Virus warning

• Feb 21, 2017 - 05:11

My computer says: “MuseScore-2.0.3(2).msi” is an executable file. Executable files may contain viruses or other malicious code that could harm your computer. Use caution when opening this file. Are you sure you want to launch “MuseScore-2.0.3(2).msi”?
Why is this? Is there a real risk?
This happened when I first tried to download it.


Comments

If you use the internet you have to expect all kinds of contamination such as viruses, bots, pop-ups and trackers. No single A/V program appears to do everything to protect you either. I now use four, each of which appear to get what another one has missed. Best thing to do is run a complete scan every 2 weeks or so (which takes 5 or 6 hours) but results in 3 or 4 viruses and 6 or 7 hundred little items that clutter up the computer and lead to it slowing down eventually.
By the way, even Microsoft is known to install trackers unknown to you, to find out what your viewing habits, likes and dislikes are.

Anytime OS/X (for example) downloads a file from the Internet, it always sets an attribute which will cause it to warn the user the first time an attempt is made to open it.   Its purpose is simply to call your attention to the fact that this was “a thing that was downloaded from somewhere.”

I am confident that modern Windows systems do the same.

And:   one thing that the developers should do ... and I do not know if they already do this ... is to get developer credentials everywhere so that they can digitally sign all the official installers that they distribute, as well as the executables therein contained.   This will reduce, but not altogether eliminate, warning messages.   And in any case, it is much stronger than a simple SHA1 checksum.   Any third-party attempt to alter the file in any way whatever will be swatted-dead by the operating system.   Therefore, if the file opens, it must be byte-for-byte exactly the file that the “recognized developer” signed.   Any modification whatsoever renders it un-executable.

It is possible (and in fact, in OS/X it is now the default) to refuse to execute anything that is not so signed.   (And I consider this to be a Good Thing.™)   Just as we can insist upon digitally-protected (SSL) web sites, we can also insist upon digitally-signed software.

And it would not surprise me in the slightest to find that our august developers already do this.   In fact, I fully expect them to.

Do you still have an unanswered question? Please log in first to post your question.