zetec

This is a regretful answer, because it means that Launchbox doesn't take it's security seriously. I was hoping the official response would be more professional. "Dude trust me" doesn't fly in today's security environment. If I planned on continuing to use Launchbox - which, based on this response, I won't - I would want to know the answers to the following questions: - What steps have you taken to ensure that your codebase hasn't been compromised? - Has there been a review of recent commits? - Has there been a review of the build tools to make sure they're not compromised? - When was the last security audit of LB systems? A common method for malware to be inserted into legitimate software is for the build tools themselves to be compromised - I'm posting this in hopes that a lesson can be learned - but the arrogance of the entire LB team's reaction to a serious concern has me officially done with this solution. Hope you guys figure out how to respond to security concerns in a more professional manner in the future.

This is atrocious. Blaming a specific antivirus instead of providing information about why it's being flagged as a false report is the kind of thing that makes security-conscious users like myself run for the hills. The way this is being handled deserves more attention, because that response is completely inappropriate and dismisses serious concerns with no justification for doing so.

I posted in the troubleshooting channel. A user named "Mad" something-or-other was extremely dismissive, so I left - so I don't have any screenshots of that exchange. After I left the server, another user named Maria messaged me to say that user wasn't affiliated with the LB team. I don't appreciate the insinuation that I've made a false report - but this is sadly consistent with my LB experience today. This whole experience has turned me off from LB all together.

This isn't your fault - This is something LB needs to address.

I just tried to ask about this in the Launchbox Discord and was met with rude dismissal of my concerns. "Don't worry about it" is absolutely not okay as a response to being flagged by four vendors, and if this is how the Launchbox team approaches security, not only will I no longer use it, but I have to recommend that nobody else does as well.

Too many software projects have had malware inserted into them lately without the author's knowledge. I'm not whitelisting this until LaunchBox makes an official statement - and I hope that statement includes a review of any recent commits or changes in build tools.

VirusTotal shows four different vendors - including MS and Symantec - as Launchbox.dll being infected. https://www.virustotal.com/gui/file/f5b98b798da40f7f28829f874d78258849f1e9a24eae32624acc5d6d25824c61/detection This isn't acceptable - Won't be using Launchbox until this is sorted.