Mirror of forum.nim-lang.org

11252 :: Approach used by Golang to avoid false anti-virus flagging

[2024-03-19T12:25:55+01:00]

elcritch (orginal) [2024-03-19T12:25:55+01:00] view original

Saw this on hackernews some time ago about Golang devs facing false anti-virus flags: https://gopacker.dev/docs/

Seems like a similar approach could work for Nim Windows devs. I haven't looked but I'd bet there are obfuscates for C/C++ which would achieve similar results. I don't ship stuff on windows myself, but maybe it could help others.

icedquinn (orginal) [2024-03-19T15:18:13+01:00] view original

If you are going to turn your code in to bullshit then the answer is buying a code signing certificate.

These kinds of destructive operations are the same thing done by exploit kits such as Veil https://github.com/Veil-Framework/Veil to bypass heuristical scans.

treeform (orginal) [2024-03-20T12:53:36+01:00] view original

From personal experience, code signing certificate does not help with anti-virus programs. Only time and enough users marking the software as safe does.

icedquinn (orginal) [2024-03-25T23:11:13+01:00] view original

they may have to be the extended verification kind. i remember indie developers were upset about this in the past because those are expensive and a pain.