vrubleg / soundkeeper

Prevents SPDIF/HDMI digital audio playback devices from sleeping.
https://veg.by/projects/soundkeeper/
MIT License
245 stars 10 forks source link

Concerns about (false) positives on virustotal.com #7

Closed danielmmmm closed 1 year ago

danielmmmm commented 1 year ago

It is awesome that you provide the source code for soundkeeper. Unfortunately, compiling the source is not an easy task for most people 😁

I was wondering if some (crappy) anti-virus engines detect soundkeeper as a trojan because it is running in the background, without a GUI or CLI? Would it help to add a simple tray icon with an exit button?

vrubleg commented 1 year ago

It's just because AV don't like small executables and absense of signature. If they did any behavior analysis, they would see that the program literally doesn't use any APIs that could be harmful (file or network access).

Modern AV software is essentially reputation based. If there is no signature or it's a signature from an individual developer, many of them (including default Microsoft Defender SmartScreen) already will be triggered. There is one 99% working way to avoid this: EV signature from an organization. But I'm not ready to register a business and pay for an EV certificate 300-400€ yearly just to distribute my free software. There are also code signing certificates for individuals for 200-300€ per year that would help in 90% of times (e.g. the SmartScreen needs some time to start to trust such certificate). If somebody would like to donate 600€ for a 3-year code signing certificate, I'm ready to accept it. Otherwise, I don't think that a signature is that important to pay that much for a pet project.

Regarding to binary size. I already added a few KB of unneded code just to please some antiviruses and Google that blocked my website a few years ago because of a false-positive. But I'm not ready to waste even more time to just please all of them by trying to guess what they want (they don't tell what exactly they are triggered at). Probably, adding a lot more of unused code would help, but I'm not ready to sacrifice effectiveness for this =)

As a rule if thumb, if you yourself dont trust a developer, don't ever run their code even when all antiviruses in the world tell you that there is nothing suspicious, because all those detections can be bypassed if a trojan developer is willing to invest their time into it (and they are well motivated to do so).

Regarding to the tray icon, it's in my todo list (with a settings window), but priority of this task is low.

danielmmmm commented 1 year ago

Thank you for your elaborate reply. I really just proposed a tray icon to help with the "anti-virus situation" ... and because it seems like a good thing to have anyways. I am sorry if my comment seemed to be an attack on you work, or negative in any way. The optical output to go "silent" is a well known problem, that manufacturers don't care about. You fixing it for free is very much appreciated 😊 That you decided to go open source is the icing on the cake. Once again, thank you 😊

vrubleg commented 1 year ago

Sorry if I sounded irritated. That is my sore point. I'm really irritated, but not by you. I'm irritated by this whole situation with AV software with a lot of false-positives and pushing all developers towards paying for expensive code signing certificates even for free projects.

Thanks for the feedback =)

vrubleg commented 1 year ago

I actually partially implemented the tray icon some time ago. So maybe the next SoundKeeper release will be with this feature if I finish it =) Currently, I'm focused on another pet project that I'm going to publish next month though.

danielmmmm commented 1 year ago

Your irritation is understandable and warranted. Virustotal and many anti-virus programs do make Windows less insecure. But I am also aware of the fear mongering they do to sell their software and certificates.

(I hope it is ok that I closed this issue. I used it more to contact you than to report an actual issue/bug.)