Thanks for the answer. So, the installer connects to internet, not Geany itself, right? In conclusion, the installer is safe, isn't it?
PS:Could I ask you which tools you use to monitor network activity and to grep whole Windows system? ----- Original Message ----- On 12/16/18 11:29 PM, Enrico Tröger wrote: > Hi, > > On 12/16/18 10:37 PM, [email protected] wrote: >> I don't want to sound paranoid but I've just scanned geany binaries with >> Hybrid Anlisys. >> I've got these results: >> https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d826b4ea507857e7a2411b1614bd7d/5c1698807ca3e12dc155b5ad >> In particular, could you explain me why the installer connects to the Swiss >> IP Address 194.230.81.170? > > Interesting. > I have not yet an explanation but am not panicly. > The IP belongs to Akamai which is not per se anything bad but just a > CDN. I'll try to get some more details. I tested with my Windows system and the only network activity I saw was a request to www.msftncsi.com/ncsi.txt which is Microsoft's network connectivity check (https://blog.superuser.com/2011/05/16/windows-7-network-awareness/). While www.msftncsi.com actually resolves to an IP address of the Akamai CDN IP range, it might be just accidental. I would assume that Hybrid Analysis is smart enough to filter out Windows' own connectivity check from the tests. Furthermore, I grepped my whole Windows system used for the release binaries for that IP address - without any matches. If you are interested enough, it might help to contact Hybrid Analysis for support and/or debug the installer yourself to get more information than I gathered. It might help to get some insights about how Geany for Windows is built. The used software and build instructions are documented in the wiki at https://wiki.geany.org/howtos/win32/msys2. Regards, Enrico -- Get my GPG key from http://www.uvena.de/pub.asc _______________________________________________ Users mailing list [email protected] https://lists.geany.org/cgi-bin/mailman/listinfo/users
