win32ss / supermium

Chromium fork for Windows XP/2003 and up
https://win32subsystem.live/supermium/
BSD 3-Clause "New" or "Revised" License
2.49k stars 86 forks source link

Supermium 124 32 bit setup not downloading due to dangerous file #748

Open imthehappy opened 4 months ago

imthehappy commented 4 months ago

When i'm about to update my browser by updating supermium 122 to 124, There is problem that i want it to be fixed Heres the proof: image I hope you can fix this ._.

Zero3K commented 4 months ago

It's not a bug. Please disable Safe Browsing via chrome://settings/security in order to be able to download it.

win32ss commented 4 months ago

chrome://flags #disable-download-upload should also work.

But the ultimate fix would be for me to buy a signing certificate for the Supermium installers.

leftdisconnected commented 4 months ago

Just want to note that the 64-bit installer is not causing nearly so much AV reaction as the 32-bit. At the time of this posting VirusTotal shows 22/69 detections, including Google (thus Safe Browsing), on the 32-bit installer and many think it's Fragtor. The 64-bit installer is only 2/67.

I understand some of the difficulties here and that a signing cert would improve the situation, but I know a developer with a signing cert and longstanding reputation who still has issues with new releases. In his case, Defender often throws the "unsafe" popup that tries to block installation until some algorithm somewhere has had time to settle down. The signing cert is not a panacea and it's also a sort of protection racket to hassle those without them ;).

imthehappy commented 4 months ago

It's not a bug. Please disable Safe Browsing via chrome://settings/security in order to be able to download it.

Ok thanks for telling me

imthehappy commented 4 months ago

It's not a bug. Please disable Safe Browsing via chrome://settings/security in order to be able to download it.

But my password and everything will be hacked, so is this necessary to do that?

jonm58 commented 4 months ago

Use modern Windows versions to getting no risk (Supermium stuff is malware)

Nese Spy OS moment

imthehappy commented 4 months ago

It's not a bug. Please disable Safe Browsing via chrome://settings/security in order to be able to download it.

But my password and everything will be hacked, so is this necessary to do that?

Use modern Windows versions to getting no risk (Supermium stuff is malware) Ok but my pc is 2gb ram

leftdisconnected commented 4 months ago

But my password and everything will be hacked, so is this necessary to do that?

Your password is unlikely to be hacked with Safe Browsing disabled. Safe Browsing just checks sites and downloads against a database maintained by Google; it does not remove viruses or hackers from your machine and it cannot protect you from irresponsible behavior. Safe Browsing has nothing to do with passwords except that malware that does get on your machine will then have access to everything that you see or type.

However, I do not recommend disabling Safe Browsing permanently. Just temporarily disable Safe Browsing in Chrome, download Supermium, and then re-enable Safe Browsing. Be aware, however, that Microsoft Defender might still block you when you try to install the program on modern Windows; legacy versions of Windows won't care.


If you don't trust win32ss or Supermium, then don't download and install the software. No one will blame you for that as it's the right thing to do when major anti-malware systems are raising alarms. Use another browser instead and come back in other few months to see if Supermium is still causing such warnings.

You should not bypass Safe Browsing or other safety checks unless you accept the risk to your machine and possibly your entire network of devices. If you have doubts at all, then don't download the file.

In fact, developers should not encourage users to bypass Safe Browsing. They are free to explain the problem with false positives in A/V detectors and to claim that their software is open source and safe. They should even encourage users to compile the software for themselves, but telling users to disable Safe Browsing or other protection features is what malware distributors often do.

Just tell worried users that it's a false positive and that they should not download or execute software that they don't trust.


Some are saying that Supermium is "spy moment" and though I don't understand exactly what that means they appear to be claiming that Supermium contains spyware.

I cannot know for certain, but the 64-bit installer checks out and Google says it's safe, so why would the developer just put malware/spyware into the 32-bit installer? Does that make sense? I guess that could be a clever trick, but it seems unlikely as this is not (yet) a project with millions of potential users to victimize. I cannot tell how many downloads are occurring, but a browser designed to run on legacy Windows will appeal mostly to geeks, not to millions of users.

I won't run a program that has 20+ VirusTotal detections as the 32-bit installer presently does, but ultimately we are all trusting the developers if we wish to use or support their projects. As this is an open source project, you could compile the software on your own system if you know how to do so and this would ensure that only the code you see here on Github is actually included in the program.

That doesn't guarantee that every line of code is safe or bug-free, but that's a whole other bag of worms ;).

win32ss commented 4 months ago

I think the difference between the 32 bit and 64 bit packages is that the binary "patterns" in each might be treated differently by the AV engines' heuristics. And indeed I do have one binary that does behave "suspiciously", progwrp, but ultimately I based the progwrp approach on MS' unicows approach which uses its own function implementations where the original is unavailable, to accommodate Windows 9x users who don't have Unicode functions available in the main system libraries.

Except that unicows never used GetProcAddress and instead uses its own equivalent, which doesn't support forwarded exports because Windows 9x doesn't either. This caused a lot of problems for me when experimenting with forwarded exports, because it turned out that the Visual Studio 2010 setup.exe statically linked unicows, even though Visual Studio stopped running on Windows 9x with version 7.0 (2002).

leftdisconnected commented 4 months ago

As a follow-up, VirusTotal detections have increased to 32/68 engines over the past few days and on the 24th Windows Defender decided to quarantine the 32-bit installer that I downloaded on the 18th. Defender's definitions have apparently grown more suspicious of this file.

Brands like Google, Microsoft, BitDefender, AVG, Avast, Symantec, and McAfee are now detecting the v124 32-bit installer as malware :(. Sorry for the headaches that this might cause, but more users may start complaining.

I know a developer that still codes in MASM for both DOS and Win32. He has code-signing and an established reputation as a publisher, yet A/V still went haywire on a particular release earlier this year. He wound up removing or rewriting code that he suspected could be the cause. This apparently worked as the following release "calmed down" to 0 VT detections within a couple of days and Defender stopped intervening on user machines, but like you he simply had to figure out what the detectors "didn't like" and try to make them happier.

WernerHermann68 commented 4 months ago

I have unpacked both Version with 7-Zip.

32 bit Windows version 124.0.6367.245: VirusTotal does not like -- supermium_124_32_setup.exe -- setup.exe -- uninstall.exe

++ chrome.exe is nearly fine ...except "Bitdefender Theta"
++ chrome_proxy.exe is nearly fine ...except "Bitdefender Theta"

"Does not like" in this context means .... a lot "major" AV-Engines does not like it.


64 bit Windows version 124.0.6367.245: VirusTotal show no major problem ... just very few warning from "minor" Players like BAKV ( ...sorry no offence :D )

++ supermium_124_64_setup.exe ++ setup.exe ++ uninstall.exe ++ chrome.exe is nearly fine
++ chrome_proxy.exe is nearly fine

i would assume that guys on github are grown-up people. so make a decisions for your own if you want to use the 32-bit version on a system with limited AV support ( Win7 32 bit ? ).

If you unpack the installer file with 7-zip and avoid touching setup.exe and uninstall.exe ( and copy the needed files for yourself ...) you should be fine. If you are not able to make a reasonable decisions you should not use as OS that is EOL and has no security fixed or a good av product.

EgorKuzevanov commented 4 months ago

win32ss, maybe creating Supermium browser installers using Inno Setup v5.6.1 (last version of Inno Setup compatible with Windows 2000, Windows XP and Windows Server 2003, released in 2018) will help get rid of Microsoft Defender and Google Safe Browsing false positives?

InfoLibre commented 3 months ago

https://www.virustotal.com/gui/file/b8d7418ef90d5b857eaf4abb388457e177c3c1f3f25e49df6aaab14d1432ab52

leftdisconnected commented 3 months ago

At the time of this post, the R2 32-bit release reports the same VirusTotal results as R2 64-bit and I've not yet seen evidence of the escalating reaction that occurred with the prior release.

Unless others are having difficulties, I recommend that this issue be closed.

InfoLibre commented 3 months ago

A good security practice should be to download the code, verify it in details, compile it and test the result in Virustotal. Not to only say there's no virus and close tickets. image

leftdisconnected commented 3 months ago

A good security practice should be to download the code, verify it in details, compile it and test the result in Virustotal. Not to only say there's no virus and close tickets.

A fair point. I apologize, but I did qualify the advice with "unless others are having difficulties" and am glad that you've joined in as I had waited a number of days before making this suggestion.

This thread was about the published builds, but I understand that self-compiling is an appropriate test for public code. The question then becomes how the compile is done and whether it's different than the published release; something I'm not qualified to investigate properly.

My advice satisfied the complaint in the original post, so my suggestion was not out of place. However, MS Defender on my machine changed its mind on 2024-08-24 and decided to quarantine the 32-bit 124-R2 installer as it previously did R1, so escalation may indeed be taking place; I should have waited longer.

Reanalysis of the public build in VirusTotal did not show a Microsoft detection at the time of this post, but the count did increase from 4 engines to 5.

I was just trying to clean up an issue as they tend to pile up on many projects, but I won't again recommend closing this issue as I'm not qualified to do so. Sorry.