search

zen-browser / desktop

🌀 Experience tranquillity while browsing the web without people tracking you!
https://zen-browser.app
Mozilla Public License 2.0
16.32k stars 386 forks source link

Windows found zen like a virus #718

Closed peemiranda closed 2 months ago

peemiranda commented 2 months ago

What happened?

Windows reporting trojan when installed zen

Reproducible?

Version

1.0.0

Severity impact

Critical

What platform are you seeing the problem on?

Windows

Relevant log output

Windows reporting trojan when installed zen
AceiusIO commented 2 months ago

I assume this is because Zen's binaries aren't signed yet, not because of a critical security vulnerability

geekyBoogiepop commented 2 months ago

Here's additional info from Windows Defender: image

wisplite commented 2 months ago

Yeah, I've been using Zen for about a month and this just started happening. The zen.exe file is completely gone from my computer and trying to launch from the shortcut results in a potential virus error.

Something happened in the latest update, I'm not sure what happened. For now I'm switching back to Firefox because I can't afford to have a browser die on me randomly like this. Even cleanly reinstalling it doesn't work.

wisplite commented 2 months ago

Adding on to this, the zen.exe file is missing because Windows Defender saved me and deleted it. I don't know how much I trust this browser anymore if they're sneaking trojans into browser updates. There's no reason Wacatac should be getting flagged if it isn't actually there in the binary.

sneexy-boi commented 2 months ago

this is most likely a false positive, windows security is pretty sensitive and detects a good chunk of things as malicious, including some really basic stuff. agreeing with AceiusIO, most likely due to the binaries not being signed

MG-LSJ commented 2 months ago

Defender just removed the exe while I was using Zen. The app crashed then the zen exe was deleted. Now can't install it as defender does this again. Added zen's folder to defender exclusions

extropyst commented 2 months ago

It seems to me that it is a false positive that Windows Defender raises due to the lack of a digital signature. The problem occurs only in the installer of the "optimized" version of the latest version released, therefore the alternatives to solve it are: Use the "generic" installer, or the "optimized" one of the previous version and update from there.

Creaous commented 2 months ago

As someone who has worked on programming Windows apps before, I've had mine get detected as viruses for the most basic things like creating and opening files. This has a 99% chance of being a false positive due to the lack of digital signature.

extropyst commented 2 months ago

That's right, here is more context about it:

https://superuser.com/questions/1829864/trojanwin32-wacatac-bml-found-in-c-extend-deleted

https://cdromance.org/guides/virus-detected-trojanscript-wacatac-bml/

https://www.reddit.com/r/antivirus/comments/14bhb6u/trojanwin32wacatacbml_trojanscriptwacatacbml/?tl=es

https://www.b4x.com/android/forum/threads/b4a-false-windows-defender-alerts-trojan-script-wacatac-b-ml-in-c-users-username-appdata-local-temp-tmp7460-tmp.159302/

mayemu commented 2 months ago

Windows just deleted zen off my computer when trying to update as it recognized it as a trojan ApplicationFrameHost_NF4cj3EROY ApplicationFrameHost_u9Em16Q54w

extropyst commented 2 months ago

Try the generic version:

https://github.com/zen-browser/desktop/releases/download/1.0.0-a.29/zen.installer-generic.exe

extropyst commented 2 months ago

This should be the measure to take as users:

https://learn.microsoft.com/en-us/defender-xdr/m365d-autoir-report-false-positives-negatives

Cassers commented 2 months ago

Virus Total also detects the application as a virus, which doesn't really give much confidence.

Zip: image

Installer: image

Generic Installer (link of extropyst): image

Generic zip: image

shaeriz commented 2 months ago

I had the exact same problem and even Virustotal is flagging the zen.exe file, I'm pretty concerned about it now, despite that I was having a great time with Zen. image

extropyst commented 2 months ago

Check this information: https://virustotal.readme.io/docs/false-positive

and also try to scan the file elsewhere with more robust virus engines.

I just scanned the file at https://opentip.kaspersky.com/ and it didn't throw up any alerts, I did it at https://internxt.com/virus-scanner and it didn't either:

image

m-born commented 2 months ago

Comodo Internet Security also has it as a Trojan:

Screenshot 2024-08-26 094042

m-born commented 2 months ago

zen-browser.app is done (due to lack of payment?)

Screenshot 2024-08-26 101335

geekyBoogiepop commented 2 months ago

It's working fine here: image

mauro-balades commented 2 months ago

this is most likely a false positive, windows security is pretty sensitive and detects a good chunk of things as malicious, including some really basic stuff. agreeing with AceiusIO, most likely due to the binaries not being signed

wisplite commented 2 months ago

I would like to add that using a previous installer and updating doesn't help. The act of updating is what caused this for me. It seems to be only the latest update, but there's no way to downgrade and stay downgraded (it annoyingly forces you to update when you start the browser).

For now, I'm still using Firefox until this is resolved. As a principle, I never add a bypass to Windows Defender. It's just too risky to do that. Once Windows Defender stops quarantining it and the browser seems generally safe, I'll download it again. I just can't trust it right now, even if it is probably just a false positive.

alvanrahimli commented 2 months ago

most likely due to the binaries not being signed

Why do zen doesn't have it? Is it a financial issue, or there are other constraints as well? @mauro-balades

mauro-balades commented 2 months ago

I dont know where im supposed to get the signature from, if someone could guide me in the right direction would be great

amenbr1 commented 2 months ago

@mauro-balades some places to look: Certum has dedicated options for open source projects. They offer both cloud and self hosting: (This is the international version of the website. Some of the translations may be a little off.) https://shop.certum.eu/code-signing.html Original Polish site is https://www.certum.pl/pl/

Microsoft has recently launched their Trusted Signing service through Azure (though I believe it is still in preview): https://learn.microsoft.com/en-us/azure/trusted-signing/quickstart https://azure.microsoft.com/en-us/pricing/details/trusted-signing/

itstamimi commented 2 months ago

It works fine on windows 10 with latest updates and AV too.

j-stach commented 2 months ago

Make sure you are downloading it from www.zen-browser.app, not www.zen-browser.com, they are different projects. Some search engines prioritize the latter when you search for "zen browser"

geekyBoogiepop commented 1 month ago

I dont know where im supposed to get the signature from, if someone could guide me in the right direction would be great

Take a look here: https://signpath.org/

ralcaidev commented 1 month ago

For now, I'm still using Firefox until this is resolved. As a principle, I never add a bypass to Windows Defender. It's just too risky to do that. Once Windows Defender stops quarantining it and the browser seems generally safe, I'll download it again. I just can't trust it right now, even if it is probably just a false positive.

Same here. This plus the CDNs doesn't give me any confidence.

No news on this?

mauro-balades commented 1 month ago

Please, let's continue here https://github.com/zen-browser/desktop/issues/37, im losing track of the issues about this topic now