zetec
-
Posts
8 -
Joined
-
Last visited
Content Type
Profiles
Forums
Articles
Downloads
Gallery
Blogs
Posts posted by zetec
-
-
30 minutes ago, Benjc said:
Just got a response from LB support but there’s still a skeptical part of me hesitating running the installer unblocked:
“There is no virus in the 11.14 release; it's a false positive. I assume you're running Symantec/Norton anti-virus? Symantec is known for throwing false positives left and right and generally just being a terrible anti-virus solution.”
This is atrocious. Blaming a specific antivirus instead of providing information about why it's being flagged as a false report is the kind of thing that makes security-conscious users like myself run for the hills.
The way this is being handled deserves more attention, because that response is completely inappropriate and dismisses serious concerns with no justification for doing so. -
I posted in the troubleshooting channel. A user named "Mad" something-or-other was extremely dismissive, so I left - so I don't have any screenshots of that exchange. After I left the server, another user named Maria messaged me to say that user wasn't affiliated with the LB team.
I don't appreciate the insinuation that I've made a false report - but this is sadly consistent with my LB experience today. This whole experience has turned me off from LB all together.
-
21 minutes ago, Benjc said:
Don’t suppose anyone knows if there’s a way to download 11.13?
As an aside, I can’t help but feel in some way responsible for this- I’m one of those people who has a problem when stuff works fine for everyone else. I’m in no way surprised this software that everyone lauds as being quick and simple to set up developed a serious installation problem the very day I decided to install it for the first time
This isn't your fault - This is something LB needs to address.
-
I just tried to ask about this in the Launchbox Discord and was met with rude dismissal of my concerns.
"Don't worry about it" is absolutely not okay as a response to being flagged by four vendors, and if this is how the Launchbox team approaches security, not only will I no longer use it, but I have to recommend that nobody else does as well.
-
Too many software projects have had malware inserted into them lately without the author's knowledge.
I'm not whitelisting this until LaunchBox makes an official statement - and I hope that statement includes a review of any recent commits or changes in build tools. -
VirusTotal shows four different vendors - including MS and Symantec - as Launchbox.dll being infected.
This isn't acceptable - Won't be using Launchbox until this is sorted.
Zpevdo.b trojan in latest LB installer
in Troubleshooting
Posted
This is a regretful answer, because it means that Launchbox doesn't take it's security seriously. I was hoping the official response would be more professional.
"Dude trust me" doesn't fly in today's security environment. If I planned on continuing to use Launchbox - which, based on this response, I won't - I would want to know the answers to the following questions:
- What steps have you taken to ensure that your codebase hasn't been compromised?
- Has there been a review of recent commits?
- Has there been a review of the build tools to make sure they're not compromised?
- When was the last security audit of LB systems?
A common method for malware to be inserted into legitimate software is for the build tools themselves to be compromised - I'm posting this in hopes that a lesson can be learned - but the arrogance of the entire LB team's reaction to a serious concern has me officially done with this solution.
Hope you guys figure out how to respond to security concerns in a more professional manner in the future.