I've prepared and published on my website an installer package with the software I developed. The package is compiled and bundled into .exe file using WiX toolset and contains no viruses or malware. Next when I try to download the file I get a notification from Chrome that it's blocked due to malicious content.
Malicious content warning
I'm really upset that my customers being misinformed with such warning. Any ideas how to get around it?
Google created this page for developers - https://support.google.com/webmasters/answer/3258249.
Even though it doesn't say it on there, almost all auto-detection software will not block software that is digitally signed (and there is no bad reputation associated with the signing certificate).
If it's a simple file, just upload it to Google Drive or DropBox, and generate a public link for it and then share it on your website.
You can also shorten that link, if your application provide this service, or via goo.gl, in order to view clicks' count.
If any developer come across this issue, I manage to resolve it by streaming the downloadable file instead, via different URL (which doesn't have the file name and its extension with file's full path on your hosting).
Doing so by manipulating the response header, will fix the issue.
Here is a useful link about streaming a downloadable via php script
Related
I would like to add URL links into a web-based Google Drive folder. Searching online, it appears that this was once possible with files that ended in a .glink extension. I'm looking for documentation on the file format so that I can create them programmatically.
[EDIT] Why do I want to create .glink files? Because I want links (bookmarks, URLs) to be able to appear in my Google Drive web page and to be able to click on them an go to the page. Microsoft OneDrive supports this functionality.
GLINKS Files
The URL link file feature was available due to a workaround with Back Up and Sync before being deprecated with Drive for Desktop. The .glink seems to be patched and no longer available as it was also part of a third party tool no longer available. It seems it now only saves them as .URL and automatically gives it the icon for Google Docs, as it would take it as a simple file with text.
Checking the .url type file of Windows, when uploading to Drive it does not update as it should, even utilizing Drive for Desktop (as an alternative to sync data like back up and sync) the outcome is the one suggested above.
This is the main reason why there is no longer any documentation about the matter, due to this one not being an official feature and being also fully deleted, it can be confirm by the file type available when creating files with the Drive API:
https://developers.google.com/drive/api/guides/ref-export-formats
I would suggest to request a feature to allow this or to provide a new way to store URL links as before or report it to review if possible any references on how it used to work by submitting a feature request or checking the issue tracker about the matter:
https://issuetracker.google.com/issues/new?component=191650&template=824106
You can also add the details of the previous threads or discussions about the GLINKS.
I have an html app, with html, js, css and images, which I need to distribute on a pendrive for Mac and PC. When users open the app, however, they're receiving security errors in their browser.
I'm looking for a simple solution to this, but I can't find any easy way of opening a html app from a pen drive. Any solutions would be greatly appreciated.
EDIT:
You are right The error come from ajax local call to xml files.
Anyone has a solution ?
In reference to question - How can I make local ajax calls to xml files when distributing my html project locally?
The users who are having problems is probably due to the browser they are using and the state the browser was initialised in, as some browsers by default allow local ajax calls to files and some don't.
You have two options.
To your users specify a browser to run it in (for example chrome automatically disallows local ajax calls however if started with the flag --allow-file-access-from-files it will allow this behaviour)
Host the files on a web-server either in the flash drive or externally.
I think I have the solution.
With the mongoose portbla web server, I can launch a small web server without installation on mac an pc.
I just have to find how to put my page as default.
I wish it will help someone with the same problem.
I am making a chrome extension which needs to add/delete/modify file in any location in our hard drive. The location can be temporary folder. How is it possible to make it. Please give comments and helpful links which can lead to me have this work done.
You can not, but adding a local server (nodejs/deno/cs-script/go/python/lua/..) to have a fixed logic (security) to do file stuff and providing a http server to answer back in an ajax/jsonp request would work.
The extension will not be able to install the software part.
edit: if you want to get started using nodejs, this could help
edit2: With File and Directory Entries API (this could help) you can get hold of a FILE OR complete FOLDER (getDirectory(), showDirectoryPicker()).
Thankfully, this is impossible.
Google or any other company wouldn't have many friend if their extension(s') installation caused compromise including complete control over any files(ie. control over machine) on your hard drive. The extension can save information to disk in a location that is available for storing local information as mentioned. You will not have any execute permission on the root or anywhere nor will you have any read or write permission outside of the storage location.
However, extensions can still be malicious if they gather information from a user of a web page (I am sure that Google can filter some suspicious extensions).
If you really need to make changes on your hard drive you can store information on a server and poll for changes with a windows client application or perhaps you can find where the storage information is kept and access it from there from a windows app.
I am a developer looking for the best way to set up different schools with their own custom, private extensions (ie School A should be the only one with access to Extension A). Theoretically, I am aware that there are a few ways to get a custom, private extension pushed out on a domain:
Host the .crx on a server and click "Specify a Custom App" in the management console.
Create a Domain App by uploading a zip to the Chrome Web Store
Upload the extension from my developer account to the Chrome Web Store and publish to a single "trusted tester," or make it unlisted
Option (1), hosting the .crx, has not been working. I am not sure why, but the extension is simply not pushing out. I link directly to the crx file, which has the right ID and MIME type, still, no dice. If anyone has any tips or suggestions for getting this to work, I would love to hear them!
Option (2), having the school create a domain app, seems a bit inefficient because it requires all schools to upload their own zip. So essentially I would have to email a zip file to the school, and have them publish it. All updates to the extension will also require a similar process, so this doesn't seem ideal.
I doubt that option (3) would work. If I published to the admin as a "trusted tester", I don't think that the other people in the domain would be able to access it. If it is unlisted, I do not know how an admin could find it in the Chrome Web Store dialog. Also, I would rather avoid security through obscurity.
Has anyone had success with hosting the extension and using the Specify a Custom App feature? Any other suggestions for getting a Custom Extension pushed out by the management console? Thanks so much!
To get option (1) working from the management console, it is important to specify the correct extension id and a valid update xml url (not a crx).
One useful feature Google offers that you can use is getting the extension id and the version from the update request.
For instance, you can create a update.php file that outputs an xml file specific to each extension and version. See http://developer.chrome.com/extensions/autoupdate.html under "Advanced Usage".
For more info on packaging an app or extension for managed chromebooks, see https://support.google.com/chrome/a/answer/2714278?hl=en.
I uploaded a utility in the last few days to google cloud storage.
It's a zip file containing two executables and a readme file.
I tested the download and it worked fine. I then looked into how I could see the download stats and yesterday I enabled logging.
I posted the link to a mailing list this afternoon and clicked it to verify that I had the right link and the download in chrome reports "xxx.zip appears to be malicious".
This did not happen prior to when I enabled logging, but I don't know for sure that is what caused it.
I am using a CNAME alias for the download, and I am a paying google apps customer.
The executables are not malicious in any way. They are simple utilities for doing replacements in text files. They do not access the network at all.
My question is "Why is my zip file being reported as malicious?" and is there any way to remedy this situation?
I looked around for a solution to this problem and I found the following advice:
1) Sign your EXEs. As it turns out, this advice is incorrect. While it has worked for some people, there are people who report that even signed executables are reported as malicious downloads.
2) Use SSL. SSL access is not available for google cloud storage unless you use the commondatastorage.googleapis.com or sandbox.google.com URLs. While this does might work, it doesn't resolve my problem.
3) Use the commondatastorage.googleapis.com URL. This works. The same file using the commondatastorage.googleapis.com url rather than my custom CNAME record does not report that it "appears malicious".
4) Register your site with Google Webmaster Tools. Getting around Chrome's Malicious File Warning According to this stackoverflow entry, the solution is to sign up for Google Webmaster Tools and add your site.
I have tried this one, but it has not made a change just yet. Because this is google cloud storage and not a main site, I added an index.html page, a 404 page, and ran the gsutil commands to enable web configuration within google cloud storage. I added the site to Webmaster Tools and additionally added it to Google Analytics.
I'll give solution 4 a few days to see if it pans out.
It seems like this is more of an issue with Google Chrome and not necessarily Google Cloud Storage. Chrome's methods for identifying malicious files are less than desirable right now.