[
https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16582780#comment-16582780
]
design_dolphin edited comment on NETBEANS-1114 at 8/16/18 4:25 PM:
-------------------------------------------------------------------
There is a few things with that:
# This Trojan virus isn't something that pops up a lot from what I can tell so
far. Could mean that it's new, or that it is a real threat.
# Both people reporting it had a recent issue with it, possibly suggesting
that this is something that is only occurring now
# From what I can tell the issue seems to be relegated to the Temp folder when
installing and for some of the bundled software?
# All Netbeans software was removed pending discovery of what is going on. I'm
not downloading an installer that may or may not be phoning home over an
unsecure line. I hadn't noticed it was not SSL, my bad.
Thanks for posting install instructions, my bad sorry. I don't like installing
Java seperately (slow, takes up resources, and updating is a pain) so might
pass on this one. Just noticed the Oracle site doesn't use SSL for the Java
downloads either, while their website is on SSL. So, yeah, that could be the
problem, and where someone possibly is using to inject something. I don't
understand why Oracle is using non SSL for this stuff anyway. They need to
improve that.
It might not be a Netbeans thing, but one of the includes. Odd though that you
can't duplicate it, but it has happened to multiple users. You'd think if it
was a (false) positive then you would get it too?
was (Author: design_dolphin):
There is two things with that:
# This Trojan virus isn't something that pops up a lot from what I can tell so
far. Could mean that it's new, or that it is a real threat.
# Both people reporting it had a recent issue with it, possibly suggesting
that this is something that is only occurring now
# From what I can tell the issue seems to be relegated to the Temp folder when
installing and for some of the bundled software?
# All Netbeans software was removed pending discovery of what is going on. I'm
not downloading an installer that may or may not be phoning home over an
unsecure line. I hadn't noticed it was not SSL, my bad.
Thanks for posting install instructions, my bad sorry. I don't like installing
Java seperately (slow, takes up resources, and updating is a pain) so might
pass on this one. Just noticed the Oracle site doesn't use SSL for the Java
downloads either, while their website is on SSL. So, yeah, that could be the
problem, and where someone possibly is using to inject something. I don't
understand why Oracle is using non SSL for this stuff anyway. They need to
improve that.
It might not be a Netbeans thing, but one of the includes. Odd though that you
can't duplicate it, but it has happened to multiple users. You'd think if it
was a (false) positive then you would get it too?
> trojan found while installing Netbeans
> --------------------------------------
>
> Key: NETBEANS-1114
> URL: https://issues.apache.org/jira/browse/NETBEANS-1114
> Project: NetBeans
> Issue Type: Bug
> Components: platform - Launchers&CLI
> Affects Versions: 8.2
> Environment: Win10 64
> Reporter: Johannes Hoffmann
> Priority: Major
>
> found by Windows Defender during the installation
> Trojan:Script/Cloxer.D!cl
> file:
> C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
