Unauthorized Vivaldi installers – help us find them
-
Belgium is arguably the number one beer country in the world, and I happily concur with that sentiment.
-
Windows is aiming to get rid of the malware issue with UWP technology (only for Windows 10 I'm afraid). Win32 apps should be very slowly phased out (7-10+ years) for the new container.
Here's why: http://www.infoworld.com/article/3049955/security/microsoft-uwp-boosts-security-for-windows-apps.html
In short:
- UWP apps do NOT use the registry in any way
- UWP apps are sandboxed
- UWP apps have their own package (.appx)
- Addendum: You don't need to use the Windows Store to distribute .appx apps.
I strongly suggest doing some research about it, it's very beneficial for Windows 10+ users.
-
Thank you
-
That is correct. And I generally think that pretty much anything that anything that you would not want installed on your system can be considered malicious. Antiviruses and other tools do flag those PUP's after all.
-
Thanks for telling us. We'll have a look at it for sure.
-
Well, actually, I don't drink alcohol at all for a few different reasons, so that excludes more than just beer.
And if that portable installer is just a regular tool that's forthcoming with what it does and doesn't install anything unexpected, then I don't think we're too worried about it.
-
Thank you!
And indeed. I've been using FreeBSD for close to 15 years. Mostly for running servers but the last 6 months, I switched over my home desktop computer from Windows 7 to FreeBSD 10.3. I have started contributing on the FreeBSD forum as well, but I haven't had a lot of time for that.
-
Thank you!
-
The animated gif at the end of the blog post shows you how to check if a file is legit without running it. Basically, if it has our signature, it's safe. We don't mind third parties sharing links to our actual installer but we don't want them to install vivaldi and potentially unwanted programs or other malware as part of the same package.
-
Yeah, it's easy to overlook those checkboxes. We'll see if this is something we want to do something about.
-
Does this fit your conditions of Vivaldi being packed with unwanted software?
Chip started giving its own download manager behind its promoted download button by default for a few years now. But it usually has a link to the ral executable, too.
-
An easy way to check a Windows executable's signature on Linux is to download the Sigcheck command line utility from Microsoft, and run it using Wine. (Not beer, har har.) It seems to work correctly but may not be able to print the file's version information under Wine. I don't know if it works with the FreeBSD port of Wine, though.
-
Too bad a MD5 isn't posted.
-
Instead of an extension one should be able to do this through the Download Manager. Either right click and "Properties" or right click and "Scan with… " whatever AV is installed as Opera < 15 could do.
-
Not sure about the claim to be both a) Belgian and b) non-beer-drinker - but it may explain the move to Norway…
(One of the many likes to Ruario's msg came from me by the way.) -
good.
Of course if Vivaldi would offer portable installation there would be no need for a third party to do so.(hint hint)
-
The suggested workaround above all are good but they're only good for mediocre~advance user.
No doubt the problem will hit lower or casual user more hard, isn't it? And any computer veteran here know, that will cause a really bad domino effects.
Honestly, for these guys, the easiest solution is to just get Vivaldi from main site (for Windows) or Mac market(?)… period. -
I'm also a fan of UWP for reasons cited. I understand why the Vivaldi team would naturally want to program for Win32 at this stage, but I would be thrilled to see a modern Windows version eventually.
-
most of these installers are wrappers over original installer. they install their own stuff then starts install of original software (sometimes they ask for install path and other stuff too if wrapped installer has option for silent install which will install to given path without showing itself).
sometimes of course installers are not wrappers - they unpack vivaldi files and pack them inside own installer
both way there will be no chance to add hash checking - in first case it will match the original, in second there will bo no check at all
modifying original installer would be the least efficient way to do such thing
-
The thing with VirusTotal though is that it combines the results of 50+ or so AV scanners at once, with advanced insight into the actual package contents.
Or even before downloading anything you don't trust, you can just paste a link!