ActiveBlog

So You Think We're Malicious?
by Carey Hoffman

Carey Hoffman, November 16, 2012

Google Chrome Danger MachineFIRST THINGS FIRST: Google Chrome is flagging Komodo installers as "malicious". Rest assured, Komodo IDE and Komodo Edit are NOT malicious files set out to stream all personal data off your computer and into an evil doer's dirty hard drive. All downloads have been confirmed to be our files, using the MD5SUM and SHA256SUM values.

Here are the instructions on how to check these sums yourself in Windows. Unixy systems come with checksum tools built in, of course:

     $ md5sum Komodos-malicious-installer-7.1.3.tar.gz

And now the (hopefully) entertaining part of the story...

It recently came to our attention (September 26, 2012 community forum post) that Komodo was "malicious". That was news to us. We were grateful to Google for being ever vigilant and warning our users of the dangers of our product without informing us.

So imagine my confusion when I checked every MD5SUM against its respective installer and found all of them to be correct. To be sure, I took the risk of installing all versions of Komodo on ActiveState machines...but nothing went wrong. Weird.

We logged into our Google Webmaster Tools account and found that Google had flagged 25 scripts on our servers as "malicious". So, Komodo had become guilty through association. Funny enough, no other installers, such as ActivePython, ActivePerl or ActiveTcl had been flagged. I'm not sure where we fit in the outline of how they determine a file is malicious, but perhaps it's in paragraph five of their blog: http://blog.chromium.org/2012/01/all-about-safe-browsing.html. Maybe they doubt our reputation and trustworthiness due to our strong connection to open source technologies.

We removed all traces of the "malicious" files on September 28. Following that, all of the flagged pages would display "Page Not Found" (404) messages (see example).

On October 3, we received a new message in Google Webmaster Tools:

A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.

A follow-up test showed us all clear. Hurray!..Right?

Wrong. A week later, the same 25 links appeared in our Malware section of Google Webmaster Tools, still 404'ing, still nowhere to be found on our servers. Alas, Komodo was once again being flagged as malicious after a few days respite.

We double checked that all traces of the files had been removed, only to be met with the same fate. Multiple forum posts and requests for personal follow-up, and 28 days later, Google finally contacted us. How blessed are we? We sent them all the information we could, and, after 15 days, are still patiently waiting to hear back.

25 out of 25...out of 25...

We finally noticed that after each successful review and subsequent reflagging of all those (already removed) links, Google had salted the list with a few NEW URLS. Grepping through the entire news spool our we uncovered another couple of hundred messages and deleted them. A pertinent quote from our web admin:

Lesson of the day: when a Google tool tells you "1 to 25 out of 25", it really means there are a lot more than 25 and they simply had no intention of providing multiple pages of output.

After removing the several hundred additional links that would eventually rise to the surface, we are currently in round three of review to have the Komodo IDE and Edit MSI given a clean bill of health from doctor Google.

To summarize my long-winded blog, the Komodo IDE installers and Komodo Edit installers are NOT, I repeat, NOT malicious. Scout's Honor (am I allowed to use that if I wasn't a Boy Scout?).

Please don't hesitate to contact us if you have concerns about this issue.

Trackback URL for this post:

http://www.activestate.com/trackback/3552
Tags: chrome, google, komodo, malicious, malware, support
Category: komodo
About the Author: RSS

Carey made the logical switch from snowboard instructing and treeplanting to the technology industry in 2009, taking database and network administration at BCIT. He started at ActiveState in tech support and quality assurance for Komodo IDE/Edit on October 31st 2011. He did not dress up. He is now working towards devops with the Komodo development team.

SHARE THIS:

Comments

3 comments for So You Think We're Malicious?
Submitted by Anonymous (not verified) on Sat, 2012-11-17 23:28.
Permalink

Why am I not surprised at this action on the part of Google.

Submitted by Anonymous (not verified) on Sun, 2012-11-18 08:17.
Permalink

Your experience with Google mirrors mine in the only time I ever had dealings with them.

From that experience my position on Google totally changed to where it is completely clear to me that Google does not give a stuff about anyone other than themselves — after all they are the Internet gods aren't they.

To Google people who use their products are not their customers, you are their product. They get rich selling everything they can find out about you to the highest bidder.

Submitted by Anonymous (not verified) on Mon, 2012-11-19 12:58.
Permalink

Maybe if you initiated a lawsuit against Google or, at least, complained to BBB, appropriate actions would be taken by Google relatively quickly.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Each email address will be obfuscated in a human readable fashion or (if JavaScript is enabled) replaced with a spamproof clickable link.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.