[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16582780#comment-16582780 ]
design_dolphin edited comment on NETBEANS-1114 at 8/16/18 4:25 PM: ------------------------------------------------------------------- There is a few things with that: # This Trojan virus isn't something that pops up a lot from what I can tell so far. Could mean that it's new, or that it is a real threat. # Both people reporting it had a recent issue with it, possibly suggesting that this is something that is only occurring now # From what I can tell the issue seems to be relegated to the Temp folder when installing and for some of the bundled software? # All Netbeans software was removed pending discovery of what is going on. I'm not downloading an installer that may or may not be phoning home over an unsecure line. I hadn't noticed it was not SSL, my bad. Thanks for posting install instructions, my bad sorry. I don't like installing Java seperately (slow, takes up resources, and updating is a pain) so might pass on this one. Just noticed the Oracle site doesn't use SSL for the Java downloads either, while their website is on SSL. So, yeah, that could be the problem, and where someone possibly is using to inject something. I don't understand why Oracle is using non SSL for this stuff anyway. They need to improve that. It might not be a Netbeans thing, but one of the includes. Odd though that you can't duplicate it, but it has happened to multiple users. You'd think if it was a (false) positive then you would get it too? was (Author: design_dolphin): There is two things with that: # This Trojan virus isn't something that pops up a lot from what I can tell so far. Could mean that it's new, or that it is a real threat. # Both people reporting it had a recent issue with it, possibly suggesting that this is something that is only occurring now # From what I can tell the issue seems to be relegated to the Temp folder when installing and for some of the bundled software? # All Netbeans software was removed pending discovery of what is going on. I'm not downloading an installer that may or may not be phoning home over an unsecure line. I hadn't noticed it was not SSL, my bad. Thanks for posting install instructions, my bad sorry. I don't like installing Java seperately (slow, takes up resources, and updating is a pain) so might pass on this one. Just noticed the Oracle site doesn't use SSL for the Java downloads either, while their website is on SSL. So, yeah, that could be the problem, and where someone possibly is using to inject something. I don't understand why Oracle is using non SSL for this stuff anyway. They need to improve that. It might not be a Netbeans thing, but one of the includes. Odd though that you can't duplicate it, but it has happened to multiple users. You'd think if it was a (false) positive then you would get it too? > trojan found while installing Netbeans > -------------------------------------- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - Launchers&CLI > Affects Versions: 8.2 > Environment: Win10 64 > Reporter: Johannes Hoffmann > Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists