However, this whole setup is frowned upon by some AV suites. The two processes communicate with each other during installation, because some actions should be performed with normal privileges while others should be performed with escalated privileges. When you start the installer it runs as a normal process, which forks itself and runs again as a process requesting UAC.
The UAC/privilege escalation is handled in a weird way by the installer.The AV suites probably don't like our installer for these reasons: The NSIS scripts for our installer are here. It is basically a program that wraps our program( qbittorrent.exe) and runs a series of commands to "install" our program in the correct place and make any necessary changes to the system to reflect the installation of our program. The software used for making the installer is NSIS (Nullsoft Scriptable Install System). Or the AV suites are tripped up by some irregularities of the installer This could explain the discrepancy with FossHub regarding URL flagging. It wouldn't surprise me if Chrome has whitelisted the SourceForge domain as a whole, since it has served open source for many decades now and has built a very good reputation (about malicious content). This probably works in a similar way for flagging URLs as untrusted. The files have essentially become "old" and implicitly trusted due to user usage.
As more and more people start using them, scan them, and not report them as harmful the reputation starts rising until the scanning service shuts up about the files. Unsigned files start with a low reputation. Broswers/OS use centralized scanning services which in turn use a reputation system for each file they scan. This happens with files that aren't signed with a code-signing certificate AND are new in the web. Either the browser(eg Chrome) or the system doesn't recognize the URL and file as "harmless" or the AV suites are tripped up by some irregularities of the installer.Įither the browser(eg Chrome) or the system doesn't recognize the URL and file itself as "harmless" There are mainly 2 types of warnings people see when using the installer. In case you don't know, I am the person doing the builds/releases/installers.
0 kommentar(er)
