Hi all,
Just liked to report, Chrome on Windows 7 blocks downloads of RIOT, it shows message: "This file is malicious and Chrome has blocked it. [Dissmiss button]".
Somebody should investigate and contact Google about this.
regards,
Royston
Hi all,
Just liked to report, Chrome on Windows 7 blocks downloads of RIOT, it shows message: "This file is malicious and Chrome has blocked it. [Dissmiss button]".
Somebody should investigate and contact Google about this.
regards,
Royston
I know :( false positive. Cannot do anything. I could not find a way to oontact them. For a company who wants to get everything about you, they are quite hard to reach.
you could always use the portable version. I think the installer version has this warning because of the open candy module
VirusTotal lists the portable version as malware. Probably the desktop version too. Should I be concerned? https://www.virustotal.com/en/file/91bdf317e50d349cd096b8daa7d5aabf85ef8e2288086073be9a7105070611fb/analysis/1412765472/
this is not the portable version. is the setup version. OpenCandy is not malware
@Luciano, there's some serious flak coming at RIOT re: malware issues on CNET.
Maybe Adobe would be interested in taking RIOT over, rewriting all cursed libraries? RIOT kicks Photoshop's a$$ in compression. It's not even necessary to integrate RIOT into PS and close standalone down. Corporates can finance and develop RIOT with you leading it. They want PR that come with fresh things, plus it's extra new intellectual property.
Litmus for example bought PutsMail, similar case like yours: https://litmus.com/blog/a-new-home-for-putsmail-at-litmus
I have few connections at Adobe, could hook you up, maybe something will come out of this.
I am not a professional C++ programmer, so I wouldn't want that big corporation crap on my head. I work as a senior web programmer. so RIOT is just a hobby for me, created with the C++ skills learned in school and by myself. :)
I see. So how are you going to solve this malware issue?
RIOT itself is not flagged as malware. You can use the portable version for instance. Only the installer, which is built on an old OpenCandy library. That's it. When I will update I will update the OC library also from the installer
I could not even download the last version. The antivirus software blocked it. Furthermore, I do not intend to install the controversial OpenCandy on my computer. The developer could provide a version without that crap.
@marcopiv: use the portable version like I wrote earlier or complain elsewhere. Don't call a crap something that you don't understand. It installs software from google or microsoft. Maybe you should not trust them also, because they partner with Open Candy.
This is sad. This is a great tool. I managed to run a sanitize script and clean up the installer, but only after it attempted to install a bunch of malware/adware on my machine. There are a lot of online tools that do what this tool does, but very few decent downloadable ones.
If you aren't able to maintain the application, perhaps think about sticking it up on github and open-source it.
Thanks for the quick answer luciansabo. I appreciate your software, very useful.
I have another question: the folder named "plugins" in the portable version can be used as plugins in GIMP?
I really don't understand opencandy. As far as I know, it does not have an open source.
And when I started to install, BEFORE I choose any option, MALWAREBYTES already announced that opencandy tried to install himself in my computer. That does not seem very honest, do you agree?
Microsoft said: This program was detected by definitions prior to 1.169.1369.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. (www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Adware%3aWin32%2fOpenCandy&threatid=159633)
@marcopiv: open candy does not install itself. The installer runs the open candy module which simply does some anonymous requests to retrieve the software recommendation. It does not install anything before you accept.
Don't panic: if OpenCandy was so dangerous why do you think companies like Microsoft, Google, AVG, Opera, partner with them ? They pay OpenCandy (and they pay me) to recommend their software. This is a fair and important revenue source. I choose only the software I trust. It is safe from my point of view. I installed myself software on my own computer using OpenCandy and they are very transparent if you contact them.
>@There are a lot of online tools that do what this tool does
No they aren't. RIOT compression is unique.
Hmm, during installation I haven't found any option to uncheck at least three PUPs (Open Candy, browser toolbar, very aggressive system checker that started to run _after_ I had allegedly just uninstalled it) that gave me nearly an hour of hassle to finally get rid of.
I completely understand you spent quite some time and labour in constructing this program and would love to get some bucks in exchange. Who wouldn't if he were you?
But as we are just on shifting viewpoints: What would you personally think about a program that unsolicitedly and without any announcement installs a bunch of PUPs? Could it be you consider it a bit annoying? Could it be you feel somehow cheated, deceived?
Instead of forced und indefeatable bundling you might anticipate some honest words ('Software is bundled with ...') and the choice whether a user wants to get it or not. Or some 'Donate' button already on the download page, or an unbundled version for a few bucks -- anything that you yourself would consider a maybe winking, but at all events respectful interpersonal interaction.
No harm meant! It's just some thoughts and suggestion.
I too hate PUPs and installing without consent, but this is not the case with RIOT.
I did seen had ANY case where the consent was not asked during installation. The list of recommended software DOES NOT CONTAIN ANY TOOLBAR, and is handpicked by me. If a software is dangerous, please provide it's name to analyze. OpenCandy is NOT a software which is installed, but it only runs with the installer to recommend software then it does not run.
To avoid software recommendation is very simple: just run the installer with /NOCANDY command line switch. Another good way to install a clean RIOT is to use the portable version. There are options, and you are 100% safe.
I removed some products from the recommended software. They are not basically malware but present deceptive behavior or tagged as adware.
I packed the installers in 7z archives, and now they can be downloaded by Chrome and Firefox.
I also work with OpenCandy to implement a new SDK and avoid some AV warnings.
Thanks
You must log in to post.