Description
Since some time now, our binaries are sometimes reported by AntiVirus software to contain malicious code. This is a meta-issue to collect information about this. I'll update the information as I learn more.
in short: our binaries do not contain a virus or malicious code - the reports are false-positives caused by something triggering machine learning models of the AntiVirus software.
What causes this?
AntiVirus software tries to detect programs that behave in a bad way. To do this, they look at patterns in the programs. It looks like AI is used increasingly for this. This means that if your executable contains patterns that look like patterns used in known malicious code, your code may be marked as malicious too.
It can be assumed that the widespread use of Pyzo also means that people writing malicious code use Python with PyInstaller, just like we do. This might explain why many binaries build with PyInstaller seem to be affected.
What can you do to run Pyzo?
- Sometime you may be able to select that you want to open the executable anyway, and things should be fine from there.
- You can (temporarily) disable your AntiVirus software.
- Use better AntiVirus software (e.g. Kaspersky or Avira).
- Run Pyzo from source: install PySide6 or PyQt5, and then
pip install pyzo.
Also, you can help us report the false positive. E.g. for Windows Defender you can use this form.
How can I know that Pyzo does not contain a virus?
Honestly, you can't. Pyzo is open source, but in theory I could put some extra code in the binaries. There is no way to tell from a binary. For what it's worth, if I did this and it was found out, I think that Pyzo's usage (and my reputation) would be in rapid decline :)
What can we do?
After a release, we should probably:
- Upload the binaries to https://www.virustotal.com/gui/home/upload and see if it gets marked as malware.
- If needed, report the false positive (Windows Defender, ...)
It likely helps build a positive reputation with AntiVirus software if we'd sign the binaries. This is not trivial though, because we'd have to do it per-platform, certificates can cost up to a few hundred dollars, and I suspect making all this work on CI may be tricky.