[Solved] Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Having trouble installing or compiling FreeCAD? Get help here.
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
jfc4120
Posts: 448
Joined: Sat Jul 02, 2022 11:16 pm

[Solved] Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by jfc4120 »

Current version

Code: Select all

OS: Windows 10 Version 2009
Word size of FreeCAD: 64-bit
Version: 0.20.29177 (Git)
Build type: Release
Branch: releases/FreeCAD-0-20
Hash: 68e337670e227889217652ddac593c93b5e8dc94
Python 3.8.10, Qt 5.15.2, Coin 4.0.1, Vtk 8.2.0, OCC 7.6.2
Locale: English/United States (en_US)
Installed mods: 
  * Help 1.0.3
Today,January 7, 2023 I downloaded Freecad FreeCAD-0.20.2 WIN-x64-installer for windows and during install got over 20 virus warnings from Norton antivirus.

This never happened with the prior version FreeCAD-0.20.0-WIN-x64-installer, no problems at all.

Please let me know what is going on with this newer version.

I did not take note of every warning, but as example one was in the file: logoLarge.gif
Last edited by jfc4120 on Tue Jan 17, 2023 7:09 am, edited 1 time in total.
GeneFC
Veteran
Posts: 5373
Joined: Sat Mar 19, 2016 3:36 pm
Location: Punta Gorda, FL

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by GeneFC »

Norton is notorious for creating the worst software ever. :mrgreen:

I ran your suspect gif file through VirusTotal. About 30 different virus detection engines came back with "Undetected". That is 100% of the checkers used.

As has been explained numerous times recently on this forum a lot of modern virus checking is done by "reputation" rather than the older practice of looking for suspicious strings of code.

A new file has no reputation so it is flagged as questionable.

I ran the entire file package through a couple of checkers I use, MS and MalwareBytes, and no detection of malware was found.

Gene
User avatar
LVAeronautics
Posts: 105
Joined: Sun Nov 20, 2022 6:21 pm
Contact:

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by LVAeronautics »

I got the same thing doing the new download, but I do not use Norton. All I did was tell the program to "Run Anyway"; no issues.
"Testing leads to Failure, and Failure leads to Understanding" -Burt Rutan
jfc4120
Posts: 448
Joined: Sat Jul 02, 2022 11:16 pm

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by jfc4120 »

The way I look at it is there has been past hacking on Github as well. So what is strange is the fact that the previous version was fine. I even ran the previous version mentioned in my post through norton and mcafee.

However the new version I only did norton, not mcafee. And I doubt they changed all of those files from one version to the next.

I hope someone will at least verify the one from https://www.freecadweb.org/ and the one downloadable from Github wasn't "messed with".

In Today's World you can't be too safe with so many hackers out there.
GeneFC
Veteran
Posts: 5373
Joined: Sat Mar 19, 2016 3:36 pm
Location: Punta Gorda, FL

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by GeneFC »

LVAeronautics wrote: Sun Jan 08, 2023 7:39 pm I got the same thing doing the new download, but I do not use Norton. All I did was tell the program to "Run Anyway"; no issues.
I think that is a different issue. When you said "the same thing" did you get an actual virus alert or "this file is untrusted"?

Almost everything without an MS certificate ($$$$) comes with the untrusted warning.

Gene
jfc4120
Posts: 448
Joined: Sat Jul 02, 2022 11:16 pm

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by jfc4120 »

@GeneFC

Was FreeCAD-0.20.0-WIN-x64-installer signed? Because that one had no problems.

If so, why would FreeCAD-0.20.0-WIN-x64-installer be signed, but FreeCAD-0.20.2-WIN-x64-installer not be signed?
GeneFC
Veteran
Posts: 5373
Joined: Sat Mar 19, 2016 3:36 pm
Location: Punta Gorda, FL

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by GeneFC »

jfc4120 wrote: Sun Jan 08, 2023 10:58 pm
I do not think any releases have been signed, at least not by an "authority". Not sure about self-signing, but that does not count for very much in most cases.

Gene
User avatar
adrianinsaval
Veteran
Posts: 5541
Joined: Thu Apr 05, 2018 5:15 pm

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by adrianinsaval »

check that the hash of what you downloaded matches the hash in the release page, we should probably put those hashes on the freecad.org webpage that way one can verify in an independent webpage that github wasn't tampered with. Thoughts @uwestoehr @yorik ?
jfc4120
Posts: 448
Joined: Sat Jul 02, 2022 11:16 pm

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by jfc4120 »

How do check the hash? But think about it if someone can mess with the file they can put a fake hash.
User avatar
adrianinsaval
Veteran
Posts: 5541
Joined: Thu Apr 05, 2018 5:15 pm

Re: Virus warnings in FreeCAD-0.20.2 WIN-x64-installer for windows

Post by adrianinsaval »

That's why I'm saying it should be put on the freecad.org page too and not just github, it is unlikely that both sites would be compromised. If you have 7zip installed on windows it ads a context menu item to verify the hash, use the SHA256 option and check that it matches the one listed at https://github.com/FreeCAD/FreeCAD/rele ... SHA256.txt

if you don't have 7zip see https://www.shellhacks.com/windows-md5- ... n-utility/
Post Reply