[kcartlidge]

I followed the link to the Nim site and downloaded the official 64 bit version.

Windows Defender (Win10) reports a severe threat in nim-1.4.8\bin\vccexe.exe - Trojan:Win32/Wacatac.B!ml - which allows remote code execution.

It may be a false positive - but the whole post is about exploits so I'll probably not risk it.

[HuskyHacks]

Hey, OP here! Sorry about Defender flagging on this. I'm putting it through some tests and will tweet the Nim devs to see why this is an issue. I've used Nim for a while now and never had any problems. And from some light googling, it looks like this is a known false positive issue. In any case, apologies for the scare!

[kcartlidge]

No worries. Now you've mentioned it I can see in their forums it is an ongoing issue with Defender specifically.

I'm very much averse to trusting the supplier of an installer enough to disable security checks, especially for a development toolkit where on the remote chance it is real it propagates into what I build on that toolchain, so I'll probably revisit at a later date.

As a fan of Modula-2 and Pascal I've always found the look of the Nim syntax appealing, so I'm quite looking forward to another way of coding cross-platform desktop apps (I avoid Electron and Mono, which usually leaves Lazarus) and your post reads quite interesting in that regard.

[auxym]

Yes, unfortunately it is likely a false positive. The devs are aware but it appears to be difficult to fix.

https://github.com/nim-lang/Nim/issues/17820