Latest WACUP public preview for x86 & x64 is build #20202 (September 28th 2024) (x86 & x64 changelogs)
Latest restricted WACUP beta release is build #20202 (September 28th 2024) (x86 & x64 changelogs)


NOTE: Beta testers are added in a limited & subjective manner as I can only support so many people as part of the beta test program to keep it useful for my needs.

Unless I think you're going to be helpful, not all requests will be accepted but might still be later on. Remember that beta testing is to help me & the limitations currently works for my needs for this project.

Author Topic: Downloading WACUP on Microsoft Edge  (Read 7695 times)

andrei

  • Newbie
  • *
  • Posts: 3
    • View Profile
Downloading WACUP on Microsoft Edge
« on: July 22, 2020, 10:15:34 AM »
I'm using the new, Chromium-based Microsoft Edge browser.

When downloading the .EXE file, I am warned that:

Quote
This app might harm your device
Microsoft Defender SmartScreen reported that this app is not commonly downloaded; you should only open files you trust.

Name: WACUP_Preview_Portable_v1_0_12_5586.exe
Publisher: Unknown

One of the available options is to "Report this app as safe". Clicking that link takes me to a page on Microsoft's site that offers the option to:

Quote
I am the owner or representative of this website and I want to report an incorrect warning about it

Someone in charge of WACUP may want to use that option and alert Microsoft that this is a safe download.

I'm attaching some screenshots I took.
« Last Edit: July 22, 2020, 10:16:13 AM by andrei »

andrei

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Downloading WACUP on Microsoft Edge
« Reply #1 on: July 22, 2020, 10:19:01 AM »
The Windows Defender SmartScreen also complains when trying to run WACUP.

dro

  • Admin / WACUP Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 4769
    • View Profile
    • WACUP (Winamp Community Update Project)
Re: Downloading WACUP on Microsoft Edge
« Reply #2 on: July 22, 2020, 02:40:21 PM »
They all complain because it's not code-signed & that's not something I'm going to do due to personal reasons & it doesn't mitigate against such warnings.

I've tried downloading it from the site onto a clean VM with Edge but it didn't give me any of the dialogs other than the normal "requires admin" one. Unfortunately I can't see the link needed to try to report it myself as safe (am trying to find anything direct from the MS site). Unfortunately it's a case of you need reputation to allow it to be downloaded but to get reputation you need to be downloaded.

Thanks for taking the time to report this, is appreciated.

-dro


dro

  • Admin / WACUP Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 4769
    • View Profile
    • WACUP (Winamp Community Update Project)
Re: Downloading WACUP on Microsoft Edge
« Reply #4 on: July 22, 2020, 03:07:24 PM »
I've filled out what I can & submitted it so will see what happens.

-dro
« Last Edit: July 22, 2020, 03:12:45 PM by dro »

Aminifu

  • Beta Tester
  • Hero Member
  • *****
  • Posts: 1200
    • View Profile
Re: Downloading WACUP on Microsoft Edge
« Reply #5 on: July 22, 2020, 08:07:50 PM »
For the first time Windows 10 Defender took aggressive action on its own and deleted winamp.exe from the WACUP folder when I clicked on my taskbar shortcut. I instructed Defender to accept the file and replaced it from the 5770 build installer. So far no more issues. I also have Malwarebytes Premium installed and it has never objected to WACUP.

Since I have Malwarebytes I'm considering removing Defender, but I figure Microsoft will just reinstall it with the next major update. Does anyone know if Microsoft will do this?

I've been using both apps thinking that one might catch something that the other may miss. But, I'm getting tired of Defender objecting to things I know are safe.
« Last Edit: July 22, 2020, 08:21:36 PM by Aminifu »
Windows 11 Home 64-bit v23H2
Logitech Z906 5.1 speaker system

Dr.Flay

  • Evil Genius
  • Beta Tester
  • Hero Member
  • *****
  • Posts: 147
  • AMIGA Forever
    • View Profile
    • About Me
Re: Downloading WACUP on Microsoft Edge
« Reply #6 on: July 22, 2020, 08:48:52 PM »
1) disable smartscreen protection in edge
https://www.windowscentral.com/how-download-blocked-files-smartscreen-filter-microsoft-edge
2) Tone-down the settings in Defender
https://github.com/AndyFul/ConfigureDefender

Not sure I would put much faith in malwarebytes alone these days. It hasn't been a top contender for a while and is no longer shown in the AV-Comparatives tests.
Order this list by protection rating and see where it rates
https://www.av-test.org/en/antivirus/home-windows/

Better to add VirusTotal scanning in your browser than rely on smartscreen or chrome's own google blocklist.
https://add0n.com/virus-checker.html
https://add0n.com/security-plus.html
My weekly radio show on Source FM ☛ 15% Extra

dro

  • Admin / WACUP Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 4769
    • View Profile
    • WACUP (Winamp Community Update Project)
Re: Downloading WACUP on Microsoft Edge
« Reply #7 on: July 22, 2020, 09:37:13 PM »
I'd assume it removed the stub winamp.exe because its not a full exe but odd to do it now when it's been ok beforehand. Unless someone has been flagging it as I think has been happening as there's nothing to the exe to be malicious.

Though as I'm near to doing another build I've been rechecking VT reports for the installers & files where I'm almost (finally) down to no installer false positives (just 1 currently) but some of the dlls are getting flagged generically again so I need to followup on those.

And if I didn't have to provide a load of personal details to a company that I'm not happy doing so (all because I'm not a business which is a whole different matter) then we would have been code signed by now but that's not happening now & was never a guarantee of resolving false positives *shrugs*

-dro

Aminifu

  • Beta Tester
  • Hero Member
  • *****
  • Posts: 1200
    • View Profile
Re: Downloading WACUP on Microsoft Edge
« Reply #8 on: July 23, 2020, 01:01:15 AM »
@ Dr.Fay,

Thank you for your comments. However the current version of ConfigureDefender can no longer control Real-time Monitoring which is the main feature of Defender that I'm concerned about. I can tell Defender to turn this off, but it automatically turns back on after a short time.

I was not aware that Malwarebytes has fallen so far out of favor, but I'm not surprised. There was a lot of issues when Premium was first released.

I've only been depending on Defender and Malwarebytes for the last 2 years (and the default protections in the Pale Moon and Vivaldi browsers I use). Before that (for decades) I used a lot of different stuff, but I finally decided that was overkill since I'm careful about the sites I visit and what I download and I was never successfully attacked..


@ dro,

I understand and agree with your privacy concerns. However with so many bad actors these days (individuals and governments), it's just a matter of when (no longer if) most privacy rights will be abolished.

Anyway, as long as these so called antivirus/antimalware protections can be reversed or worked around, it's just a nuisance *shrugs*.
« Last Edit: July 23, 2020, 01:08:27 AM by Aminifu »
Windows 11 Home 64-bit v23H2
Logitech Z906 5.1 speaker system

dro

  • Admin / WACUP Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 4769
    • View Profile
    • WACUP (Winamp Community Update Project)
Re: Downloading WACUP on Microsoft Edge
« Reply #9 on: July 25, 2020, 10:29:37 PM »
It's more that it involves generically emailing things (once notarised) to a random stranger who will then just flick a switch & that's my issue as the only viable info I can provide effectively leaves me at risk of identity theft & pissed off users is something I'd take over the shit that could otherwise occur.

I know the govt has all sorts of info on me as do certain companies & I also get why the barrier to get a code signing certificate has to be a hurdle but right now I don't have the trust to give over the information that is required especially when there's zero guarantee that it'd even help alleviate some of the issues from not code signing things as that generally needs the certs that require a disproportionately larger fee.

-dro
« Last Edit: July 25, 2020, 10:30:50 PM by dro »

CodeLurker

  • Jr. Member
  • **
  • Posts: 5
    • View Profile
Re: Downloading WACUP on Microsoft Edge
« Reply #10 on: July 29, 2020, 11:39:27 PM »
FWIW: Code signing, IMHO, isn't (yet) so oppressive that it's not feasible for an independent freeware author to get a signed cert.  If you are an author of freeware, and it is e.g. under a license like the GPL, LGPL or MIT freeware licenses, there are many cert. authorities who will sign your software for free.  At least, that was the situation when I looked into it last.  (I have an app. I'd like to market, but it's stalled, since there are important usage cases it doesn't work for.)

The situation is similar to domain registrars, where there are a long list of cert. authorities to choose from.  Each will probably have more or less different corporate cultures.

Having never got far enough into it, I can't speak to what private info they ask for, or if it is given to a govt.  Also, since you don't hold the copyright to WinAmp, but you do rely on parts of its executables, you might not be able to get a certificate for that.  You might think of a freeware WinAmp upgrader, such that you ask for WInAmp to be installed first, and then your freeware with a free cert. is installed over it, and patches it.  You might want to have it as an alternate vers., for users with problems with installing.  When Wacup has finally replaced all the closed-source code, then you wouldn't need WinAmp to be installed first.  I do hope it goes open-source, since when things kept happening to NullSoft, and the source was unavailable to the community, it was impossible to develop it further.  I see a post where you mention a Linux vers., and I have become rather fond of the Qt framework.  It's pretty flexible, cross-platform, and I suspect it might could even do a WInAmp.  You can use it for free, under LGPL.  wxWidgets is another option.  It uses native widgets of a given platform, but is less powerful, generally, and in terms of an IDE, Qt Creator is way more advanced than anything similar for wxWidgets.  wxWidgets has been used to create, e.g., Audacity, but I've long since moved on.  I have even heard of people able to create their own digital signatures; but I can't say what Windows Defender would make of such signatures.  I encourage you to look into a digital signature.  It might not be as bad as you think.

Note that I routinely use a hard-to-find utility (not mine) to turn off the requirement for digital signatures on my Windows 7; which I've attached.  It might solve some problems like this for Win7 users, like myself, or Win10 users even.
« Last Edit: July 29, 2020, 11:42:45 PM by CodeLurker »

dro

  • Admin / WACUP Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 4769
    • View Profile
    • WACUP (Winamp Community Update Project)
Re: Downloading WACUP on Microsoft Edge
« Reply #11 on: July 30, 2020, 12:52:35 AM »
There were free certs for OSS but that went away a while back from what I could tell (can't remember the name of the provider but they got shut down from what I remember) not that WACUP has any plans on being 100% OSS which is my choice & if someone doesn't want to use WACUP due to it not being OSS then I've no problem with that. I do however need to follow-up on a ticket I have with the cert provider to see what alternative options I've got to validate, etc.

My intention was only to sign files that I build & provide & I already separately get the 5.666 installer & download it on the users behalf so I'm not directly shipping those files. I know there's also the option for self-signing but other than for the possible integrity aspect it actually seemed to cause issues with my local testing of things being flagged vs just providing the files as-is.

Considering how much I've replaced vs the closed source nature of Winamp & will be replacing going forward, I have to disagree somewhat with that comment & it's more down to lack of 3rd party developer interest that is the thing &/or those that have that interest are already working on other players. Not that source code is of any use unless you've got developers to work on it & like with any codebase, it'll get re-written as it's not in their style, etc etc or ripped apart & leveraged in other players since that's what tends to happen with any Winamp related source code.

As for linux, my comment should have been along the lines that if I was to go to a non-Windows platform then linux is more likely to be it but there's more than enough to keep me going on Windows for the time being with native 64-bit one of the key aims. As for QT, that would be my least liked choice for a framework on my prior attempts to use it for something else (just couldn't get on with it & the overhead that comes with it) as I just prefer where possible to interact directly for smaller code (same goes for my dislike of MFC on Windows dlls). Plus WINE seems to be doing a good job nowadays that most things tend to just run from what I'm seeing.

-dro
« Last Edit: July 30, 2020, 01:12:33 AM by dro »