Chrome flags wesnoth-1.12-win32.exe as malicious

Having trouble with the game? Report issues and get help here. Read this first!

Moderators: Forum Moderators, Developers

Forum rules
Before reporting issues in this section, you must read the following topic:
BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund » November 24th, 2014, 3:57 pm

New user here. Alerted to the Wesnoth update from the post at Rock, Paper, Shotgun: http://www.rockpapershotgun.com/2014/11 ... ng-better/

When I try to download the Windows build from http://sourceforge.net/projects/wesnoth ... e/download, Google Chrome (Version 39.0.2171.62 beta-m (64-bit)) gives me the following message when the download is done:

"wesnoth-1.12-win32.exe is malicious, and Chrome has blocked it."

And sure enough, it deletes the file.

I realize that volunteer compilers, and not the makers of the game, provide Windows downloads. But is this a recurring issue (and therefore one to be ignored), or something new?

Thanks.

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 24th, 2014, 8:44 pm

It's most likely a false positive again. Did it say what virus/trojan it found?
"meh." - zookeeper

BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund » November 24th, 2014, 9:05 pm

loonycyborg wrote:It's most likely a false positive again. Did it say what virus/trojan it found?
No it did not. What I quoted was the entirety of the message. Ordinarily I wouldn't be too concerned, but because the binaries are provided by outside volunteers, I don't know what control (if any) the authors of the game have over the files that are uploaded. So I thought I'd be cautious. (Too bad, because I did enjoy this game in one of its iPad incarnations.)

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 24th, 2014, 9:48 pm

It's made by me personally. Pretty much all who works on wesnoth are volunteers. I'm just one of them. There always exist a possibilty that a virus could contaminate my machine, but I think false positive is more likely. Chrome's message is useless without specifying exact virus it found so I can't really verify it.
"meh." - zookeeper

User avatar
Pentarctagon
Forum Administrator
Posts: 4043
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by Pentarctagon » November 25th, 2014, 12:00 am

Spybot S&D found this. The scan is still ongoing, but it's looking to take hours at the rate it's going, so I figured I'd post what it's found so far.

Info from the Spybot forums and from Microsoft.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 25th, 2014, 12:40 am

File and dir in screenshot aren't part of wesnoth, and weren't installed by the installer. I double checked by running installer and looking at the dir it made.
It could be seeing internals of NSIS.
"meh." - zookeeper

User avatar
Pentarctagon
Forum Administrator
Posts: 4043
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by Pentarctagon » November 25th, 2014, 12:52 am

Yes, I extracted it with 7zip before scanning.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 25th, 2014, 1:13 am

I had no idea that 7zip can extract NSIS installers. But that file seems to be part of NSIS.
"meh." - zookeeper

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 25th, 2014, 1:57 am

NSIS gets a lot of false positives. Probably it's just another one.
http://nsis.sourceforge.net/NSIS_False_Positives
"meh." - zookeeper

MerlinCross
Posts: 56
Joined: November 25th, 2014, 5:52 am

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by MerlinCross » November 25th, 2014, 7:56 am

Also here from Rock Paper Shotgun.

So can I install this okay or do I have to do something with it first because I'm getting the same problem.

BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund » November 25th, 2014, 1:27 pm

MerlinCross wrote:Also here from Rock Paper Shotgun.

So can I install this okay or do I have to do something with it first because I'm getting the same problem.
I have no idea. I of course have no reason to doubt what loonycyborg is saying. But getting flagged by both Chrome and Spybot S&D isn't exactly a clean bill of health. I think it's likely it is a false positive. But the question is whether playing the game is worth the risk. Right now, and speaking only for myself, it isn't, because I've been burned in the past by unintentional passing along of viruses. loonycyborg, are you the only person who provides Windows binaries for this game at the game website, or are there others? No offense intended, of course!

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 25th, 2014, 2:29 pm

No. There's also MacOS releases. And all linux distros package wesnoth too. Neither of those uses NSIS. So maybe consider using a different OS :P

I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
"meh." - zookeeper

BerenBelagund
Posts: 6
Joined: November 24th, 2014, 3:49 pm

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by BerenBelagund » November 25th, 2014, 2:55 pm

loonycyborg wrote:No. There's also MacOS releases. And all linux distros package wesnoth too. Neither of those uses NSIS. So maybe consider using a different OS :P

I'm considering to switch to something other than NSIS to generate the installer. To something like WiX maybe. But it'll take time. Also, I could distribute a .zip file instead, but windows people expect installers and why should I make 2 releases only due to some anti-virus giving a false positive?
I totally understand where you're coming from. It's a frustrating situation. The problem is that the typical Windows user has no way to independently verify your claims, but also lacks your skills in compiling binaries. So we're sort of stuck looking for alternatives until this gets resolved. I personally hate installers and love .zip files, so I would have no problem with a .zip file. But I certainly understand your declining to do more than what you have done. You're not getting paid for your service!

User avatar
loonycyborg
Windows Packager
Posts: 273
Joined: April 1st, 2008, 4:45 pm
Location: Russia/Moscow

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by loonycyborg » November 25th, 2014, 4:17 pm

Whether I'm not paid or not is irrelevant in this situation, since even "classic" commercial software companies provide installers only nowadays some using this same NSIS. And such issue would result in exactly the same response from them.
"meh." - zookeeper

User avatar
Wintermute
Inactive Developer
Posts: 840
Joined: March 23rd, 2006, 10:28 pm
Location: On IRC as "happygrue" at: #wesnoth-mp

Re: Chrome flags wesnoth-1.12-win32.exe as malicious

Post by Wintermute » November 25th, 2014, 5:29 pm

I wonder if it's worth contacting some folks at chrome to see if they can do anything about it? Or perhaps after enough downloads they might notice and investigate anyway?
"I just started playing this game a few days ago, and I already see some balance issues."

Post Reply