The software used for making the installer is NSIS (Nullsoft Scriptable Install System). Or the AV suites are tripped up by some irregularities of the installer This could explain the discrepancy with FossHub regarding URL flagging. It wouldn't surprise me if Chrome has whitelisted the SourceForge domain as a whole, since it has served open source for many decades now and has built a very good reputation (about malicious content). This probably works in a similar way for flagging URLs as untrusted. The files have essentially become "old" and implicitly trusted due to user usage. As more and more people start using them, scan them, and not report them as harmful the reputation starts rising until the scanning service shuts up about the files. Unsigned files start with a low reputation. Broswers/OS use centralized scanning services which in turn use a reputation system for each file they scan.
This happens with files that aren't signed with a code-signing certificate AND are new in the web. Either the browser(eg Chrome) or the system doesn't recognize the URL and file as "harmless" or the AV suites are tripped up by some irregularities of the installer.Įither the browser(eg Chrome) or the system doesn't recognize the URL and file itself as "harmless" There are mainly 2 types of warnings people see when using the installer. In case you don't know, I am the person doing the builds/releases/installers.
0 kommentar(er)
