![]() ![]() It is not a big deal, there are rules how to handle it and it gets fixed. plus they take 2-3% of the market and only block exe installation or in our case, a file in installation every 3 years. Usual false positive is not really a problem, since you can report it to every AV company, even Chinese ones, and they will clear it fast. I did report what I had experience to the maintainer of InnoSetup but I didn't get a response. I think because Delphi is used by some to write viruses the security firms are being lazy and just identifying portions of RTL code rather than the actual virus code. I had a lot of issues with Norton/Symantec's SONAR technology and InnoSetup a few years back (it reported suspicious activity but would not say what) and submitted false positives to Norton/Symantec to get the issues fixed. Installshield Express might be safe bet, but not sure if it has all the features? We used to use AI exclusively, and it is great looking with advanced boot strapper but we have had issues that users reported that could never be reproduced by us and AI team, which lead to us to start using much simpler Inno Setup.Īnyone has any suggestions with something they deployed to 100,000 of users with above features? I know InstallAware has those, but it does not look too professional. Multiple language support for bootstrapper (MSI by default cant) We are looking to switch to only commercial MSI based installer but there are features we need:ġ. In this new world when company controlling 75% of the Internet can block software vendors with over 20 years of business experience and trusted publisher by all Antivirus companies with whitelisting service setup, and give you no way to even complain about "unwanted software" or explain the problems, we are now afraid to use anything open source that can be misused by someone else, such as Inno Setup or Nullsoft Installer. But it is a weekend, and we have not received any feedback directly. Might have helped as well as our previous installers were not tagged anymore. At the same time we tried personal connections to many people at Chrome and Google security team. We deleted executables specified in our search console report and put up MSI based installer By morning next day, every file signed by our certificate was blocked by Chrome and Firefox as dangerous, no matter what it was. We contacted Digicert, they told us certificate is valid, no complains and they even re-issued a new one. So it cant be doing anything smart to analyze installers. One of them was portable installer that just copied either x86 or 圆4 files to your folder. Only 2 inno setup based installers were tagged, 7-8 others on same page were not including Inno and MSI. Might be based on bad heuristics that is tagging many Inno Setups I know Beyond Compare was hit as well, and one of their installers is still tagged.įrom little we can find out by our own analysis: At first, google search console did not show much info, so we were not sure what was happening, but soon after all of our pages and downloads were blocked via Chrome and Firefox for most users. We at PowerArchiver got hit thursday afternoon. I see that the Delphi shop "greatis" seems to have the same problem (we do not use any of their component) but that makes me think that some other Delphi application might be targeted: !topic/webmasters/CThwZ6Oq9Ck context-place=forum/webmastersĭid you receive similar security issue from Google ? ![]() It looks like we are not the only ones based on the posts on the official Google webmaster forum: !forum/webmasters We have requested a review from Google but a few hours later, we received a "Review failed" e-mail. ![]() Virus Total (recommended by Google in this case): Obviously, the software is signed using a valid paid certificate, and considered safe according to: Google chrome (and Firefox) now blocks the download page: A few hours ago, Google sent us a warning e-mail saying that HelpNDoc's installer was tagged as a "Harmful Download". ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |