Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/sys/windows: windows/svc/example is detected as malware #54394

Closed
t00ts opened this issue Aug 11, 2022 · 11 comments
Closed

x/sys/windows: windows/svc/example is detected as malware #54394

t00ts opened this issue Aug 11, 2022 · 11 comments
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@t00ts
Copy link

t00ts commented Aug 11, 2022

What version of Go are you using (go version)?

$ go version
go version go1.19 windows/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Akila\AppData\Local\go-build
set GOENV=C:\Users\Akila\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\Akila\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\Akila\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=C:\Program Files\Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.19
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=C:\Users\Akila\Desktop\service tests\go.mod
set GOWORK=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=C:\Users\Akila\AppData\Local\Temp\go-build4169214643=/tmp/go-build -gno-record-gcc-switches

What did you do?

  1. Download the example service.
  2. Build the example: go build .
  3. Run the example: Install and start the service
> win_svc.exe install
> win_svc.exe start

What did you expect to see?

The service running normally

What did you see instead?

Capture1
win_sec_detection
Capture3

Windows has stopped the service from running and uninstalled it from the registry. It cannot be run or re-installed:

> win_svc.exe start
failed to start myservice: could not access service: The specified service does not exist as an installed service.

> win_svc.exe install
failed to install myservice: SetupEventLogSource() failed: SYSTEM\CurrentControlSet\Services\EventLog\Application\myservice registry key already exists
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Aug 11, 2022
@gopherbot gopherbot added this to the Unreleased milestone Aug 11, 2022
@thanm thanm added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Aug 11, 2022
@thanm
Copy link
Contributor

thanm commented Aug 11, 2022

See https://golang.org/doc/faq#virus

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Aug 11, 2022
@t00ts
Copy link
Author

t00ts commented Aug 11, 2022

Hi @seankhliao, given you've closed the issue, I'd like to know what's the solution to build and ship software for Windows users using Go, if any. Thanks!

@seankhliao
Copy link
Member

this is an issue for your antivirus vendor, not the go project

@t00ts
Copy link
Author

t00ts commented Aug 11, 2022

Example provided is a clean Windows install, not any commercial anti-virus software

@seankhliao
Copy link
Member

Microsoft / Windows is also an antivirus vendor.

@t00ts
Copy link
Author

t00ts commented Aug 12, 2022

It's also (maybe unfortunately) the most widely used Desktop operating system, by far.

I'm surprised on how quickly this was disregarded as a non-issue when it's in fact quite a blocker in shipping a Go-based product to Windows users.

@alexbrainman
Copy link
Member

I'm surprised on how quickly this was disregarded as a non-issue when it's in fact quite a blocker in shipping a Go-based product to Windows users.

What do you suggest Go project should do instead of pointing affected users to the antivirus vendor?

Alex

@t00ts
Copy link
Author

t00ts commented Aug 13, 2022

Hi Alex, I don't know what the Go project should do. I truly wish I did, but I don't.

All I know is there's no way of justifying further development efforts using Go if the moment our product reaches the (paying) customer's computer there's a high chance of it getting flagged as malware.

Customers are not engineers nor Go developers. You can't "point them" to their antivirus vendor (Microsoft).

Have you ever downloaded a desktop application and have the installer come up with a message like: "Hey, please whitelist our software before Windows flags it as a virus"?

I don't think so.

@alexbrainman
Copy link
Member

All I know is there's no way of justifying further development efforts using Go if the moment our product reaches the (paying) customer's computer there's a high chance of it getting flagged as malware.

I have never done this myself, but I suspect you can use some tools to sign your Go executable. This will make you executable not marked as malware. I just googled for it, and I can find

https://docs.microsoft.com/en-us/windows/win32/appxpkg/how-to-sign-a-package-using-signtool

https://stackoverflow.com/questions/252226/signing-a-windows-exe-file

Perhaps there are better solutions, if you are willing to look.

Have you ever downloaded a desktop application and have the installer come up with a message like: "Hey, please whitelist our software before Windows flags it as a virus"?

I don't download random software from the Internet and run it on my computer.

@qmuntal is there a way for Microsoft antivirus team to include Go built executable in their testing when they develop their product? Sorry for pinging you here, if you are the wrong person to ask that question. Thank you.

Alex

@qmuntal
Copy link
Contributor

qmuntal commented Aug 17, 2022

@qmuntal is there a way for Microsoft antivirus team to include Go built executable in their testing when they develop their product? Sorry for pinging you here, if you are the wrong person to ask that question. Thank you.

I can't reproduce this issue, but I like the idea. I'll try to move this forward.

@alexbrainman
Copy link
Member

I like the idea. I'll try to move this forward.

Thank you for doing that.

Alex

@golang golang locked and limited conversation to collaborators Aug 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@t00ts @qmuntal @gopherbot @alexbrainman @seankhliao @thanm