[badrunaway]

what can be done to stop all this? We need some sort of OS level layer to validate these things. If we put a local LLM which checks the bytecode of things which are getting installed/running for security = will that solve all this? My heart goes out to those who must have lost their money due to this.

[KennyBlanken]

Well, for one, the keylogger is detected by antivirus programs.

I keep coming across various projects whose executables trigger antivirus programs, and I think that when those triggers happen, "it's fine, don't worry" claims need to be treated with more skepticism.

At the same time, antivirus vendors need to stop being so lazy and using strings and such that are clearly part of an open source program/library for their signatures.

[badrunaway]

I believe there should be a clear indicator in UI of every OS when any new program listens to your keystrokes.. it should be the norm

[asveikau]

If you compile a benign binary yourself which has no malware, Chrome and Windows Defender will flag it as suspicious.

I was hacking on some open source stuff targeting win32, I posted some binaries on GitHub releases, I try to share with others... People tell me it's flagged as malware. It isn't malware. What do I tell them?

I hear code signing helps the heuristics to not get it flagged, but doesn't remove it.

If people working on said software want the warnings to be taken seriously, they should work on reducing false positives.

[creata]

One basic measure (one part of a solution) would be to split Comfy into two parts: the part that does all the work (running plugins, generating images) should have access to nothing but read-only access to the files it needs, the GPU, and a socket to communicate with the other part.

[badrunaway]

A cleaner API you mean which exposes what is necessary only.

[creata]

I meant sandbox the less trusted bit.

[FileSorter]

I think this is one of the use cases for a sandboxed WASM plugin system.

[creata]

But almost everyone working on these plugins really wants to use Python and PyTorch.

[badrunaway]

nobody ported python to wasm yet?