rcmaehl / MSEdgeRedirect

A Tool to Redirect News, Search, Widgets, Weather and More to Your Default Browser
https://MSEdgeRedirect.com
GNU Lesser General Public License v3.0
4.23k stars 93 forks source link

Releases page flagged as Unwanted Software by Google Safe Browsing #160

Closed makuhlmann closed 1 year ago

makuhlmann commented 2 years ago

Describe the request The releases page of this repo has been flagged as malicious by Google, resulting in a big red warning in Chrome and Firefox (possibly other browsers too). As a result downloads are blocked as well and need to be allowed manually.

Screenshots Unbenannt

Desktop (please complete the following information):

Additional context Related: https://geekflare.com/tools/tests/3o910hetl https://twitter.com/christitustech/status/1553445177221586947

SpaghettDev commented 2 years ago

Can confirm. I had to update and this error popped up, after clicking "ignore the risk", and downloading the exe, Firefox flagged it (the exe) as harmful and may contain viruses or whatever.

rcmaehl commented 2 years ago

I go on vacation for 4 days and apparently this is what I come back to. Whoo.

rcmaehl commented 2 years ago

https://github.com/rcmaehl/MSEdgeRedirect/releases is blocked https://github.com/rcmaehl/MSEdgeRedirect/releases/ is not

I honestly don't know what to make of this

@ChrisTitusTech I've already replied to twitter but sorry that you got caught in the crossfire.

rcmaehl commented 2 years ago

Looks like @isaak654 and Sandboxie-Plus had the same issue a while ago. I'm going to review the install/uninstall process to see if that can improve things.

ChrisTitusTech commented 2 years ago

I was able to bombard youtube via Twitter, and the strike was reversed. Still a bit a bummer for an awesome project. It's not the creators fault, just googles algo go wonky.

rcmaehl commented 2 years ago

TODO:

rcmaehl commented 2 years ago

Actions taken so far:

Continuation:

gnpaone commented 2 years ago

I think it may be probably due to this issue plaguing GitHub recently https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/

rcmaehl commented 2 years ago

@micwoj92 Any way to have a new release remove assets from old releases during github actions CI?

micwoj92 commented 2 years ago

No idea. I have quickly looked and there are couple "delete assets" actions on github marketplace with various degrees of feature richness and configurability.

rcmaehl commented 2 years ago

No idea. I have quickly looked and there are couple "delete assets" actions on github marketplace with various degrees of feature richness and configurability.

Yeah, saw those. Just wanted your opinion since a lot of them don't show a lot of usage.

t0rzz commented 2 years ago

Same problem with Firefox, both when opening page and when opening the .exe file.

justadudeongithub commented 2 years ago

Reported a false positive and thank you. This so works. I can finally use search.

AgainPsychoX commented 2 years ago

Can we get new release soon? The old file is still flagged, making it unable to install on business hardware :C

rcmaehl commented 2 years ago

Can we get new release soon? The old file is still flagged, making it unable to install on business hardware :C

Yep. Will be prioritizing getting a new Webdriver based mode added this weekend and hopefully have 0.7.1.0/0.8.0.0 out.

farcepest commented 2 years ago

Webroot also reports this as a threat.

rcmaehl commented 2 years ago

Webroot also reports this as a threat.

Submitted a support ticket

AveYo commented 2 years ago

It's like security and AVs are going backwards, to the 90's whitelist by hand trash. Ain't a low number of FPs equally important to detection rates?! Cause I can block everything myself without their cloud, AI, heuristics, ATP and dozens more buzzwords

Yesterday Defender started FP my scripts. FFS! I went powershell-less once, now vbs-less. Relevant part is now just cmd. And flashing window 👎 Frankly, it's unacceptable. "Smart Screen", "Safe Browsing" are nothing but corporate bully tools. Good luck to you!

rcmaehl commented 2 years ago

Frankly, it's unacceptable. "Smart Screen", "Safe Browsing" are nothing but corporate bully tools. Good luck to you!

Yep, you as well!

AgainPsychoX commented 2 years ago

I just now realized... Isn't that Microsoft being just rude and spam-reporting the software?

rcmaehl commented 2 years ago

I just now realized... Isn't that Microsoft being just rude and spam-reporting the software?

No clue honestly. It definitely FEELS that way as only a specific URL is blacklisted despite being accessible multiple ways.

https://github.com/rcmaehl/MSEdgeRedirect/releases is blocked https://github.com/rcmaehl/MSEdgeRedirect/releases/ is not

Despite being the EXACT SAME PAGE.

But I'll hold onto Hanlon's razor for now.

AgainPsychoX commented 2 years ago

Have anyone check website code by the way? Microsoft owns GitHub now, I wonder would they add something malicious in the background to have the page flagged again and again.

And no telling me they wouldn't do that for sure, when they are not playing nice in the first place with forcing Bing and Edge.

Masamune3210 commented 2 years ago

They arent, if they were it would be in all release pages due to how the site is set up, not one individual one. Besides, Microsoft doesn't have that much ill will towards stuff like this outside of frustrating its efforts. Think about it, if they truly cared that much, they could just blacklist the executable from running in Windows, they don't have to try to sow malice

I just now realized... Isn't that Microsoft being just rude and spam-reporting the software?

No clue honestly. It definitely FEELS that way as only a specific URL is blacklisted despite being accessible multiple ways.

rcmaehl/MSEdgeRedirect/releases is blocked rcmaehl/MSEdgeRedirect/releases is not

Despite being the EXACT SAME PAGE.

But I'll hold onto Hanlon's razor for now.

Neither of these trigger the warning for me, but I'm not sure if that's a setting I have changed somewhere and forgot or if the warning is only triggering for certain people

ElitePheonix009 commented 2 years ago

Neither of these trigger the warning for me, but I'm not sure if that's a setting I have changed somewhere and forgot or if the warning is only triggering for certain people.

Its triggering for me also. So, these reasons might not be triggering the warning on your device -

1) You might be using mobile phone. On mobile phone it does not trigger the warning. 2) You might have changed a setting. 3) You might not be updated to the latest version.

demortes commented 2 years ago

New EXE is blocked by chrome, no way to override?

rcmaehl commented 2 years ago

New EXE is blocked by chrome, no way to override?

Are you clicking "view all downloads"?

ElitePheonix009 commented 2 years ago

Reported false positive from my mobile. Will be reporting a false positive from my computer also.

farcepest commented 2 years ago

Seems unblocked now, YMMV

rcmaehl commented 2 years ago

image

WHOO!

ElitePheonix009 commented 2 years ago

Can confirm that it is no longer triggering a warning. Whoo!

trlkly commented 2 years ago

I'm hitting this again with the latest version, and adding the slash to the end of the URL doesn't help. Both the .EXE and .ZIP are blocked. The .ZIP wasn't blocked before.

(Though I do get a keep option on the .EXE).

While it wouldn't fix the problem for new users, perhaps you could consider having the program actually download updates itself?

Eden7600 commented 2 years ago

This issue is popping back up again with the latest version.

ElitePheonix2009 commented 2 years ago

It's popping back up again when downloading the .exe file and the .zip file.

rcmaehl commented 2 years ago

Looks like they flagged the entire repo this time... Woooo

t0rzz commented 2 years ago

Someone asks Mozilla why they flagged the exe file as potentially unsafe. They must provide an answer. This is unacceptable.

rcmaehl commented 2 years ago

Someone asks Mozilla why they flagged the exe file as potentially unsafe. They must provide an answer. This is unacceptable.

Mozilla uses Google's safe browsing list unfortunately.

Masamune3210 commented 2 years ago

Someone asks Mozilla why they flagged the exe file as potentially unsafe. They must provide an answer. This is unacceptable.

Unfortunately, they neither have to, nor do they usually, provide a reason. They are a private company. Also, usually, they DONT KNOW why its been tagged as malicious. Heuristics are usually black boxes rather intentionally to keep actual malware manufacturers from knowing what to do to avoid detection

Sensu0 commented 2 years ago

I wouldn't be surprised if someone else suggested this in the past;

I think the best way to ultimately resolve this issue is by the developer providing a signature which could then be bundled with the installer.

After all, a lot of viruses out there is being released without a known publisher, but if it's a signed piece of software, then that would most likely help with making this software trusted by big tech. Unless of course, Microsoft is actively paying to have this software flagged as a PUP. Or they would try using the "Embrace, Extend, Extinguish" tactic. Then again, Microsoft owns Github...

Masamune3210 commented 2 years ago

Code Signing Certs arent cheap, and even that isn't guaranteed to fix the issue. Google just shouldn't label something as malicious without a due process that actually works to remove that label should it be (and it often is) incorrect, and the rest of the industry shouldn't allow them to get away with having as much control as they do

MoiraPrime commented 2 years ago

Someone I know had connections to google and was able to get this escalated and fixed.

Masamune3210 commented 2 years ago

We shall see how long it lasts this time, I prophesize not long

rcmaehl commented 2 years ago

Someone I know had connections to google and was able to get this escalated and fixed.

Yep. It's showing as resolved. Well damn. Big thank you!

androidacy-user commented 1 year ago

Page is no longer blocked; however the downloads still are and smartscreen blocks the executable, fyi

rcmaehl commented 1 year ago

Page is no longer blocked; however the downloads still are and smartscreen blocks the executable, fyi

Interesting...

BlackSparowYT commented 1 year ago

Had no more issues when downloading, went through smoothly. No blocked page, no smartscreen and not even a warning when downloading (maybe my settings but idk)

Glinte commented 1 year ago

Maybe remove the "help us get off google's blacklist" option in installation since this is resolved?

rcmaehl commented 1 year ago

Maybe remove the "help us get off google's blacklist" option in installation since this is resolved?

Possibly

sguergachi commented 8 months ago

Chrome download blocks it with standard security enabled :/ image

Masamune3210 commented 8 months ago

Chrome also blocks downloads from the official psn servers, its not very smart lol. Honestly, probably not much that can be done about it, as even if they are convinced to remove it, it will just creep back in at some point either way

vonDubenshire commented 7 months ago

Chrome download blocks it with standard security enabled :/ image

This is actually normal behavior for a .EXE file. If you go to some scam site they'll initiate a download of an exe that poor Grandma will install without thinking.

It's the flag on the web that sucks