Insecure Download
-
Why does this happen?
--
ModEdit: Title -
@LeakLee As it says, the download does not support HTTPS and thus is "insecure". At least they did give you the warning with an option to continue - other recent versions were aborting the download with no message.
-
@sgunhouse, I tested the site with VirusTotal and with Webbkoll, VT don't detect malware but with Webbkoll you can see that this site don't have any protection, which made it very insecure to download from there. You can't even audit Ezpaint, because it's closed proprietary soft.
If you need an Paint app with similar features, you don't even need to download nothing, you can use MiniPaint, which is OpenSource, right in your browser. It's even better than EzPaint. If you want to download an Paint app, you can use alternatively Krita, which is FOSS and at profesional level, or something simpler TuxPaint.MiniPaint
Krita
TuxPaint
>Laptop ACER, AMD Ryzen, GPU AMD Radeonย RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
๐ Vivaldi links๐ My Themes
-
@Catweazle The point isn't whether the site contains malware, but that anyone (router/switch/ISP, whether controlled by the owner of that equipment, or by an intruder) can maliciously and undetectably modify the content while it is in transit.
Thus, what the site sends you may not be what you receive, and that is why an unencrypted download is dangerous.
BTW, yes, you may use SHA256 hashes to verify the transfer, BUT: where did you get those reference hashes from? The same server as the download came from? If so, the reference hash is as untrustworthy as the download itself. You can only (moderately, assuming the server isn't compromised) trust such references when they come from a secure server (and if that is used, then the download can be served from that server, too).
PGP signatures may be used to provide a more secure verification of downloads, provided you trust the public key, that is
. -
@yngve, anyway, if Vivaldi said that the site is insecure for download, I usually take the notice seriously, checking the page and probably looking for an alternative. Good Paint apps exist in dozens.
Downloading apps from fishy sites is a mistake that I do not recommend to anyone-
