Comments (8)
That was a false positive. The Tunic source code is verifiably not malware.
I did some testing with virustotal.com, and I believe the PS2EXE tool I use from Microsoft's NuGet repo is being falsely detected as malware. I use it to package tunic.ps1 as an executable. I suppose it's possible PS2EXE contains malware, but that would be very surprising given its wide use. I will quickly change how I package tunic to avoid this false detection.
You can verify Tunic isn't malware by downloading source and scanning tunic.ps1
and files
directory.
I put a lot of effort into this as a service to the community. This sucks.
Further verificication
It's straightforward, but time consuming, to verify nothing bad is happening, although you'd need to understand powershell well. Some of these steps require a Windows 10 VM.
- Look at the source and see what it does and see that it's safe. Only tunic.ps1 and file/* are packaged into tunic.exe. tunic.ps1 is where all the logic is.
- Install 7zip https://www.7-zip.org/download.html
- In powershell, download tunic.exe, extract files, and run
dir
. (The .exe is a self extracting .7z file.)
$url='https://github.com/mikeslattery/tunic/releases/download/0.2.1/tunic.exe'
(New-Object System.Net.WebClient).DownloadFile($url, 'tunic.exe')
7z x tunic.exe
dir
Will return something like this. You can compare the extracted files with the files on github to see they weren't tampered with.
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2/8/2020 8:37 PM files
------ 2/6/2020 7:50 PM 41111 tunic.ps1
------ 2/6/2020 8:02 PM 139264 tunic-script.exe
- PS2EXE was used to create tunic-script.exe from tunic.ps1. Let's reverse it and verify.
.\tunic-script -extract tunic2.ps1
cmd /c fc tunic.ps1 tunic.ps2
The diff output verifies they are identical (except for some whitespace at the end of the files) and so tunic-script.exe wasn't tampered with.
Comparing files .\tunic.ps1 and .\tunic2.ps1
***** .\tunic.ps1
***** .\tunic2.ps1
*****
Or to to further check, let's rebuild tunic-script.exe:
install-packageprovider -name nuget -force
Install-Module -force -confirm:$false ps2exe
iinvoke-ps2exe -inputfile tunic.ps1 -outputfile tunic-script2.exe -title Tunic -credentialsGui -requireadmin -noconsole -nooutput -noerror
dir tunic-script*
The dir will return something like this. Notice the identical size of tunic-script.exe and tunic-script2.exe (but this verification could fail if the p2exe download differs from the one I'm using).
Mode LastWriteTime Length Name
---- ------------- ------ ----
------ 2/6/2020 8:02 PM 139264 tunic-script.exe
------ 2/8/2020 8:42 PM 139264 tunic-script2.exe
Even given all that, I will need to put a disclaimer in the readme that programs like tunic, that modify your bootloader, often get falsely detected. That likely wasn't the case here, but it may be in the future.
from tunic.
Thanks for the response, I just tried again to follow your steps & I've updated a fresh Win 10 install, this is the 1st exe I've attempted on this install & I can't even run it as it is immediately deleted due to virus detection.. This is less that I was able to do previously as it at least told me what virus it was and asked what I wanted to do (Remove, Quarantine etc).. Watch my screen recording..
from tunic.
Tried saving the file instead, same thing, instantly deleted due to virus.. Nobody in their right mind is going to disable their virus protection in order to install a program.. I think you have a roadblock on your hands.
from tunic.
One more thing I remembered.. The 1st time yesterday where I got to remove the virus & keep Tunic installed, when I opened it, it had nothing in the dropdown for distros, the dropdown was completely empty.
from tunic.
Please check again with latest release. I'm only about 50% sure this will fix your particular issue.
https://github.com/mikeslattery/tunic/releases/tag/0.2.2
from tunic.
I made significant change to how Tunic is packaged. I'm now using NSIS. See tunic.nsi and build.ps1 in the develop branch.
This means that ps2exe and 7zip's auto-expander are now no longer part of tunic.exe. These are tools often used by "script kiddies" which is probably why it was flagged.
from tunic.
Downloaded without issue, no windows defender instant removal.. Just the regular protection due to unknown app & publisher which is normal..
Ill leave it at that till I get the chance to test your program out later tonight. Thanks for the swift solving of the issue.
from tunic.
Nice! Thank you for the repeated testing. I'll closet this ticket.
Feel free to ask me to re-open it if you (or anyone else) think this is still an issue.
from tunic.
Related Issues (18)
- change description HOT 7
- Windows 7 and 32bit/MBR Support HOT 1
- Conversion to UEFI Fails HOT 6
- Success Stories HOT 1
- Windows Defender treat Tunic as Trojan:Win32/Fuery.B!cl HOT 5
- Microsoft.NET Framework Error HOT 6
- cant connect to tunic remote server HOT 5
- Did not worked on Windows XP - SP2 (32 bit) HOT 1
- How do i uninstall if i use the pre-release to golang? HOT 2
- No grubefi or smthn like that
- UEFI Win 10 1909 does not work HOT 5
- Abandoned?
- Tab index is messed up HOT 1
- Consider using the distro-agnostic Calamares installer instead of Ubiquity HOT 2
- UI improvements HOT 2
- Add po HOT 2
- bcdedit : the term is not recognized. HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tunic.