开云体育

Hi Marcus,

Sorry, I have obviously assumed far too much knowledge of things I've been immersed in for 40 years (though I'm 60 myself and semi-retired, this is my trade more or less).

It is a fact that AV products are far from infallible, they use rules to check whether a thing is evil or not. Sometimes these rules are too rigid, or out of date, or the software just isn't that clever, and they get it wrong--'false positive' is a term you might hear when this happens.

An MD5 checksum is a calculation that is performed using e.g. an installer .exe file as the input. More here: and here:

I see that the managers of jmri.org have used sha256 checksums instead, which are just a different way of doing exactly the same thing. The above tools will calculate either.

What it does is enable you to compare very quickly a known good download from a suspect one. You can view the sha256 value posted for the download. Compute the value for your download and compare--if they're the same (it produces a single number, which is the checksum), then you have a good one. If not, it might have been tampered with.

Most files on the internet are hosted on what are called mirrors, which are simply a warehouse of files hosted by some business who make money doing this, in exchange for offloading the task of managing it from those who have better things to do. Like all other internet resources, they can be hacked and this happens from time to time for various reasons, but is not all that common. Very often, this is noticed very quickly by others, and fixed. However infected files can escape and be downloaded in the meantime.

So, unless a particular mirror has been compromised, you are highly likely to have a valid download which your AV simply does not like for reasons best known to itself, You have a way of checking this using checksums, and if your AV permits it, create an exception for this file and proceed with your installation. I have always taken the view that I run the computer, not the other way around, and I am very firm with them at all times :-)

At the end of the day though, if you're not? confident wrangling this arcane stuff, phone a friend is also an excellent solution and I'm glad you have resolved it.

Best regards,

Charles

Hi Charles

?

I am a model railroader with a Laptop connected to my layout to make for easier programming of decoders.

What is an “MD5” an ?“AV” a “checksum” a “mirror being compromised” etc.

My mirror was compromised this morning when I had a shave.

I’m not having a go at your solutions but you have to keep it simple because I am.

Answering technical questions should not be written in “short hand”, as the original poster may not understand them and many are not computer geeks.

?

I guess operating a layout is getting harder as we strive for all the enhancements that DCC and JMRI offer.

?

Dave Heap phoned me this morning on how to fix the issue. It is too hard for this 69 year old to cope with at the moment.

?

Regards

Marcus

Layout Video

Web Site

?

?

?

From: [email protected] [mailto:[email protected]] On Behalf Of charles@...
Sent: Sunday, 22 September 2019 9:10 AM
To: [email protected]
Subject: Re: [jmriusers] FileRepMalware message when I try to execute the latest downloads.

?

Surely you can override this warning with most AV products?
I would have thought you can obtain an MD5 checksum of a known good copy of the installer, check your download against it, and if all is well, just direct your AV to quit squawking about it.

Or am I missing something here? And how would a W10 upgrade help anyway?

I've seen plenty of cases where AV gets it wrong, and most of them let you do something about it.
Also, have we ruled out a real problem with the installer e.g. perhaps a mirror has been compromised? Also not impossible.

?

Virus-free.

?