Opening Win64 PlatformIO results in Malwarebytes blocking chcp 650001 command #429
Replies: 2 comments 2 replies
-
|
The restrained answer is to suggest disabling a/v for directories that you
control, such as the directory holding your source projects.
…On Thu, Sep 14, 2023, 8:21 PM airnocker ***@***.***> wrote:
This didn't start when I first compiled "laserline" in NightDriverStrip's
PlatformIO.ini but it did when I attempted to replace "laserline" with a
different strip .h effect.
Malwarebytes blocks this chcp 650001 command line.
Why is this happening?
—
Reply to this email directly, view it on GitHub
<#429>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCSD37LIWYKOVSTYMHODRDX2OUQVANCNFSM6AAAAAA4ZCRHO4>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Is this a way of saying that when VS loads with no issues, a/v generates a false-positive after PlatformIO initializes with NightDriverStrip? Because my a/v never complained with PlatformIO starting up until it started up with NightDriverStrip. (and NightDriverStrip is the first and only project I've ever used with PIO.) |
Beta Was this translation helpful? Give feedback.
-
|
Keeping with the kind answer, I'll keep with answer #1: it's a false
positive. Because you're compiling a stream of bits that your malware
hasn't seen before, it may lean toward conservative and flip out, costing
you lost productivity.
Since you presumably trust NightDriverLED's authors (and transitively, the
authors of the packages used by it ranging from PlatformIO to Visual Studio
to ESP-IDF, to GCC (the compiler) to (dozens of others) more than you trust
some random download from the web, the path of least of least resistance is
to tell your malware to just leave the contents of that directory alone as
you're accepting responsibility for trusting that directory.. Unlike that
random executable - the kind you DO want it to warn about - you actually
have the option of inspecting all the components used to build it. You may
not understand every component used any more than you understand how every
component in an automobile works, but you DO have the option of actually
inspecting all the source code and verifying that Dave, Rutger, and anyone
they've trusted to add code (including me) has not added any code that says
'if $USER == airnocker, upload home directory and browser history to a
secret address on dropbox" (or whatever) So while you have to trust
malware bytes to do that kind of checking for random executables, the
responsibility is on you to only download (git clone; pio build; whatever)
and run software that you trust. As a matter of trust, you'll notice that
most of us at the NightDriverLED level, at least, are committing under
actual names that are somewhat publicly verifiable. If we were building
malware to smuggle inside the code that brings you blinkies, we'd probably
use aliases.
One of the very major points of open source is that YOU have the source
code and all the parts are there for you to inspect and to decide the
trustworthiness of the authors.
My suggestion is that if you decide you trust NightDriverLED - which you
can also decide to trust based on the number of people successfully using
it and trusting it - that you just whitelist your source directory for
NDSLED and enjoy the remainder of your weekend.
RJL
…On Sun, Sep 17, 2023 at 2:26 AM airnocker ***@***.***> wrote:
Is this a way of saying that when VS loads with no issues, a/v generates a
false-positive after PlatformIO initializes with NightDriverStrip? Because
my a/v never complained with PlatformIO starting up until it started up
with NightDriverStrip. (and NightDriverStrip is the first and only project
I've ever used with PIO.)
—
Reply to this email directly, view it on GitHub
<#429 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCSD36RK6FAZA7KJXSUGODX22Q3FANCNFSM6AAAAAA4ZCRHO4>
.
You are receiving this because you commented.Message ID:
<PlummersSoftwareLLC/NightDriverStrip/repo-discussions/429/comments/7025093
@github.com>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Good response, good answer. Problem solved. Thanks again. |
Beta Was this translation helpful? Give feedback.
Answer selected by
airnocker
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This didn't start when I first compiled "laserline" in NightDriverStrip's PlatformIO.ini but it did when I attempted to replace "laserline" with a different strip .h effect.
Malwarebytes blocks this chcp 650001 command line.
Why is this happening?
Beta Was this translation helpful? Give feedback.
All reactions