Checksum missing from downloads page and malware alert when running

[markusaittola]

The releases (https://github.com/WikiTransformationProject/wikitraccs-releases/releases) are missing an important security control, the checksum. Without a strong checksum digest, the users cannot trust the downloaded content includes what the developer released. In addition, trying to run WikiTraccs.GUI.exe v1.9.0, triggered WithSecure malware blocker, effectively preventing the program to run. The scanner did not find any malware inside though. It might just be such a rare program, the dynamic https://www.f-secure.com/v-descs/w32-malware.shtml blocked it because it did something suspicious.

Both issues effectively prevent security-aware users from running wikitraccs. I suggest adding a strong SHA chcksum in releases, and to test the windows executable with a bunch of most common malware scanners, and working with them to add the program in their databases of known programs.

[heinrich-ulbricht]

@markusaittola Good call with the checksum. Do you have any preferences with regard to file formats and tooling to check?

The block will likely be triggered by the obfuscator that has been applied to the binaries to make disassembling a bit harder. Not sure how successful adding the program to a whitelist will be, given that this would've to be updated with every release?

But your point is well taken. I'd go for the checksum so that you can be sure to get what you are intended to get.

[markusaittola]

Thank you for the quick reply. sha256 seems to be quite popular as a checksum.

With regard to malware scanners, just running a program with them and submitting a sample after a block found, might help. If the behaviour of the executable does not change too much between the releases, submitting once might be enough.

[heinrich-ulbricht]

@markusaittola I'm trying to submit this to F-Secure - which one is the product you use?


(If you don't want to disclose details here, you can send them to contact @ wikitransformationproject.com instead.)

[markusaittola]

Withsecure EPP Anti-Virus, Windows 10.
Already submitted the exe file :) But the more submits, the better response probably.

[heinrich-ulbricht]

The WikiTraccs binaries are now signed and the release package contains a checksum file.

fyi @markusaittola