SAFE Browser being deleted by Norton Security

safe-browser

#1

I have just downloaded the Safe Browser (safe-browser-v0.10.2-win-x64.zip - I am using Windows 10) … When I try to extract it Norton Security removes a lot of the files e.g. ‘weakref.node is not safe and has been removed’… Not even warnings - just deleted them. Is this usual?


#2

ooohhhhh!! the censorship!

I’m guessing that this is due to it being just a zip file and not a proper installer. This will be ‘fixed’ when the browser is packaged in an installer later down the track I suppose. Until then you may need to turn off Norton while unpacking.


#3

It can’t be because it is zip format. I use that to recieve and deliver software installs all the time. It has to be something in the code inside. It is only some of the exe and dll files, contained within the zip, that it deletes - it must be something to do with them. I can’t be the only person with an anti-malware program on my laptop that kicks off when it sees the Safe Browser contents ? Either there is something in the code that will spook anti-malware generally (in which case this is something that has to be flagged up or Joe public will not load Safe network programs - a bit of a downer on take-up) or it could always be a virus!


#4

No problem detected by Malwarebytes. Norton’s probably being over-fussy. There’s an online facility somewhere where you can upload individual files and have them checked by a variety of AV software.


#5

I’m sure it’s not a virus if you pulled it off of MAIDSAFE’s links. IMO, most security programs do scrutinize zip files extra hard as they are a common entry point for viruses.

Agree … you could try microsoft’s own upload checker: https://www.microsoft.com/en-us/wdsi/filesubmission

Or you could try one of the many other options you will find if you do a search online for: “online zip file virus checker”

*** I’m not a dev here … so do take what I suggest with a grain of salt. You could mention this problem to the devs if you are really worried. This forum is for the community and dev’s won’t necessarily see your post unless you tag one of them.

Cheers


#6

Hi Guys,

Certainly got the potential to be a little worrying.

We’re going to get our hands on Norton and have a look to see if we can replicate.

DG


#7

I downloaded it again this morning from maidsafe.net. This time it didn’t spook Norton when I unzipped it and when I ran a full system scan over the lot Norton gave it a clean bill of health! It also runs fine. Wierd.


#8

hmmmmm… I’m not sure how I feel about that…
if it happened once then it can probably happen again.

We’ll keep an eye on this.

DG


#9

Presumably Norton et al monitor the feedback for false positives? They were doing well if they caught it in less than 24 hours though!


#10

yeah I’d be surprised if they would react that quickly - unless others have been reporting and not noting here.
DG


#11

Have you run it through virustotal.com?

Also another possibility, were you downloading it through TOR?
Malicious tor nodes has been known to inject malware when you are downloading through them.

The same hijacking and injection can happen if you are on a WiFi/LAN with some asshole doing MITM.
So especially if you were in a public network, anything you download from a website can be taken over and replaced with infected file.

That’s why it is important to check hashes and digital signatures, just because you went to the website it doesn’t mean that you are downloading it from it.
Either someone can do the switcheroo in the middle while in transit or the website itself can be hacked and have the executables replaced.


#12

That’s the one I was trying to think of.


#13

No… It was a straight Firefox download over wires on a reasonably setup LAN on a machine that is regularly scanned (which registered totally clear after the second attempt 24 hours later).


#14

Do you have the sample file of the first download?


#15

I am sorry ! I deleted it all after the Norton warnings.


#16

Hi all, I’ve been looking into this today and ran some tests on a Window’s 10 VM to ensure there was no issue. The results have all been fine with no issues flagged by Norton (or other) security scans.

Here’s what I did to test:

  • Got a W10 VM.
  • Installed Firefox and a free trial of the full Norton Security product.
  • Downloaded the safe-browser-v0.10.2-win-x64.zip from the “Download Safe Browser” button on the maidsafe.net home page, using Firefox.
  • Unzipped the file - no issues flagged by Norton.
  • I scanned both the zipped and unzipped safe-browser-v0.10.2-win-x64 folders with Norton - no issues found.
  • I located the weakref.node file in the download and scanned it with Norton - no issues found.

All seems fine. We will of course monitor for any other reports of this.

Always make sure you download directly from our official site or our official GitHub - note that the new SAFE network site is https://safenetwork.tech/


#17

Delete norton it is malware


#18

Everyone should also install the “HTTPS Everywhere” plugin in their browsers to prevent the easiest MITM attack vectors such as MITM with ssltrip.

The only thing that could explain something like that is a malware injection of some sort, it could also have happened locally if he was already infected.

It is really rare that this guy had ONE downloaded version detected as malware and the subsequent one as clean.


#19

This topic was automatically closed after 60 days. New replies are no longer allowed.