Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Delphi applications considered 'dangerous' by Google Chrome

I often produce mathematical software in Delphi 2009, and publish it on my web site. However, the last year or so, Google Chrome has started to consider a small (but increasing!) number of my EXEs 'harmful', and Google Chrome refuses do download them.

For example, today I wrote a program that visualises the Lorenz attractor. You can find it at https://specials.rejbrand.se/chaos/lorenz/; it's lorenz.exe.

When I use Google Chrome to download this EXE, the following prompt appears:

Screenshot of prompt in Google Chrome

(Yeah, I actually did try it three times...)

This is Swedish, and the text says "%s is harmful and has been blocked by Chrome". The button says "Remove permanently", and the drop-down menu doesn't offer any other actions (like "I know the file is safe, please let me have it").

Obviously, this is kind of a problem. As far as I know, the EXEs are perfectly safe. At least the code I have written is not harmful in any way, but I suspect there is a theoretical possibility that the Delphi compiler has started to add harmful code behind my back.

Questions

  1. Is there something harmful about my EXEs?
  2. Is there some way to make Google Chrome not block my EXEs?
like image 818
Andreas Rejbrand Avatar asked Aug 21 '14 00:08

Andreas Rejbrand


1 Answers

I could reproduce this behavior with Chrome with your original EXE.

Is there some way to make Google Chrome not block my EXEs?

I can confirm that after I digitally signed it (with my company's signing code certificate) Google Chrome downloads this file without any issues. This is the most efficient (maybe the only) way to avoid this kind of problems.

Another quick solution is to pack the EXE with RAR. Chrome downloaded it with no problem.

Surely this is a False positive "detection" with Google Chrome. My Antivirus (NOD32) did not found any problem, and other browsers did not have any issues with your EXE.

NOTE also that Your domain might have issues (flagged) as @Sertac Mentioned. If I download your original EXE from my website the error message is %s is not comonly downloaded and could be dangerous. Same goes for any other EXE I uploaded to MY site. (You still have an option to "Keep" the file)

See also here: Google Chrome Browser Will Block Dangerous Downloads Specially this:

As welcome as the new features are, Chrome is in the unusual position of playing catch up to Internet Explorer 9, which features an arguably superior method of blocking potentially malicious downloads. Microsoft's SmartScreen Application Reputation rates downloads in three ways: whether they're digitally signed, the reputation of the author, and--arguably most importantly--how many times the file has been downloaded by others.

like image 112
kobik Avatar answered Sep 18 '22 22:09

kobik