english icon indicating copy to clipboard operation
english copied to clipboard

Published 20 hours ago verified publisher icon Folds

Windows Defender false alarm

Open ooiikkjj opened this issue 3 years ago • 2 comments

cal-4018 shows up in Windows Defender as infected by virus is there a new version? thanks...

ooiikkjj avatar May 29 '21 17:05 ooiikkjj

@ooiikkjj — Thank you for pointing out this problem with Windows Defender.

cal-4018 does not contain any viruses. It is compiled from human-readable source code, using a compiler whose source code is part of that human-readable source code. The source code is short enough that individual persons can, and have, read and analyzed all of the code in various versions of the CAL. cal-4018 is capable of copying files, and of making a new version of itself. But it only does so in response to specific requests by the user. The documentation explains how to make such requests.

Windows Defender keeps a library of tiny snippets of executable code. For example, it thought that the code "to bump a rider" along a string in cal-4016 was suspicious. (This code literally just incremented two pointers.) One of the changes in cal-4018 was a minor change in how this incrementing was done, which (for a while) caused Windows Defender to not complain about cal-4018.

At this time, I do not have time to investigate this issue. But if you (and/or someone else) can identify:

  • [ ] What virus Windows Defender is complaining about,
  • [ ] Which snippet of executable code is making Windows Defender suspicious,
  • [ ] Which line(s) of source code correspond to that executable code, and
  • [ ] A proposed change to the source code that is functionally equivalent, but allays Windows Defender's suspicions,

Then I will be happy to:

  • [ ] Verify that the proposed change is functionally equivalent, and
  • [ ] Release an updated version of the CAL.

You do not need to do all four steps yourself. Simply providing Windows Defender's full complaint about cal-4018 would be helpful.

Folds avatar May 29 '21 22:05 Folds

Thank you for the response (Also thank you for keeping Plain English active...it's a mightily worthwhile project, but still haven't seen something awesome made with it yet!)

Here's the Windows Defender message below; the other things you suggest are far beyond my programming ability (am a novice!)

[image: image.png]

On Sat, May 29, 2021 at 6:59 PM Folds @.***> wrote:

@ooiikkjj https://github.com/ooiikkjj — Thank you for pointing out this problem with Windows Defender.

cal-4018 does not contain any viruses. It is compiled from human-readable source code, using a compiler whose source code is part of that human-readable source code. The source code is short enough that individual persons can, and have, read and analyzed all of the code in various versions of the CAL. cal-4018 is capable of copying files, and of making a new version of itself. But it only does so in response to specific requests by the user. The documentation explains how to make such requests.

Windows Defender keeps a library of tiny snippets of executable code. For example, it thought that the code "to bump a rider" along a string in cal-4016 was suspicious. (This code literally just incremented two pointers.) One of the changes in cal-4018 was a minor change in how this incrementing was done, which (for a while) caused Windows Defender to not complain about cal-4018.

At this time, I do not have time to investigate this issue. But if you (and/or someone else) can identify:

  • What virus Windows Defender is complaining about,
  • Which snippet of executable code is making Windows Defender suspicious,
  • Which line(s) of source code correspond to that executable code, and
  • A proposed change to the source code that is functionally equivalent, but allays Windows Defender's suspicions,

Then I will be happy to:

  • Verify that the proposed change is functionally equivalent, and
  • Release an updated version of the CAL.

You do not need to do all four steps yourself. Simply providing Windows Defender's full complaint about cal-4018 would be helpful.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Folds/english/issues/16#issuecomment-850910844, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASAJO57RLF2S3FVK3WVLUE3TQFWUPANCNFSM45YO4HHQ .

-- @.*** is a temp mail id used while travelling please reply to original email id you'd sent the email to

ooiikkjj avatar May 30 '21 12:05 ooiikkjj