I went to download Xojo 2017 R2 today in Windows 10 with Chrome and got this message.
Not sure what Xojo can do but it might be worth figuring out how to NOT get on this for newbies.
I tried the same and got a download without warning.
The “uncommon” warning should be cleared now. I really wish Chrome would be more specific so people who did encounter this would know it isn’t a security issue. As I understand it (Google are still a bit cagey about it)- the warnings reduce over time and then finally go away completely after a new Windows executable binary is posted, some days pass, and it is not reported as dangerous.
The fact that it was blocked concerned me. And it’s been a week since it was released…
Yeah. There’s not much we can do- apparently about a week after a new Windows executable is posted is when the last of the warnings should fade away. The number of warnings shown over the entire userbase/download base starts decreasing as soon as it is out. We have no malware or any of the true security issues- we just got flagged in “uncommon” for the first week.
I think that you should demand from Google that they realy test before giving false alarm, this way Xojo gets a bad name caused by inaccurate behaviour of Google, and yeah we all know the danger Google is for your private data.
Norton antivirus does something like this also, therefor you should both of them inform that Xojo is NOT dangerous!
Chrome has also started flagging sites that have a search field (or ANY INPUT field) that is not served via HTTPS.
“Big Brother is watching you.”
“If you want a picture of the future, imagine a boot stamping on a human facefor ever.”
? George Orwell, 1984
For the record I ran into the same thing a few days ago with Chrome downloading the DMG file.
I dont use Chrome “the machine eater”
Life is good
it might be someone changed the contents ?
If this seemd to happen on windows and mac .
[quote=347218:@Derk Jochems]it might be someone changed the contents ?
If this seemd to happen on windows and mac .[/quote]
Nope - just Chrome acting like a net-cop because if a million morons download a bad file, it must be safe.
Gotta protect people from themselves - even if they didn’t ask for it.
:S
[quote=347221:@Tim Jones]Nope - just Chrome acting like a net-cop because if a million morons download a bad file, it must be safe.
Gotta protect people from themselves - even if they didn’t ask for it.
:S[/quote]
but google used machine learning for this purpose, at least i read about it. File names and content get’s read and checked.
It’s possible some modified version is on the web. Or the download link is not HTTPS, or whatever google tends to build into chrome these dayZ.
In this case, it was because it had not been downloaded by some milestone number of people. It may be AI-based, but some human had to set the milestone threshold. Thus the message about it being an “uncommon” file.
This is what we were talking about above by wishing Google would be more explicit about which of those applied to the file in question. They lumped this VALID download into the same grouping as harmful downloads.
The file hasn’t been modified on Xojo’s download site.
“Uncommon” only because 95% of Xojo Developers downloaded it via IE Explorer or FireFox
Actually, the Google analytics AI/ML tool is supposed to even take those into account (somehow …).
DownloadsWithChrome * 3 
What we need is some kind of security mechanism that ensures the file comes from who it says it comes from. When someone distributed a malicious app, that developer can get blocked.
Notice this is an issue with Chrome in Windows. Don’t know whether this is relevant, and even if not relevant, should consider codesign the Xojo setup with SHA256. Right now, it is signed SHA1 only which no longer should be since Xojo now only support Win7 and later, and has dropped support for WinXP.