I got a Trojan
No, anyone can post anything. Be cautious of downloading anything related to a MMO. People want to steal your gold and items. It’s a good idea to use two factor authentication too.
Gladly i didnt start the game because my antivirus told me about it. So i think I’ll keep using only event wbsites.
Right in the description for that program it says
It is written in AutoIt3(I know, noob lang, but I am a Webdeveloper and AutoIt is fairly easy :P). It MAY be recognized as a Virus(here an virustotal check, but this is a general AutoIt Problem. Enough about the Lang, here comes the Script! Also, its only tested with Win7 and Win8, dunno if it works@xp or vista :/
Since the source is available for that program, surely someone would have actually confirmed if it was actually a virus on that page.
You really shouldn’t blindly download programs from the internet.
Since you’re posting in the API forums, I’m going to speak technically.
I’m assuming you got the GW2 Boss Event Overlay from this post? https://forum-en.gw2archive.eu/forum/community/api/List-of-apps-websites-using-the-API/2083358
The top of the linked Reddit thread clearly states:
It MAY be recognized as a Virus(here an virustotal check, but this is a general AutoIt Problem.
AutoIt is a scripting language that also happens to be popular for creating trojans, because the language is very easy to grasp, and the scripts can be compiled to a single executable. Unfortunately due to the frequency of AutoIt being used as trojans by malicious individuals, AutoIt executables are flagged as a trojan by most anti-virus programs. That does not make AutoIt itself bad, but bad people use it for bad reasons. (I personally prefer AutoHotKey, I thought AutoIt bit the dust long ago)
The source code for that AutoIt script is available:
https://github.com/Downi/GW2-Overlay/
I scanned the source code and didn’t see anything malicious. Of course it’s still possible that the compiled executable could be dangerous even if an author provides the source. The safest route would be to compile the source yourself, if you are suspicious. However, most authors who go through the effort to publish their source code to GitHub are probably not malicious individuals.
…
I scanned the source code and didn’t see anything malicious. Of course it’s still possible that the compiled executable could be dangerous even if an author provides the source. The safest route would be to compile the source yourself, if you are suspicious. However, most authors who go through the effort to publish their source code to GitHub are probably not malicious individuals.
That is what I would do if I really want to use the program.
(edited by DarkSpirit.7046)
…
I scanned the source code and didn’t see anything malicious. Of course it’s still possible that the compiled executable could be dangerous even if an author provides the source. The safest route would be to compile the source yourself, if you are suspicious. However, most authors who go through the effort to publish their source code to GitHub are probably not malicious individuals.That is what I would do if I really want to use the program.
It’s always easy to say: hey, it’s open source, just go and read the code.
We both know that an average user of such a program won’t ever read the source because he won’t understand it anyway – he just downloads and executes it and the damage is done.
It’s always easy to say: hey, it’s open source, just go and read the code.
We both know that an average user of such a program won’t ever read the source because he won’t understand it anyway – he just downloads and executes it and the damage is done.
Then an average user shouldn’t be downloading EXE binaries from an untrusted source in the first place. If the user still chooses to take the risk then that becomes his responsibility.
(edited by DarkSpirit.7046)
It’s always easy to say: hey, it’s open source, just go and read the code.
We both know that an average user of such a program won’t ever read the source because he won’t understand it anyway – he just downloads and executes it and the damage is done.Then an average user shouldn’t be downloading EXE binaries from an untrusted source in the first place. If the user still chooses to take the risk then that becomes his responsibility.
You can no more expect users to not download binaries than read, not to mention understand, source code, but releasing source code is the closest anyone can come to vouching for their software. If you don’t have the technical knowledge to compile code on your own you’re stuck with having to trust pre-compiled binaries.
The responsibility here is with virus checkers not automatically blacklisting executables like these. I note that MSE does not complain about the file in question.
It’s always easy to say: hey, it’s open source, just go and read the code.
We both know that an average user of such a program won’t ever read the source because he won’t understand it anyway – he just downloads and executes it and the damage is done.Then an average user shouldn’t be downloading EXE binaries from an untrusted source in the first place. If the user still chooses to take the risk then that becomes his responsibility.
You can no more expect users to not download binaries than read, not to mention understand, source code, but releasing source code is the closest anyone can come to vouching for their software. If you don’t have the technical knowledge to compile code on your own you’re stuck with having to trust pre-compiled binaries.
The responsibility here is with virus checkers not automatically blacklisting executables like these. I note that MSE does not complain about the file in question.
Nobody said we expect average users to read source code. I only said average users should NOT be downloading EXEs from untrusted sources period. If users refuse to listen to sound advice and insists on taking that risk then do it at their own peril.
Personally, I would never want to distribute my EXEs, unless I digitally signed them or I do it through the mobile store. This is why I usually share my code to public domains as small javascripts so that even less technical users can run them. Otherwise it is using entities like GitHub and users would have to be technical enough to compile and run that code.
(edited by DarkSpirit.7046)
The point I was trying to make is that people will download binaries simply because they don’t know any better. If you’re not making software that “works” you’re not making useful software, and to the average user source code doesn’t “work” — binaries do. It wasn’t an accusation. You’re right about signing, of course, but I’m not sure that’s an option in cases like these.
The point I was trying to make is that people will download binaries simply because they don’t know any better. If you’re not making software that “works” you’re not making useful software, and to the average user source code doesn’t “work” — binaries do. It wasn’t an accusation. You’re right about signing, of course, but I’m not sure that’s an option in cases like these.
It is an option if the developer pays for it, but I don’t expect most developers to do so. Alternatively, the developer can post the PGP signature or MD5 hashes on to a secure website, although the user would need to be technical enough to use the right verification tools. Of course, the developer would also need to ensure that his own PC is clean and I would advise against distributing an autoit EXE as it is notorious for trojans. It should be obvious by now why I dislike distributing unsigned EXEs.
Most browsers would warn the user if they attempt to download an unsigned EXE. It is up to the user to make sound decisions to secure his own computer.
(edited by DarkSpirit.7046)
You’re sure, that that overlay is a trojan? If yes, I have one on my Computer… One point, that would speak for it, is, that i cant find any Folder or something, i only got the .exe in my download folder… wasnt there a setup??
You’re sure, that that overlay is a trojan? If yes, I have one on my Computer… One point, that would speak for it, is, that i cant find any Folder or something, i only got the .exe in my download folder… wasnt there a setup??
You generally don’t need a setup with small standalone apps. This being an AutoIt program, you definitely don’t need a setup as the compiled versions are meant to be run with just the .exe
@others discussing this topic
I feel that with open source programs the chance is much lower that it will contain trojans etc, especially if they’ve been out for a while and it has acquired a sizable amount of users or at least people discussing the program. The more people actively using or discussing said program, the higher the chance of having some knowledgeable people amongst them that will have checked the source code.
There’s never a guarantee without going through the source code yourself and compiling it, but there are definitely some factors that make it seem more likely to be ‘legit’. Then there are of course always cases such as the ‘bitcoin mining malware incident’ from sources most would think be trustworthy. Such is life, you can’t trust everyone, but sometimes you do have to trust and hope for the best.
In general if you don’t have any programming savvy yourself, try and look out for these sort of things:
-open source (even though you yourself can’t read it)
-trustworthy dev (somebody with a good standing in a community and a lot of activity there has more to lose)
-many users / downloads
-long discussion thread (actually read it all if feasible; at least try to read the latest posts)
-try and find information from different sources (think forums / websites)
In general principle: do your research. I’ve come across some terrible cases where somebody posted a certain program that just reeked of being ridden with malware (posted by a new member, no open source, claiming impossible things in a format common to previous bad programs). The following thread consisted of many posts by knowledgeable people with good standing in the community claiming it was malware. After a day or two somebody showed the method used to pack the said malware and the code within the program that was responsible for sending on account information. Screenshots of the email account being used for collecting the account information including several compromised accounts (not the exact details) were also shown. Then the next few posts in the thread were all from new users still downloading it and complaining it wasn’t doing what was promised.
In general it is better to err on the side of caution and if none of the above listed things look very promising, just don’t rush to download it and give it some time until you feel confident either way.
Twirling – Pie Eating Guardian – MM – Gunnar’s Hold