Hi, I'm a newcomer to the language and appreciate the specific combination of speed, expressiveness and flexibility. However, as I tried to write a small utility for my use at work (and maybe spread it around in my team), I noticed that after some, apparently irrelevant, changes, the binaries fail to run. After trying futilely to minimize the source code to report a bug, I noticed that it is the anti-virus program that prevents access to the binary I just compiled. I was about to try to sneak Nim into our workflow, but in the current state, I don't dare to try it because I never know if I can run it.
So, what can we do about this? Until this is settled, I am very reluctant to even try to suggest working with Nim to anyone.
Nim team is doing stuff to make this better: https://forum.nim-lang.org/t/9358
But it's really your anti-virus software that is at fault here...
As a person who has shipped a commercial windows app that was regularly hit by anti virus. There is almost nothing you can do except wait. Antivirus hits you when you .exe looks different from anything it saw before. Antivirus does come down after your .exe is shipped to thousands of computers and users unquarantine it manually many times. Signing the exe with windows keys or uploading your exe to special white lists does not work! We tried. It's just time and install base. Every update changes the exe and AV would flare up again.
Personal opinion: antivirus is basically a scam and worse than the protection they offer. They live off unsuspecting users selling them upsells and snake oil. They leach off large enterprises. They have too many false positives and don't really stop viruses.
They will sell your browsing data, replace ads you see with their own ads, and mine Bitcoin. They will even also replace root certificates on user machines and expose them to man-in-the-middle and spoofing attacks undermining all security. Run a way!
https://www.theverge.com/2022/1/7/22869528/norton-crypto-miner-security-software-reaction
I ran in the same problem. In the office we have Windows Defender, no options to disable it. I decided to install the latest Nim version not triggering the malware false alarm, i.e. Nim 1.4.4.
After downloading chosenim.zip (to me it worked with chosenim 0.7.4, this is the version dom96 is linking for Windows... I'm afraid later version have been compiled with new Nim compiler... maybe it safer to stay with 0.7.4 version) here:
I unzipped the content and replaced one line in runme.bat
.\choosenim\choosenim.exe stable --firstInstall with
.\choosenim\choosenim.exe 1.4.4 --firstInstall And I had no problems since then. I built just a few binaries over time, none triggering antivirus/antimalware alarms. You may lose some improvements and corrections introduced between 1.4.4 an 1.6.6 that most likely will not impact your programming experience. I encourage to use it. Nim is fun, powerful and productive... Yeah, 1.4.4 too.
to me it worked with chosenim 0.7.4, this is the version dom96 is linking for Windows..
That's only because I didn't bother to update the link, nothing to do with Windows AV compatibility. Though maybe I shouldn't update the link since it works for now.
Run a way!
No.
A business has no moral. There are only two entities "it" listens to, shareholders and judges. The AV vendors are hurting Nim and it's users.
So, sew them.
Ah, OK, I thought it was intentional. I tested choosenim latest version, 0.8.4 both on my home windows laptop (Microsoft Defender), and VirusTotal online checker, so it seems choosenim causes no alarms.
So @EyeCon, you might think to download the last choosenim .zip, and modify the runme.bat to just download 1.4.4 version instead of the last stable one. If your main objective is to write small utilities for your use at work and maybe spread them around your team... comparing to use... powershell... Nim 1.4.4 is still a bargain!
;)
And of course, since Nim is a real system programming language, you can achieve much, much more. But beware, depending on the "IT culture" of your windows-based department, you might need to hide your super-powers... a lots of people thinks coding as black magic and you might be accused of witchcraft!
Just joking (well... not that much for my company...)
Many antiviruses offer a way to report false positives, so they can (and will, in my own experience) update their signatures.
Obviously not ideal, but ideal may not exist.
Did we miss the egg of Columbus? Indeed for MS Security I found:
and probably we have to go for Report a false positive/negative to Microsoft, considering the subcase "File or app on a device"
https://www.microsoft.com/en-us/wdsi/filesubmission/
Here there are several possibilities... maybe the most appropriate choice would be "submit as software developer" (which I'm not, but I don't mind to pretend if I can contribute to the cause). Going for that path, MS lawyers-bot come in and ask you to accept:
Windows Defender Security Intelligence needs your permission to: View your basic profile Windows Defender Security Intelligence will be able to see your basic profile (name, picture, user name). View your email address Windows Defender Security Intelligence will be able to read your primary email address. Maintain access to data you have given Windows Defender Security Intelligence access to Allows Windows Defender Security Intelligence to see and update the data you gave it access to, even when you are not currently using the app. This does not give Windows Defender Security Intelligence any additional permissions. Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. The publisher has not provided links to their terms for you to review. You can change these permissions at https://microsoft.com/consent. Show details
This is something I could do with my Microsoft home account (I'm not sure what "developer" means for MS in this context).
So I moved on, accepting requests, after logging with my personal Windows (free) account and then I have some field to fill-in, including corporate (I'm not). I can possibly fill in the field with dummy stuff, but then I'm not sure it will be properly handled. So I probably should go for the path submit as Home Customer. Here less mandatory fields.
But then what files? We know it's a moving target. In my home PC, the last malware detection (I ignored all of them) appeared when I installed 1.4.8 choosenim and is reporting: nimble.exe, nimgrep.exe, testament.exe, vcc.exe.
I can submit all of them in 4 separate submissions, but probably I should target choosenim installing1.6.6. Then I can add something more meaningful information in the notes (any suggestion?)... if we think is the appropriate path, we can ask all the windows user in Nim community to do the same, either with Home Customer, like me (no, I'm not willing to play with my work PC, they have this "smart" anti-malware agents that can lock your PC out from corporate VPN, it happened to a lots of colleague of mine, not for Nim, but for other suspicious software), or with Corporate Account. I believe that submission as developer might be considered more seriously, but maybe I'm wrong.
Probably a coordinate effort would be more productive.
We should avoid that our submissions are all dropped as noise / spam (very likely), and hope to reach some human brain "smart and kind enough" to digest the right information properly. Putting only some specific binaries in a whitelist will not solve the problem. They should remove some inappropriate "fingerprint" left by Nim compiler since 1.4.8 from their flawed heuristic.
Yeah, I also think a blog post calling the antivirus companies out is our best bet.
In the meantime I noticed replit has the same problems and I tweeted at a Microsoft PM who has helped them: https://twitter.com/d0m96/status/1560726434414469121