Giters

pratyakshm / WinRice

Set up your brand new Windows device up to a breathtaking 60 times faster.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Virustotal reports WinRice-main.exe as malware

b-kiddo opened this issue · comments

commented

Select category

Security

Windows version

Windows 11 21H2

Expected behavior

WinRice-main should be no virus or malware

Actual behavior

5 security vendors flagged WinRice-main.exe file as malicious
https://www.virustotal.com/gui/file/2dc063178d66f21aa23b7721c7f93e1792d0d9e265b55f1856c2d059b9b523f3/details

WinRice output

malware

Alternative software run

  • I have run alternative software that offers functionality similar to WinRice

Link to alternative similar software

No response

commented

TL;DR

I've been bothered by way too long by AV providers. Unless a more relevant AV provider like Microsoft, Kaspersky, Bitdefender, or Malwarebytes flag this file, I'll no longer dispute "detections" by other AV providers. WinRice is FOSS. If you are concerned about security, you may study it and decide if you want to run the program.

Thanks for bringing this up. I am going to use this opportunity to explain what's the deal with WinRice and some AV providers.

For the rest of this post, I will refer to antivirus provider as AV.

WinRice is a program that changes some settings of the operating system using registry, deploys apps downloaded from the Internet using PowerShell Appx module and WinGet, and uses more PowerShell modules to modify Windows optional features. While there's this, there's also WinRice documentation that I strongly encourage every user to read so that they know exactly what this program does. I also implement a not-so-useful but still an honest check for this when WinRice starts up.

You may put it like this: WinRice is a program that uses automation to setup Windows devices, and part of it is modifying the operating system. AVs, in general belief, do not like programs which modify the Windows operating system, and since WinRice is one of those programs which modify the operating system, they flag it. But the difference is that WinRice is a good actor, provided you as the user have read its documentation and know what it does.

I understand that its due to the unpopular and modifying operating system nature of WinRice that it tends to get flagged by AVs even though it isn't a bad actor - and I cannot do anything about it except ask you (the user) to report this file as safe, given that you believe so too.

In the past, more AVs flagged WinRice executables, however that number has gradually gone down. I got this EXE WinRice-main.exe scanned by Microsoft Defender ATP team and they removed incorrect malware detection. This EXE is just made of a one-line PowerShell command which runs the latest WinRice code from GitHub.

As the author of the project, I can and will re-assure the fact that WinRice doesn't contain harmful code, and doesn't do anything funny or suspicious on users' devices. You may not trust me and proceed to study the source code and find it out yourself - its what one should do when they have access to the source code free of cost.

P.S. If you're someone (not only the person who created this issue) who is genuinely deeply concerned about security, you shall not run PowerShell scripts from the Internet without studying their source code.

I shall also take this opportunity to announce that I've been too bothered by these false-positive antimalware detections in the past, and I've reached a point where I no longer care about these "detections" unless they're by some reputed source like Microsoft, Kaspersky, Bitdefender, and Malwarebytes. Hence, if any of these mentioned AV providers flag WinRice in the future, you are more than welcome to report that to me by opening an issue in this repository. In case of other providers, you may report the EXE as safe.

This also sounds like a good time to remind you why you shall not use VirusTotal - Caution: Misuse of security tools can turn against you.

Hopefully this clears things up between me (the author) and users of WinRice. Thanks again for reporting this issue so that I could finally break the silence on this. I am closing this issue, but I will be happy to follow up with answers to any questions you all have regarding this topic, in replies to this thread.

This post is in-development and hence will continue to get updated in the future.

Good day/night!