Here’s the link to the latest weekly build of darktable 4.7, Dropbox - darktable-4.7.0+991~g2b6f1f5ed0-win64.exe - Simplify your life. The list of latest changes is at Comparing b6a47187e3…2b6f1f5ed0 darktable-org/darktable · GitHub
3 Likes
This morning I downloaded this file and immediately Windows Defender quarantined it. It reported the file is infected with “Trojan:Win32/Wacatac.B!ml.” I went to the quarantine area and deleted the file.
This is the first time I’ve seen this happen with dt downloads. False positive? Don’t know.
Same for the nightly. However after check with online (multi engine) av scanners no other reported such issue. I assume false positive.
The system the windows weeklies (and the releases) are built on is a purpose built VM that is only used for that. It’s Win 10 Pro and it was created last Nov 25th. I accessed the internet to download the source and the MSYS build system. I only upgrade the build system when darktable needs a newer version of a package.
My routine when I produce a new package is to fire up the VM, download the source changes, then compile it. After it’s built I scan with Windowss Defender. My Win10 Defender didn’t detect anything. After it’s scanned, I copy the executable to my host machine (Linux) for uploading to dropbox. Once the executable has been copied to the host machine, then I shut down the VM until next week.
4 Likes
A few weeks back our IT shut down my PC. They reported that two things in particular were creating/ behaving as malware. Roughprofiler (which I wasn’t even using it was just on my onedrive storage and had only tried one or two times on a different PC) which is a GUI for Argyllcms and Darktable. In particular they were not happy with this dll libgio-2.0-0.dll I had several copies on my system including in MSYS. Roughprofiler has a java component so maybe that was the issue or maybe it was a bad actor… No idea if it was hypervigilance.
My PC was about 10 years old so they just took it and replaced it with a new one running their latest suite of monitoring.
During the process our IT guy poked around and let’s just say if you use Windows at least and use a Microsoft account you can take a look and can check your account for log-in attempts…
This is only a snapshot from mine. I suspect many university and business accounts are being targeted but abundant caution never hurts…
Note some of the locations unsuccessfully attempting to login to my account…
You could follow-up with this as a check…
Downloaded an ran it. Did a quick scan plus the darktable source./build tree and it didn’t find anything.
1 Like
Good idea to check and likely false positive but these days you just have to try to cover all your bases. As an aside its a bit unnerving to know that everyday your account is being targeted all over the world or its one think to “know” it but to see evidence drives it home…
Thank you! I didn’t know about this. D/L and ran it, no problems. False positives are the pits.