Google Chrome rates Widelands installer as malicious

Yes. I have been getting the warnings, too. I am sure that anyone unfamiliar with Tino's work, or doesn't know how to use checksums (i.e. md5 files) would be scared off.

I just attempted to download bzr6218 with Chrome 17 and recieved "win32.exe appears malicious"

Re #1: Make that "Widelands-bzr6218-nomusic-win32.exe" :)

On a different machine, (Windows 7 as opposed to Vista), I just achieved a successful (warning-free) download of bzr6218 with Google Chrome 17.

On my system (Windows 7) a second download didn't cause a warning, too. I think (but don't know for sure) Google Chrome remembers that we marked this file as non malicious before. Google Chrome synchronizes nearly everything between different systems if you are logged in with your Google account.

On Wed, Feb 15, 2012 at 4:56 PM, Shevonar <email address hidden> wrote:

> On my system (Windows 7) a second download didn't cause a warning, too.
> I think (but don't know for sure) Google Chrome remembers that we marked
> this file as non malicious before. Google Chrome synchronizes nearly
> everything between different systems if you are logged in with your
> Google account.
>
> You are likely correct. We will have to see how a different file is
handled.

Ok, yesterday i could download build 6218 as often as i want (and mark it as "keep"), each time my Chrome declared it as malicious.

Today Chrome neither complains about 6218 nor about the new 62222.

I vote for monitoring this issue a few more days with some more builds...

I set it to incomplete than. It will ping us in 60 days time and we can
close it then if there was no more trouble.

  status incomplete

Just to add, my download of build 6222 to my original Vista machine (where I encountered the problems with earlier builds went without a hiccup. So far, so good! :)

I can confirm that there are no longer problems with Chrome. But I recently tried Windows 8 and the Internet Explorer 10 and it also complains that Tino's builds could harm my computer. I then tried IE9 on Windows 7 again, which brought the same results. Build16 is no problem on both systems, so it might be no problem with a release build that is often downloaded and hosted on a big site like launchpad. For more information on IE's Application Reputation see http://blogs.msdn.com/b/ie/archive/2011/03/22/smartscreen-174-application-reputation-building-reputation.aspx

... I feel somehow reminded about the current Greek situation and the
rating agencies: if M$ says we are harmful, people will see us as
harmful. When they say, we're the good ones, we are the good ones.
Replace M$ with Google/Mozilla/Apple in this.

Question: Should we really care? I do not like running behind some
faceless agency and trying to please them.

I agree with you. Especially for the IE it's hard to avoid the bad reputation, when the file is not downloaded frequently. That problem only effects the daily builds, so I think it's not a that big problem. It just might scare of players that want to play the bleeding edge development version and - more important - new testers of this versions. Maybe a hint at the downloads page that some browsers/OS might rate the development versions as insecure because they have no data to verify the safety is enough.

>Maybe a hint at the downloads page that some browsers/OS might rate the
>development versions as insecure because they have no data to verify the
>safety is enough.
Make it so.

This bug is now something between fixed committed and invalid. However,
it is closed for me.

I've put a disclaimer on the download page: http://widelands.8-schuss.de

If you need any additional info there or find spelling errors, just send me a PM or contact me on IRC.