Hacker News new | ask | show | jobs
by styeco 1512 days ago
I wish they would take the antivirus issue on Windows more seriously https://github.com/nim-lang/Nim/issues/17820

This issue alone means I can't use it at work, and I haven't put much time and thought into Nim as a whole because I could only use it in private toy projects.

I understand it's mostly the AV vendors fault and the devs shouldn't have to worry about a problem they haven't caused, but for me, this grinds real-life adoption of the whole thing to a halt.
3 comments
tyingq 1512 days ago
It's not clear to me what they could do. In the thread you linked, it's not just the binaries of the various nim executables, but also user generated binaries. And it appears that even signed binaries are getting flagged by some vendors.

I'm guessing the issue is that some malware writers started using nim, and the antivirus vendors then decided to make heuristics that detect nim generated binaries and call it malware.

link
PMunch 1512 days ago
This is pretty much it, malware was written in Nim, vendors started fingerprinting those binaries but didn't include any/enough non-malware binaries. This means that the fingerprint is more "this program is written in Nim" and less "this is malware written in Nim".
link
GordonS 1512 days ago
Yikes, does that mean scumbags could effectively torpedo any new language, like Zig and Hare, for example?
link
snowcorn 1512 days ago
Yes, but it's not like this only happens with small/new languages. Even today, Go-lang binaries will often get detected by various Windows anti-malware software. They even have a section in their FAQ about it [0].

Also, in Hare's specific case, it doesn't _really_ matter as they will never support Windows or MacOS [1], and there isn't a significant presence of anti-malware software on linux distros.

[0]: https://go.dev/doc/faq#virus

[1]: https://harelang.org/platforms/

link
maleldil 1512 days ago
Not supporting Mac is a big shot in the foot from Hare. Is this a case of ideology getting in the way of pragmatism, or do they have technical reasons? Singling out proprietary platforms sounds ideological.
link
tyingq 1512 days ago
"As other commenters alluded to, it's an ideological and practical decision. We simply prefer free software operating systems. We do not care to legitimize nonfree platforms, and we prefer to be able to read (and patch) the code to understand the tools we depend on. If that's a deal-breaker for you, no worries - Hare does not have to appeal to everyone to achieve its goals."

https://news.ycombinator.com/item?id=31158576

link
tyingq 1512 days ago
Hard to say, since we have no idea how the antivirus vendors are identifying nim. Maybe there's something about the fact that nim compiles to C which is then usually compiled by mingw? (You can use compilers other than mingw, but it's the default).

Mingw might have a higher weight for "this is malware". Then you combine that with nim generating code that's common across most nim binaries (the GC, boilerplate symbols, etc).

Then there's perhaps not enough positive signals to offset that, since there's not yet a wildly popular windows app written in nim.

link
styeco 1512 days ago
I hope I didn't come off as too aggressive in my original post, I'm not trying to demand anything, or trying to act like I know anything they don't, I most certainly do not. I just love the language so much, I wish I could use it more. The linked issue doesn't show any traction, and other languages used for malware don't have this problem, so I (probably incorrectly) presumed there was a lack of interest to solve this. I apologize if I came off as demanding.
link
Tozen 1512 days ago
They have to work with and stay on antivirus vendors more aggressively. You can take new releases and submit them to the antivirus companies to get white-listed. They each have their own processes, but a lot of them allow going to their website and submitting as false-positives, then you can do follow up e-mails.

Probably best to select the top 10 AV companies, to keep the workload down. Per each release, shouldn't be too bad, though likely someone or a group needs to be designated for the task.

link
PMunch 1512 days ago
We take it very seriously, but there isn't a whole lot we can do unfortunately. Apart from reporting false positives the only venue we could pursue is applying obfuscation practices used by actual viruses. This of course has its own slew of issues.
link
guiriduro 1512 days ago
Yep, I mean, if the virus defence community took the same blanket, lazy approach with C and C++ compilers because viruses can be written in those, too (shock horror!) they'd be shutdown by some big players very fast.
link
nyanpasu64 1512 days ago
I hear (but have not personally seen recently) that MinGW-compiled EXEs are falsely detected as malware by some programs: https://stackoverflow.com/questions/62364507/compiled-c-exec...
link
GordonS 1512 days ago
Are Nim Windows binaries signed with Authenticode?

If not, it's possible to get reasonably priced code signing certificates.

link
jthrowsitaway 1512 days ago
MS Defender flags binaries that have been compressed by upx. It's really annoying because upx is a great way to shrink binaries.
link