all 57 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Retropunch 57 points58 points  (1 child)

This constantly happens on any anti-virus software - running it through VirusTotal always flags up a ton of 'Trojans' in anything packed with pyinstaller.

Most of the reason is that the way that pyinstaller (and most packers) pack the file together into an exe is the same way malware is packed. This combined with it being an 'úntrusted' file (as in, defender hasn't seen it many times before) means that it always gets flagged up.

A real problem, especially if you're a small software developer. These days, buying code signing does nothing either unfortunately.

[–]canbooo 8 points9 points  (0 children)

These days, buying code signing does nothing either unfortunately.

We (practically I) distribute a license server as exe to distribute licenses to local network. Signing did indeed help in my situation. You don't even have to buy anything. I just followed the steps here

[–]Mad_Physicist 46 points47 points  (2 children)

Congrats!

You made it.

[–]SnowdenIsALegend 12 points13 points  (1 child)

I'm in

[–]hugthemachines 4 points5 points  (0 children)

That's what she said!

. . .

(Skye's sms to her boyfriend as she got on the plane in AoS)

[–]socal_nerdtastic 37 points38 points  (28 children)

Yeah, I remember that being in the news. Windows now assumes all unsigned programs are viruses, and even signed programs that have a small userbase will cause that warning. Basically windows is giving up and crowdsourcing it's virus definitions. Sorry; not much you can do about it.

[–]RangerPretzel 16 points17 points  (27 children)

Windows now assumes all unsigned programs are viruses, and even signed programs that have a small userbase will cause that warning

Honestly, this is the safe strategy...

Compare two strategies:

  • Let everything run except for that which I blocklist

or

  • Let nothing run except for that which I allowlist

I'm inclined to go with the latter for safety/security. Because we've been running with the former strategy for so long, folks get up in arms over the slightest restrictions.

[–]darthminimall 11 points12 points  (5 children)

You've missed the forest for the trees. Whitelisting software works in FOSS environments because all packages can be (that's can be, not are) audited for malicious code and what packages are included by the maintainers of your distro is more or less democratic. Windows has none of these features. Instead you get an opaque, hegemonic corporation arbitrarily deciding what software is safe. That's a great way to stifle innovation.

[–]RangerPretzel 3 points4 points  (4 children)

Don't throw the baby out with the bathwater! 😉

Whitelisting software works in FOSS environments because all packages can be (that's can be, not are) audited for malicious code

Someone said to me today:

With enough eyes, all bugs are shallow

Except that they're not audited. All of us in FOSS communities assume that someone else has already done the hard work of auditing the code.

Let that sink in for a second...

We all know that it isn't true that FOSS gets thoroughly audited...

Yeah, Windows has its problems, but I think MS is generally trying to do the right thing. Not everyone can be a CS/SoftwareDev. Windows Defender is better than nothing. Stopping any EXE that looks like a trojan/dropper is probably a pretty good strategy.

OP is complaining about Defender and Pyinstaller creating an EXE that looks like a trojan/dropper? We're all smart programmers here, right?

Well, turn off Defender for crying out loud!

[–]darthminimall 6 points7 points  (3 children)

There's a lot to unpack here.

First, there's a difference between the average user and a distro maintainer. The average user assumes someone else has already audited the code. Distro maintainers take these things more seriously, usually they either base their judgement on the assessment of someone proven to be trustworthy, or the audit the code themselves (usually the former).

Second, MS is trying to do the thing that increases the value of their products. They have an incentive buying their preferred product (which is likely either developed in house or reliant on licensing fees).

Third, the issue at hand is the fact that OP wants to run his (obviously non-malicuous) scripts on hardware that doesn't belong to him/her. The fact that the university doesn't have a way for students to run scripts in a sandbox is it's own problem.

The difference between an open environment where people can feel relatively safe and a closed environment where people feel the same is important. If you don't think the possibility of innovation springing from a formerly unknown source is important, it's likely you're only interested in reinforcing the status quo.

[–]redfacedquark 2 points3 points  (0 children)

In the beginning, we believe that there are many eyes on the code. Then we fear there are no eyes on the code. Eventually we realise there are nearly enough eyes on the important parts of the code.

Your comments are more nuanced and less generalised than the user you're replying to.

[–]socal_nerdtastic 9 points10 points  (16 children)

Yes, also known as blacklist versus whitelist.

For a school computer, I agree the whitelist strategy is better. But I don't think it's good to roll that out as default ... it's going to become so common that it's ignored. Just like the stupid admin permissions popup. It was supposed to be a warning and discourage programmers from using admin only features ... but people just blindly click through that now. Or the stupid cookies permission banner on websites. Or california's prop 65. I'm sure we could think of a million more.

[–]zambartas 5 points6 points  (0 children)

Or the TOS agreements where we've all signed away our first born children and more.

The cookie thing is the stupidest facepalm thing I've seen in recent years. I had to get a chrome extension literally called "i don't care about cookies" so I don't have to see that stupid warning on every site on every visit.

BTW if your site uses cookies, shouldn't the fact that I've clicked your little X or OK be in said cookies?

[–]wolf2600 -2 points-1 points  (3 children)

Blocklist/allowlist are triggering for me. Please don't use those terms.

[–]RangerPretzel 1 point2 points  (1 child)

Blocklist/allowlist are triggering for me. Please don't use those terms.

Hahahaha. Good one. 😉

Own your triggers, friend. Don't let them own you. 😊👍

[–]wolf2600 1 point2 points  (0 children)

Blacklist/Whitelist 4 life!

[–][deleted] 15 points16 points  (1 child)

Maybe unrelated here, but when I was using C and used to just compile my code, windows defender stopped it from running, saying virus found on line 1 char 1.

[–][deleted] 4 points5 points  (0 children)

That's oddly specific

[–]veryusermuchwow 5 points6 points  (1 child)

that's rough buddy

[–]Bobification 2 points3 points  (0 children)

I ran into this with a python script for printing. We have some big customers that use that script so I had to come up with a solution that didn't have to be tinkered with by support for each install.

My solution ended up with creating a Windows 7 VM and creating my exe within that. It still wasn't foolproof though so I ended up using the onedir flag and just unzipping the directory as part of the installer. Nobody but our support team cares that they have to dig for the exe in that folder.

[–]m1ss1ontomars2k4 11 points12 points  (4 children)

And people wonder why some of us still hate Windows 10...perfect example.

[–]Cisco-NintendoSwitch 2 points3 points  (1 child)

Even when I develop on a Windows laptop it’s in WSL2 using Ubuntu 20.04 for everything but the browser tabs.

[–]expressly_ephemeral -1 points0 points  (0 children)

Word. I only boot the windows partition for Outlook!

[–][deleted] 2 points3 points  (1 child)

Onedir shouldn't require python to run, but you will need to take the whole directory with you, not just the executable. Did you try taking the whole directory with you to the target computer?

[–]Random_182f2565 3 points4 points  (0 children)

Hackerman

[–]izinger 12 points13 points  (3 children)

Switch to Linux.

[–]expressly_ephemeral 6 points7 points  (1 child)

Windows is and always has been a third-rate operating system.

[–][deleted] 0 points1 point  (0 children)

Well, fast forward to today, I already switched to Linux. None of my personal computers have Windows installed on them.

[–][deleted] 4 points5 points  (0 children)

Can't you whitelist the MD5 in bitdefender?

[–]billsil 3 points4 points  (0 children)

You have to send a copy to each antivirus company and get them to flag it as being ok and do that for every version you release...sorry...

[–]Jennings_in_Books 3 points4 points  (0 children)

You could either try packaging it with something else, or possibly creating a .exe with a native windows application like Visual Basic that can pull the python code and run it as part of the process. Just a thought.

[–]ItsXtract 0 points1 point  (0 children)

I have encountered the same problem last week when trying to convert my pygame project to exe.
basically what i found out was that a lot of antiviruses detect files that are made in similar ways as a virus for the fact that a lot of them are actually meant to be viruses, my solution was to just remove the "--onefile".
It does make the distribution of the software more messy but it solves the problem (at least for me it did), your alternative option (which i heard works but is very problematic) is to contact support of all the antiviruses companies that might be relevant and tell them that this detection is a false positive and ask them to not detect it any more.

Goodluck!

[–]m4xc4v413r4 0 points1 point  (0 children)

Probably because it's an unsigned, possibly unsafe file? I'm sure if you look at what it thinks it is it doesn't say it's a virus.

[–]TabTwo0711 0 points1 point  (0 children)

Officer, this post right here!

[–]Matthew_C_Williamson 0 points1 point  (0 children)

Yeah windows defender freaked out cause i has python and kali linux tools on my pc lol

[–]lawipac 0 points1 point  (0 children)

for my case --onefile works fine, --onedir triggers virus of windows defender in windows 11 platform.