input to windows and locate a process's main window. This allows us to take a name like arma3.exe and convert it into an address (usually referred to as a handle) which we can then send messages to to emulate pressing keyboard and mouse buttons. This sort of thing can also be used to automate attacks against a person's computer (clicking Yes on a dialog box, for example) so it's often flagged as being potentially an issue by virus scanners.
4. We're using a couple of user32.dll methods to observe global keypresses (for the PTT and Mic On/Off key binds). This approach can also be used to create what is called a keylogger, effectively recording all the keys that someone presses and then sending them off to a malicious 3rd party. We're not doing this, but any good virus scanner will be on the lookout for apps which are able to do so.
5. We're using an IL rewriter (basically it rewrites the compiled code after we've created the executable) to add all the dlls we need into a single EXE. This is just to make it easier to do a manual installation and keeps things a little bit easier to manage if you decide to copy the app somewhere else. The reason this gets flagged is that some viruses will rewrite their IL to try and get around a virus scanner's signatures (effectively changing the contents of their executables without changing the behaviour) - so I can totally understand why they'd be flagging this. More information on what we're doing can be found here: Fody Costura

As always, my first piece of advice is "keep yourself safe online", but as someone you've never met I'm gonna tell you that this is a false positive (for a number of good reasons). If you aren't inclined to trust a faceless person on the internet, then my advice is to look over the code yourself and see if there's anything that gives you a bad feeling. If not, you can go one step further and compile Articulate yourself (instructions here) to make sure I haven't tampered with anything.

The long and the short of it is that we're not doing anything malicious, the source code is all visible here for anybody to read and anybody can compile their own version if they don't trust me to have done so honestly.

Of course, if you've got any questions or concerns, please feel free to ask 😄

[buddymilo]

Thanks for the reply, I managed to get the file downloaded but when trying to run it i get an error "Insufficient system resources exist to complete the requested service". not sure what the problem is as all previous versions seemed to work fine any help would be great. cheers

[notheotherben]

That's very odd, is that when you attempt to run the setup file, or Articulate itself? If it's the setup file then try downloading the zip archive and running Articulate directly using that - there may be an issue that is preventing the Windows install service from operating correctly on your machine. Sorry for the inconvenience.

[buddymilo]

happens when i try running the setup file and the zip file not sure whats up ill have a look into it