Re: Scripts downloaded
I am concerned that people are actually disabling Windows Defender and possibly other protective software to download my scripts. The following is a bit technical and mostly aimed at getting technical feedback. TL;DR: Itoggle quoted messageShow quoted text
don't recommend disabling protective software, and if something is making you do that, I'd like to know why, including specific message text you're seeing. I classify message types below and give my more specific advice on
how to handle each type.
There are, I'd say, three basic types of messages one can get from modern protective software. From least to most severe:
1. "It is dangerous to run software downloaded from the Internet. Are you sure you want to do this?" This is categorically true and has nothing to do with the specific software in question; it is only related to where the
software is coming from. I would say the appropriate way to respond to this sort of message is to bypass the warning without disabling the protective software entirely. The appearance of this type of message indicates a
likely well-guarded computer and says nothing about the software being downloaded. Disabling protective software to get around this sort of message is risky because it unprotects you for no reason. Btw, I also put messages
like, "This software is not signed," in the same category, because it simply is a warning that you need to make sure you trust the software origin. We may come to a day when there is no way to bypass this warning without
disabling protective software; but I don't think we're there yet. I welcome corrections from anyone who knows of a case where this is an insurmountable issue.
2. "This download looks dangerous." This is a very broad category, but I mean to include cases where protective software uses what are often called heuristic tests to figure out if a program might do something troublesome
if run. False positives in this area abound and are sometimes rather famous in the IT industry because of the trouble they can cause. However, I treat any such message seriously; and on one occasion, a couple years ago I
think, messages like this from at least three different protective software applications led me to revert to an older version of the Nullsoft Installer System (NSIS) for building my installers, because I came to think that
perhaps the newest version at the time was creating installers that contained something I did not understand. I would say the appropriate response to a message in this category is to do all of the following, in order:
A. Notify me, and/or this list or an appropriate forum for the particular scripting project in question, exactly which protective software is notifying you (Windows Defender, Symantec Endpoint Protection, etc.), and
exactly what the message says. Include any apparent names or techie-looking designations of a threat that is suspected or detected.
B. Hold off downloading the scripts until you get a response from me on whether it is a known issue or instead represents a possible problem. I don't expect any problems of this sort; but as I said, I once had to alter my
NSIS version to fix messages like this.
C. If the issue is determined to be a false positive, I might need help reporting the issue to the vendor of the protective software. That also happened during the NSIS reversion incident.
3. "This download contains this specific virus, trojan, malware, etc." I have never seen a report like this on a script installer, though at first the above-mentioned NSIS issue confused me because some of the messages
did include names of threats that turned out to be names of heuristic algorithms rather than names of viruses etc. I know absolutely no way for any malware to get into what I post, and I have protections in place against
it; but I also think I am not absolute in my knowledge or authority over technology. :-) So similar to the previous item, I would really appreciate timely and specific reports of anything of this sort if they ever occur.
On Tue, Jun 30, 2020 at 01:50:21PM -0400, Jerry Pryde wrote:
I solve the problem. The scripts are downloaded. Turning off windows defender
in internet explorer did it.
Disregard my last email, please.
It says revision 174, so all is well.
Doug Lee email@example.com http://www.dlee.org
Level Access doug.lee@LevelAccess.com http://www.LevelAccess.com
Time is the friend of one who is true, and the enemy of one who isn't.