search

steveseguin / social_stream

Consolidate your live social messaging streams and much more
http://socialstream.ninja/
GNU General Public License v3.0
597 stars 88 forks source link

Windows Security is detecting a trojan in the standalone version 0.1.19 #194

Open henny-0 opened 6 months ago

henny-0 commented 6 months ago

When downloading the portable or install zip for the standalone version, Windows Security flags the downloaded file as containing a trojan. It detects a Trojan:Script/Wacatac.B!ml. Not sure what is causing this.

It is worth noting that 0.1.18 is not being detected as having a trojan, or any other malware.

steveseguin commented 6 months ago

tl;dr; Thank you for reporting the issue. While this warning is pretty normal, and likely a false positive, it's better to be safe than sorry if unsure. If the issue continues still in a few days, I'll re-build the file and upload a new version.

longer explaination:

The "ml" in Trojan:Script/Wacatac.B!ml I believe stands for machine learning.

It implies the Windows Defender AI bot suspects there might be a trojan, but it often creates false positives, as it doesn't really know. Social stream does read chat data and transmits it to the dock page, etc,, and the app is not signed by Microsoft, so a false positive is a reasonable result.

https://www.reddit.com/r/antivirus/comments/p2o2yj/trojanwin32wacatacbml/

Since a release of a new version of SocialStream initially isn't widely downloaded, it's fairly new and unique, so anti virus software is extra sensitive to it. Normally after a little while it will be marked as okay, and that warning will go away.

For your peace and mind, you can upload the file you downloaded, or download link, to virustotal.com, which will scan it using many virus scanners. I've included the results I got from the test below:

installer: https://www.virustotal.com/gui/file-analysis/NTY5M2M0OTZlZTY1ZWRjMWY4YmYxYzk3NTkyYjA4ZGY6MTcwOTkyNjY2Nw== portable: https://www.virustotal.com/gui/file-analysis/NzJkYmQ2YTk2YTIwZWIwYmM1MjdjYTJjODQxZTAyOTM6MTcwOTkyNjc4MA==

With every other release of the app it seems, there is a false positive, so it's pretty common: Some examples from other users below: https://discord.com/channels/698324796546482177/1202335725735903253/1203140831192682526 https://discord.com/channels/698324796546482177/698324797490331720/1128529208293982228 https://discord.com/channels/698324796546482177/1172503487838441513/1172606888546934904

I will not tell you to ignore the warnings, but instead suggest you try the other portable or installer version, as sometimes it only is detected on one version and not the other. If the issue persists still, instead of accepting any risks, test with Virustotal yourself, judge if you think its safe, and if not, wait a week and try again.

At some point I hope to get the app releases signed by Microsoft, so have it pre-approved and certified, but until then I appreciate you being careful and also understanding. You should take the virus warnings from Microsoft seriously, for your safety, as despite the software being written by me, there's always the slim chance a dependency I am using in the software has been exploited without my knowledge.

Kindly, steve