November 17, 2012, , , , ,

So You Think We’re Malicious?

FIRST THINGS FIRST: Google Chrome is flagging Komodo installers as “malicious”. Rest assured, Komodo IDE and Komodo Edit are NOT malicious files set out to stream all personal data off your computer and into an evil doer’s dirty hard drive. All downloads have been confirmed to be our files, using the MD5SUM and SHA256SUM values.

Here are the instructions on how to check these sums yourself in Windows. Unixy systems come with checksum tools built in, of course:

$ md5sum Komodos-malicious-installer-7.1.3.tar.gz

And now the (hopefully) entertaining part of the story…

It recently came to our attention (September 26, 2012 community forum post) that Komodo was “malicious”. That was news to us. We were grateful to Google for being ever vigilant and warning our users of the dangers of our product without informing us.

So imagine my confusion when I checked every MD5SUM against its respective installer and found all of them to be correct. To be sure, I took the risk of installing all versions of Komodo on ActiveState machines…but nothing went wrong. Weird.

We logged into our Google Webmaster Tools account and found that Google had flagged 25 scripts on our servers as “malicious”. So, Komodo had become guilty through association. Funny enough, no other installers, such as ActivePython, ActivePerl or ActiveTcl had been flagged. I’m not sure where we fit in the outline of how they determine a file is malicious, but perhaps it’s in paragraph five of their blog: http://blog.chromium.org/2012/01/all-about-safe-browsing.html. Maybe they doubt our reputation and trustworthiness due to our strong connection to open source technologies.

We removed all traces of the “malicious” files on September 28. Following that, all of the flagged pages would display “Page Not Found” (404) messages (see example).

On October 3, we received a new message in Google Webmaster Tools:

A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.

A follow-up test showed us all clear. Hurray!..Right?

Wrong. A week later, the same 25 links appeared in our Malware section of Google Webmaster Tools, still 404’ing, still nowhere to be found on our servers. Alas, Komodo was once again being flagged as malicious after a few days respite.

We double checked that all traces of the files had been removed, only to be met with the same fate. Multiple forum posts and requests for personal follow-up, and 28 days later, Google finally contacted us. How blessed are we? We sent them all the information we could, and, after 15 days, are still patiently waiting to hear back.

25 out of 25…out of 25…

We finally noticed that after each successful review and subsequent reflagging of all those (already removed) links, Google had salted the list with a few NEW URLS. Grepping through the entire news spool our we uncovered another couple of hundred messages and deleted them. A pertinent quote from our web admin:

Lesson of the day: when a Google tool tells you “1 to 25 out of 25”, it really means there are a lot more than 25 and they simply had no intention of providing multiple pages of output.

After removing the several hundred additional links that would eventually rise to the surface, we are currently in round three of review to have the Komodo IDE and Edit MSI given a clean bill of health from doctor Google.

To summarize my long-winded blog, the Komodo IDE installers and Komodo Edit installers are NOT, I repeat, NOT malicious. Scout’s Honor (am I allowed to use that if I wasn’t a Boy Scout?).

Please don’t hesitate to contact us if you have concerns about this issue.

Title image courtesy of ndemello on Pixabay.

Carey Hoffman

Carey Hoffman

Carey made the logical switch from snowboard instructing and treeplanting to the technology industry in 2009, taking database and network administration at Vancouver BC's BCIT college. Having started out on the technical support and QA team for ActiveState he now works on the Komodo development team as a front and backend software engineer.