Less than 24 hours after downloading something I found through this board , several hundred dollars was removed from my crypto wallet. I've only downloaded a couple of games that were put out by ILLUSION so make of that what you will.
Just a heads up-- Some of the content linked to from this site is not safe
- Thread starter xer0615
- Start date
I've been more and more worried about this stuff recently. Antiviruses don't pickup everything unless you have a whole assortment of them. As an example I've been using rpaExtract for a while but only recently tried scanning it on virustotal.com and a bunch of them flagged it as a trojan, a guy recently even brought it up on its itch.io page. A false alarm? Perhaps, who knows? I got rid of it. God knows what else slipped through the cracks in all the time of downloading stuff from this site and exists on my computer. I'm honestly thinking about buying an ssd and just running a virtual machine on it for this stuff cuz shits crazy.
- Jul 27, 2017
- 1,141
- 4,285
Less than 24 hours after downloading something I found through this board, I tripped and fell down the stairs.
Coincidence? You decide.
If I believed Windows Defender every time it warns me not to start a Ren'py game because it thinks it looks suspicious, I would never get to play anything. Oh, also, it's an absolutely terrible idea to run "a whole assortment" of anti-virus software. Installing a bunch of conflicting security software type shit on your PC will wreck your system worse than most malware.
Also, why not just use UnRen?
Coincidence? You decide.
Anti-virus software can never be a substitute for common sense and trust. Scanning a file and not getting a warning doesn't mean it's okay. Conversely, it shouldn't be automatically believed when it tells you something is a virus, especially when it comes to niche software like Ren'py games that have a comparatively tiny user base or the niche of a niche that is third party tools to tinker with Ren'py games. Modern virus scanners depend on cloud-based file analysis for a lot of shit and if there's not a big enough sample size it gets kind of fucky.
If I believed Windows Defender every time it warns me not to start a Ren'py game because it thinks it looks suspicious, I would never get to play anything. Oh, also, it's an absolutely terrible idea to run "a whole assortment" of anti-virus software. Installing a bunch of conflicting security software type shit on your PC will wreck your system worse than most malware.
Also, why not just use UnRen?
Last edited:
I never said to do it. That's why I used virustotal, it essentially does the same. It even stores hashes for already flagged files, it was the same for the file I tested, it was already flagged as a trojan, so someone probably scanned it previously there.
Not sure what you're getting at here, anti-viruses are not a substitute for common sense sure, but neither is common sense for antivirus tools. So you're saying nothing can be trusted, then what lol? There's a lot of stuff out there that doesn't trigger suspicion. rpaExtract being one of them, routinely used by many devs and modders, also recommended a bunch, yet it was flagged. That's why I'm thinking of it for myself and recommend it to everyone to use virtual machines primarily for stuff that you don't trust, and I'm definitely beginning to lose trust of stuff from here. Especially games made on custom engines.
EDIT: Also on a side note, Its probably not a good idea to ignore warnings from your anitvirus unless you're ABSOLUTELY certain of what you're doing. If you're a developer writing your own engine or piece of software for games, there is absolutely no reason it should be flagged by an antivirus software, unless you're doing something really fishy and unnecessary stuff or maybe using some fucky external libraries, and you should make sure its as clean as possible.
Last edited:
- Jul 27, 2017
- 1,141
- 4,285
That doesn't mean it actually is a trojan though. It could, but it also just as well couldn't. Virus detection isn't the hard science most people think it is. It's mostly a lot of guesswork.
I mean, it is though.
Why would you lose trust in this site because of a third party tool not from this site that you think is a trojan?
I don't agree with that, the probability is not 50/50. If it was then there would be no use for antiviruses at all lol. I'd say that once more than a couple of antiviruses say its a trojan, I think its fair to say there's prolly a good reason. At that point the probability is in favor of it actually being one rather than not. But then again if you trust the source, go for it, but I don't see the reason to risk it once you've been already warned. Its not hard at all to setup a VM.
We need tools people.
I shouldn't have said that, its not this site as a whole, I take that back. But just downloading anything from or regarding niche communities, like adult gaming.
Also I pointed this out in the previous post as an edit: as a developer, there is absolutely no reason you're tools or software should be flagged by an antivirus. You're doing something extremely wrong if they are. Unless you're developing a cracking tool or something the requires you to do some fuckery, therefore can't really avoid it getting detected as a virus, there is no reason. You need to recheck what you're tool is actually doing, and if you're potentially using some shady libraries.
Last edited:
use
You must be registered to see the links
Instead its in python open source and you can see the code.
- Apr 14, 2020
- 1,821
- 4,042
Thats why you use two factor authentication on all banking services. Could be anything including a bad link on p0rnhub or nh3ntai for that matter… i have played at least 50 games from this site and downloaded 200 nexus mods and not had the issues you have had once. *shrugs*
- Apr 30, 2017
- 4,532
- 19,956
90% of the virus reports we get are just devs using custom icons in their Ren'py executable.
Yeah antivirus is not perfect, if you used an icon file that has a signature similar to some viruses out there, you can try and use a different icon. Ultimately I think it falls down to the developer to do what they can and to make sure that their piece of software is safe and that users shouldn't have to worry while using it. (I was mainly using devs to refer to developers of tools/engines, but I guess you can apply it to game devs as well).
As for AV none of them are perfect. That said Microsoft has made a hell of an improvement over their old systems they used to have. It is technically one of the best options out there currently by a number of measures if you use it correctly.
There are a number of issues why you can get false warnings. The number one issue with adult game developers is unsigned work.
Google's chrome will often give warnings for software it hasn't seen a lot of downloads from in the past. Microsoft warns of any software that isn't signed by developers. Usually if you have used the same exe in the past it won't give a warning if you responded correctly.
MS generally scans incoming software and checks when things are renamed and ran for the first time or other factors. That way it doesn't repeatedly slow your system down like many do other AV systems do.
You have the ability to simply scan a directory when you download it. I found it is more accurate to run the scan after unzipping.
That said it usually can scan zipped files and see what is in them fairly accurately.
Let it do that longer scan when it needs to when you aren't on the system. Run an occasional offline scan.
I tend to also keep taskmanager open on windows and can spot unusual activity pretty fast and kill it. Honestly Chrome the browser has been my biggest offender in the last few years. Google has gotten it in their heads to start scanning everything on my system not just the shit pertaining to the browser and plugins. Yes, that includes personal files. It's done with their "software_report_tool . exe"
It's theirs software. It's signature and everything matches there is no virus in it. Last I check shit like my PDFs and other documents were not software. I'm glad I kept my source code on an entire different drive.
I'm looking at moving everything from chrome over to firefox because at least it doesn't do that shit. They seem to at least respect my privacy to some degree vs google.
There are a number of issues why you can get false warnings. The number one issue with adult game developers is unsigned work.
Google's chrome will often give warnings for software it hasn't seen a lot of downloads from in the past. Microsoft warns of any software that isn't signed by developers. Usually if you have used the same exe in the past it won't give a warning if you responded correctly.
MS generally scans incoming software and checks when things are renamed and ran for the first time or other factors. That way it doesn't repeatedly slow your system down like many do other AV systems do.
You have the ability to simply scan a directory when you download it. I found it is more accurate to run the scan after unzipping.
That said it usually can scan zipped files and see what is in them fairly accurately.
Let it do that longer scan when it needs to when you aren't on the system. Run an occasional offline scan.
I tend to also keep taskmanager open on windows and can spot unusual activity pretty fast and kill it. Honestly Chrome the browser has been my biggest offender in the last few years. Google has gotten it in their heads to start scanning everything on my system not just the shit pertaining to the browser and plugins. Yes, that includes personal files. It's done with their "software_report_tool . exe"
It's theirs software. It's signature and everything matches there is no virus in it. Last I check shit like my PDFs and other documents were not software. I'm glad I kept my source code on an entire different drive.
I'm looking at moving everything from chrome over to firefox because at least it doesn't do that shit. They seem to at least respect my privacy to some degree vs google.
- Jun 10, 2017
- 10,302
- 15,172
Seriously ? Since when a tool wrote in C# to undo the works of a tenth lines Python script isn't totally suspicious ?
The author need a minimal knowledge of Python to understand how RPA archives works, and a minimal knowledge in coding to write his tool. It's enough knowledge to be able to do this in Python, or even directly as a Ren'py Script. Yet he choose to do it by using a compiled language that will limit it's code to a single architecture and prevent anyone to know what he's really doing.
There's a whole "Warning, this isn't right" flashing sign in top of this tool.
As for the "routinely used" part, really ? Devs don't need such tool, and most modders surely prefer a one in all tool like UnRen, that also handle rpyc reversion and, by using rpatool, permit to overpass the obfuscation attempts.
As a developer, I'm glad to learn that I'm doing something extremely wrong. Hell, I must do it really wrong, it's sometimes Perl or Python script that are flagged. Please don't repeat this to my boss, he believe that I'm one of his best assets.
But well... As someone who also worked as computer security admin, I know how anti-virus works and that it's in fact you who are saying something extremely wrong.
Yeah I guess I should've seen that coming. I had heard of Unren but only much much later, should've switched.
Honestly don't know what to say to this? By "extremely wrong" I didn't mean there's faults in your programming, but the fact that you might not be doing anything about it. Your script can be perfectly fine and still be picked up by an antivirus. I honestly don't know what company you're working for that lets this shit slide. If your product is being caught by an antivirus its a high priority thing to resolve IMMEDIATELY. Imagine if tomorrow Visual Studio or VScode started getting flagged as a trojan, yeah I don't think Microsoft will let that fly. I don't understand the hostility btw, I am perfectly correct in saying its devs responsibilities to do AS MUCH AS THEY CAN to not have their program look suspicious and any reasonable man will agree. I also don't doubt you have some understanding of how antivirus works, but also I think we have come a long way from the signature based flagging of the 90s or 2000s or whenever you worked in security.
And this is getting side tracked, my original point was USE VMs PEOPLE.
Crypto is falling, since you mentioned "Several hundred dollars", it could be that you still have all your cryptos but they simply dropped in value.
If that is not the case, you should start considering protecting your important stuff.
I do not mean by having an antivirus alone and using common sense, but also enabling various auth (SMS, Auth Code, ...) They may be annoying if you access them often, but they keep you protected from events like those.
If that is not the case, you should start considering protecting your important stuff.
I do not mean by having an antivirus alone and using common sense, but also enabling various auth (SMS, Auth Code, ...) They may be annoying if you access them often, but they keep you protected from events like those.
Also if you have any sensitive files, encrypt them. I've been using Veryacrypt for over a year now, it can be a hassle to get in and out but well worth it in case your device gets compromised.
Last edited:
- Jun 10, 2017
- 10,302
- 15,172
What make you believe that we let it slide ? There's nothing in what I wrote that can imply this kind of thoughts ; probably because we test our software each week during the devel process and correct the problem each time it appear.
Triggering an anti-virus because part of your embedded data (see redknight00 answer) match one of their known signature is (relatively) easy. Triggering one because part of your processing is seen as a malicious behavior is less easy, but yet perfectly possible if you seek for performance on a software deeply coupled to the system or the network.
Could it be because it's only in your head ?
When saying this, yes, you are perfectly correct. But what you said is that only devs doing it wrong can have a program that will look suspicious ; and here you're totally wrong.
There's no statistic regarding the subject, but just looking at the number of report of effective false negative in the sector, is enough to know that there's probably not a single software engineering society who haven't had this problem at least once at some point in the development of their products.
Well, if you were sticking to what is wrote, instead of making up what is said, you would perhaps have less doubt.
I just said that I know both how anti-virus works, and that it's possible to trigger them without doing something wrong, nothing else. It's you, who decided, for whatever reason, that I was believing that anti-virus still only rely on a signature base.
I clarified, I didn't mean that by "doing something wrong". Poor choice of words on my part.
Then there's nothing to argue and we agree. That was my whole point. Its the fact that one doesn't realize that his app is being detected as malware, and even worse he's not doing anything about it is what's wrong I meant.
Oh missed this one! Yeah maybe so, its the sarcastic and deriding tone that gets me.
- Aug 17, 2019
- 4,827
- 7,919
I haven't used an AV in nearly a decade, and only started again this year as Windows Defender isn't all that resource intensive and I'm too lazy to fuck around with uninstalling it. But reading your other posts, you sound paranoid. Just like how many VM/AV companies want people to be. I've never had a virus from this forum, and the many who say they do are using way too trigger happy AVs. I can almost guarantee OP's supposed theft came as a result of some other website via careless practices.
Viruses are common sense, almost entirely common sense at that. Downloading a torrent for Photoshop? You're gonna need to turn off that AV regardless or you're going to get hit with a false-positive on a keygen, same goes for GenP/CCMaker/Zii or any other kind of patcher. The obvious answer is downloading from a trusted uploader. Same goes for movies, music, game, porn, etc. Don't go to sketchy porn sites without some kind of ad-blocker. Downloading some sketchy shit off Tor? Then you probably have it coming.
An SSD with a VM is absolutely overkill. The reality is that AVs are basically useless in 2021. You can have a good AV, two-factor authentication, strong passwords, not download weird extensions, not click on random links from spam emails, and still end up with a virus. Any meaningful virus is always going to be ahead of any kind of defense, and those that are, aren't after a nobody like you or me. That's not even getting into how a lot of AVs make you more vulnerable than not, or are selling your data. Windows Defender is enough for almost everyone, anything more and you're better off just going to Linux or Mac.
How can they do anything about it if they don't realize it's happening? Specifically referring to games on here, many devs barely understand what they're typing into Ren'py sometimes, I wouldn't really expect them to know what to do if their VN/game comes up as a virus. I know I wouldn't. I don't claim to be a professional at this, just not an idiot.