I am new to this product as it was recently suggested to me as a good learning tool -
Before I install anything I usually run it through VirusTotal and doing so I’ve noticed that I see the following for both Qt6 & Qt5:
1 security vendor flagged this file as malicious
Jiangmin Backdoor.Androm.bdka
(I had to take out the first part of the virustotal URL as it would not allow me to include a link in this post)
Qt6: /gui/file/02d992a47fe826254b3dc707226d9d06c006f3fa0dc1e66c9e47767316896ed9/detection
virustotal is even “worse”. If 50 engines check the file and each antivirus program has a false detection rate of only 1% there’s an about 40% chance to get at least one false positive …
It’s also interesting that it’s always the same one engine that reports having found a virus:
for 2.1.55 from 2022-12 the virustotal report is at VirusTotal
I guess it’s likelier that one engine has false positives than all other engines not finding a virus (even after weeks of having access to the positive result from jiangmin which should have prompted them to recheck the binary …)
there are may threads about how to handle virustotal reports in this forum or the anki subreddit. you could also search sites like https://security.stackexchange.com/ to find out how to make sense of virustotal results in general.
In the end you must make the decision that’s right for you.
I guess there’s no binary distinction between safe-unsafe/untrusted but it’s always a question of how much you trust software.
Many people here have been using Anki for years and trust it and are not deterred by such reports. I have installed Anki 2.1.65 on my machine.
If you are very cautious and are interested in specialized computer knowledge and don’t care about user friendliness there are always solutions to “isolate” software you don’t trust like vms, windows sandbox etc. I guess many people should take care of other security related problems in their computers before they take steps in this direction … When it comes to trying out new software windows sandbox is especially useful.
@ijgnd
Thanks for the input - I was hoping to bring this into a security review process but I suspect the red flag might dissuade.
Didn’t know if we might be able to get some feedback from those active on the project regarding any plans to remediate the detection with that specific vendor.