Has CKAN been infected?

[steke]

I got a prompt on CKAN today to install a new version. My windows defender immediately started screaming at me that this was a trojan. This looks dodgy as hell so I'd suggest to avoid the new CKAN update.

This is the alert I got from windows defender https://imgur.com/gallery/9cgGAFp

 

[Gargamel]

CKAN hasn't been infected.  Sometimes when it gets updated, it looks like a new program to anti virus software.   Since what it does, by it's nature, is read, write, and move files around, AV suites go bonkers.   This isn't the first time it's been false flagged, and it won't be the last.

 

EDIT: Although... looking at your pic, you might have picked up something else from somewhere else.  

 

@HebaruSan?

 

Edited March 6, 2021 by Gargamel

[HebaruSan]

Anti-virus software have what's called "false positives," where they report problems that don't exist. When these mistakes are reported to the anti-virus software vendor, they can add the affected software to a "whitelist" that is excluded from having false positives reported. In practice this amounts to a form of extortion, where software vendors have to pay up to prevent their users from seeing alarming messages that erode trust in their software after installation. CKAN doesn't pay, so our users get to experience the full joy of this system in action.

@DasSkelett has been in touch with Microsoft, who have provided steps for every individual end user to take to fix this defect in their software, surely a viable and sustainable approach to the problem:

• https://github.com/KSP-CKAN/CKAN/issues/3310#issuecomment-791971103

Quote

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

Open command prompt as administrator and change directory to c:\Program Files\Windows Defender

Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”

Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
Thank you for contacting Microsoft.

[HebaruSan]

Some background for transparency, this is the GitHub work flow in which this release's assets were generated:

• https://github.com/KSP-CKAN/CKAN/runs/2044034486?check_suite_focus=true

It starts in a pristine image of Ubuntu 20.04.2-LTS, then uses Docker to load the latest Mono container (I think, I'm a little fuzzy on those details, maybe @DasSkelett will explain it better). Then it downloads the source and dependencies, compiles the EXEs, builds the Mac and Linux packages, and finally uploads them to the GitHub release. Then all of the containers/images go poof, back into the void from whence they came, never to run again.

At no point in this process is any person's "real" disk involved; there isn't even any involvement of Windows at all. So you don't have to worry about someone's PC getting an infection and then passing it along via ckan.exe.