Is App_Inventor_Setup_Installer_v_2_2 safe right now?

[Skylar Davis]

I am trying to connect my phone to my programming through USB, I am downloading the required files.

I check files to see if they are safe with Virustotal. When I ran this set up installer through it, it claimed that it detected 1 bad antivirus used a few days ago, I reanalyzed today and it detected two trojan antiviruses, namely: DrWeb, and NANO-Antivirus. Should I be concerned?

https://www.virustotal.com/en/file/4f5574b295a22362d8e181c3cf83979078ae10a0665ea22b260478ec48694664/analysis/1417014504/

[SteveJG]

Should you be concerned?   Yes.

Specifically, what files were reported as being contaminated?   Where these the AI2 installation files or something you coded yourself?  Where did you download them from?

I just downloaded AppInventor_Setup_Installer_v_2_2.exe   and my McAfee checker gives the file a clean bill of health.  That in itself is no guarentee the file you have is OK.  Did you use this link      

1. Download the installer.

         ?

Regards,

Steve

[Hal Abelson]

Skylar,

Thanks for letting us know.    There's no virus or Trojan.    We'll look into this, but those scanning companies are notorious about issuing false positives and leaving others to clean up their mess.
==Hal

PS: We'll be updating the Windows setup software before too long.  Look for the announcement in the forum.

[JerryY]

I just scanned it and it is now up to 4 positives:

DrWeb	Trojan.DownLoad3.33763	20150119
Jiangmin	Trojan/Rozena.dyn	20150118
K7GW	DoS-Trojan ( 20036d9f1 )	20150117
NANO-Antivirus	Trojan.Win32.Agent.djebgp	20150119 This is not a good sign.  Now I know sometimes developer packages can set these things off.  Somebody I would say definitely needs to look into this in depth.

[SteveJG]

@Jerry, 

What app did you just scan?  One you made with AI or something else?

What program did you scan this AI2 app with ?  AVAST, AVG, Eset or something else.  We are aware some versions of that software do provide false positives.

Did you scan the apk on the PC or the device?    

Is this an app with Web  PUT and GET calls?   Some scanners do not like those calls.

Have you a scanner on your app like the free McAfee Mobil scanner?   What does that scanning app say about your app versus the scanning app you are using?

Regards,

Steve

[Taifun]

@SteveJG, he is talking about virustotal.com 

you can see the result of the latest scan of the file AppInventor_Setup_Installer_v_2_2.exe here https://www.virustotal.com/en/file/4f5574b295a22362d8e181c3cf83979078ae10a0665ea22b260478ec48694664/analysis/

Taifun

[JerryY]

Yes, Virus total.  This is on the INSTALLER as SteveJG says.

Last night I ran MS maliciousSoftwareRemover and Sophos independent and came up with no infections, but that is no guarantee.  If you are not familiar Virus Total runs 56 scans using different scanners. 

[Taifun]

as Hal said 

"those scanning companies are notorious about issuing false positives and leaving others to clean up their mess."

Taifun

[Andrew Mckinney]

Hi Jerry,

I would really like to help get to the bottom of this issue, it is fraught with many variables to consider in order to find, diagnosis and analyze and come up with the right answer and solution. Your help is greatly appreciated. I see you just made a reply `to Steve's, and will look at it closer, but as much detail as you can give us would be most beneficial. I will start investigating this issue very carefully.

Any more information would be helpful, and thanks again.

Andrew

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Andrew F. McKinney • Director of Software Development • MIT App Inventor Project • MIT, Center for Mobile Learning, Media Lab • MIT, Computer Science and Artificial Intelligence Laboratory, CSAIL • http://appinventor.mit.edu l @MITAppInventor

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 

[Taifun]

@Andrew: from the FAQ https://www.virustotal.com/en/faq/

VirusTotal is detecting a legitimate software I have developed, please remove the detections
VirusTotal acts simply as an information aggregator, presenting antivirus results, file characterization tool outputs, URL scanning engine results, etc. VirusTotal is not responsible for false positives generated by any of the resources it uses, false positive issues should be addressed directly with the company or individual behind the product under consideration.
We can, however, help you in combatting false positives. VirusTotal has built an early warning system regarding false positives whereby developers can upload their software to a private store, such software gets scanned on a daily basis with the latest antivirus signatures. Whenever there is a change in the detections of any of your files, you are immediately notified in order to mitigate the false positive as soon as possible.

[JerryY]

This issue really is a pain.  I have seen this before with other developer packages (I do a lot of astronomy and at lot of our software is public domain.... but you have to be careful.  I suspect this is OK, but it would be nice to see the source code and compile it ourselves....  anyway, hard to spend enough time on this.

[Enis]

App Inventor is an open source project...  However, I don't believe the setup tools are part of the source project.  The source code is located here:
http://appinventor.mit.edu/appinventor-sources/

A new set of setup tools are not far away, but no ETA yet.

[Elias Nuñez Cosco]

no like