To GitHub or not to GitHub

So I am finding it very odd that I can go to bitcointalk and try to download a miner (usually from a Google Doc link or from a known illicit ‘mega’ file sharing site (who’s original owner was arrested for child pornography) and end up with my AV giving me alert after alert yet when I find the developers GitHub page I get a nice clean download with no alerts.

Are these not the exact same miners? Shouldn’t it be the exact same version of the program if it the real developer posting it? How could one site give me viral alerts for what should be the exact same file that the GitHub site is a clean, worry free DL?

I do think there is something amiss here and mounting evidence seems to grow to show facts behind my query. This I only post for others to consider and ponder when choosing what miner to use and what source to download their miner from. There is honestly only one real explanation and it has nothing to do with a .bat file or whatever other excuse has been accepted for this.

Facts are facts and the facts point to a reality that worries me for some good people who have downloaded something that may not be so good to them in the long run.

1 Like

I think it has something to do with the way that google/mega signs their files. It seems odd to me, but from what I can tell, they are the same files.

The fact is, you’re not very well versed in what’s considered a false positive with regards to AV and malware software. There’s nothing amiss aside from the paranoia it’s apparently creating.

There are all sorts of files all over the internet that trigger these false positives, it’s not specific to mining software. In a lot of cases AV software developers set blanket criteria’s that cover all certain types of software as well as certain types of files downloaded from certain sources. For instance, downloading a zip file containing mining software from a third-party downloading site such as Google Drive or Mega would trigger this false positive. While downloading the file from GitHub wouldn’t necessarily because of how that particular site meets criteria’s. You’re overthinking it.

You’re also ignoring some facts. Kim Dotcom was not caught with child pornography, the service he created was found to be hosting said files. They were not his files.

I’m not by any means saying don’t be cautious, I just don’t think this should turn into a witch hunt and you should really do a bit more homework.

2 Likes

The facts are this. I can go to GitHub and get a perfectly fine download of what should be the EXACT same software from the links provided on the Bitcointalk forums yet that’s not what happens. It is not giving me an alert over the site, its giving me an alert over the contents of the download.

If it were a false positive based on the If it were a false positive based on the web sites criteria the alert would be something about the site, not the download. Its not, its about the download. If it were a false positive on the software then the same software from a GitHub would ALSO set off the same false positive. That’s how that works. Its not over thinking it, its the logical side of the entire debate.

You don’t have to take the facts as they are presented and you can all DL away and take some ‘group’ consensus the files are safe. I still haven’t seen ANY official report from any trusted AV source signifying it is a false positive either… like when my AV notified me that zCash4Win alert was a false positive. Once I got that, I let it bypass a few scans and installed it. When I can see a report from my AV about the DL from bitcointalk being false, Ill come back and tell you.

In the mean time… Imma be like Spock and stick to the logic.

Holy smokes :open_mouth: Here we have a CNN reporter.

1 Like

So…stick to the facts but, ignore them when they don’t suit your very narrow view which can easily be remedied by simply educating yourself?

Got it. Best…logic…ever.

1 Like

Just go to GitHub to get everything then. There, solved.