Warnings about Malware when downloading some File Attachments

[Albert]

If you've tried downloading game binaries recently in forum threads (such as .bin files for Atari 2600 games), you may have seen a warning from your web browser that the file is dangerous and contains malware.  These warnings are FALSE, and the attachments you're receiving warnings about are not dangerous.  Unfortunately, it seems that Firefox and Chrome (and perhaps other browsers) have decided to flag all files with certain file extensions, such as .bin, as being dangerous.  

 

Here's an example of this warning in Chrome: 

 

 

And in Firefox:

 

 

For Chrome and Firefox, you can follow the following instructions to avoid these warnings. 

 

IN CHROME: Go to Settings (three dots in top right) then Privacy and Security, then Security, then change your 'Safe Browsing' setting to a lower protection until you can download.

 

 

IN FIREFOX: Go to Settings (three lines in top right) then Privacy and Security, then scroll down to Security, then uncheck 'Block dangerous downloads'. You can also allow files one by one if you're not comfortable turning that off by clicking on the download icon in the top right (down arrow into bin) and then allowing the file.

 

 

If you don't want to do this, you can generally override the warning and force the download to complete. 

 

Thanks to James at ZeroPage Homebrew for writing up the above instructions. 

 

If you have any questions, please comment below. 

 

Thank you, 

 

 ..Al

[TGB1718]

Yes, I get this a lot and don't want to lower security, but what I've found is that in Chrome the file does download, but it keeps the name

starting with "unconfirmed_crdownload", all I do is go to the downloads folder, sort by "Date Modified" and it should be the top

item in the list, now just rename the file to whatever it was you tried to download, you get a warning about changing filetype from

Windows, but just ignore that.

 

Seems to work every time for me.

 

[Albert]

Yeah, it seems to vary a fair bit depending on browser and what version of a browser you're running.  I'm extremely unhappy that browsers have decided to flag all such files as "dangerous", even though it's patently false.  I might consider mass changing attachments that have this issue to something else. For instance, using ".a26" for Atari 2600 binaries (although ".a78" does have a significant meaning, so I could not rename Atari 7800 ".bin" files to ".a78", so I'd want to come up with a consistent naming scheme.  I also need to identify which file attachments besides ".bin" are being flagged in this manner. 

 

 ..Al

[CapitanClassic]

Thanks for writing this up. I’m sure that retro game players are more tech savvy than the general population, but all these over-enthusiastic pop-up warnings are a UI/UX design nightmare.

 

It’s lazy design to just mark every *.bin / *.exe / etc as untrusted. I guess it helped with anti-phishing measures (35% reduction when installing Chrome extensions).

 

[Albert]

1 minute ago, CapitanClassic said:

Thanks for writing this up. I’m sure that retro game players are more tech savvy than the general population, but all these over-enthusiastic pop-up warnings are a UI/UX design nightmare.

 

It’s lazy design to just mark every *.bin / *.exe / etc as untrusted. I guess it helped with anti-phishing measures (35% reduction when installing Chrome extensions).

Yeah, I think it's absolutely ridiculous that they are doing this, and like you said, it's an extremely lazy solution to the problem.

 

 ..Al

[HOME AUTOMATION]

I've got the TAR!

[SlidellMan]

Thanks for the heads up, Albert.

[+GoldLeader]

Yeah,  Thank You for taking the time Albert!

 

I got the warnings in Firefox, but knew they were False...

[SteveB]

Guarantied to help against headache:

 

 

but Asperin might have less side effects. 

 

Sometimes the cure is worse than the problem.

 

 

[Spanner]

That happens to me a lot with exe files when they are just a WinRAR SFX Archive in Chrome and in Windows Defender.
If you put a script.sh file in a WinRAR SFX Archive it thinks its a script virus.
I have to block Windows Defender where I keep PCUAE so it does scan it and quarantine its files.

You can send files to Microsoft to check are not viruses and then added to the antivirus database but PCUAE files are too big.

Edited April 12 by Spanner

[Thomas Jentzsch]

1 hour ago, TGB1718 said:

Yes, I get this a lot and don't want to lower security, but what I've found is that in Chrome the file does download, but it keeps the name

starting with "unconfirmed_crdownload",

crdownload ist used for ongoing downloads. So maybe you can approve the download in Chrome somewhere.

[Rickster8]

So now I'm wondering if my files have been blocked by these browsers or if it was my work firewalls? I use the company laptop for everything as I bring it home every night. 

 

I will leave the settings were they are and take them down just for downloading, then put them back up and see how that works. 

 

Thanks Albert.... 👍

[Panther]

Now, how do we get rid of the big red bar at the top of the AtariAge forums?

 

[Albert]

1 minute ago, Panther said:

Now, how do we get rid of the big red bar at the top of the AtariAge forums?\

I'm only going to leave that up there for a few days so most people who visit regularly will see it.  I'll also pin this post in the "Announcements" forum.  Unfortunately, there's no easy way for me to have it appear just on the front page of the forum.

 

 ..Al

[Gary from OPA]

7 minutes ago, Albert said:

I'm only going to leave that up there for a few days so most people who visit regularly will see it.  I'll also pin this post in the "Announcements" forum.  Unfortunately, there's no easy way for me to have it appear just on the front page of the forum.

 

 ..Al

For me, it seems to be any .zip file no matter what it contains. - I recently made a release here on AtariAge in the TI99 section, and at first I posted, a zip with source code and binaries complied for the TI99 which normally have no extension at all, just a TIFILES header, and people were saying the download was blocked. - So I added just now a new zip with just PC notepad TEXT files of the source files, no binary code at all, and still it is flagged. -- Maybe firefox is flagging the "format of the download attachment url" itself, not really the file. - As it is strange looking URL, which then turns into even more weird format from the cloud.

 

https://forums.atariage.com/applications/core/interface/file/attachment.php?id=1110136&key=ca2c6135406a129be1fb8eec341a4426

https://content-restricted.invisioncic.com/r322239/monthly_2024_04/3DStringArt-Source-Files-Only_zip.8557db86b6758b704c0a88d1dc37c9c4?response-content-disposition=attachment;%20filename=3DStringArt-Source-Files-Only.zip&Expires=1712947425&Key-Pair-Id=K186TDY4WHSHHJ&Signature=KrD-j4v40-6uVYJiYqliQbfYkhXdaSWRZ0Je0pEEwaZVC4HutJqVJooHsyq~zGe9XHqNiWMTvTIaPqcftIh95REHTV~ESmC0HDdjONTRl3lGsmJOEOW4IDJYkLoV4zjdb0~bZ0DxIgMDFKLcu6ek8miLONz5Apiz3a1w4owEVNI79Jz~wtADhXj0brROwsb0ZX6bOZicr9-i4oHmXU~Rwa-8GeYMGoFPXtTocUV7z7ENJSLN8BHjTIlXC8Q3oAIlaizRFw7gltoZ54QNcMvEmvmdNbmcjebzNOTm0mCyvO668RaTWYxhHug~vBsiqmwtsD8Vid796pXL7cyA5J0gMQ__

 

Edited April 12 by Gary from OPA
add info about url formatting

[Albert]

8 minutes ago, Gary from OPA said:

As it is strange looking URL, which then turns into even more weird format from the cloud.

Yes, attachments are stored in a CDN (Content Delivery Network), so this is pretty common and not something they really should be flagging.  That doesn't mean they aren't using it as a factor, though, nor does it make it any less ridiculous.

 

 ..Al

[_The Doctor__]

this ain't new, remember when they blocked .exe and the like? well now they are .xex

don't feel like we all want to make bin into ibn nib or inb. They're idiots, so maybe we work around it and let them know how silly it is and why it never worked when they tried this ineffective annoyance years earlier with other extensions.

 

Most hacks name crap as a harmless file type anyway... like .tmp test.dat and so on. These guys are elementary lame.

Edited April 12 by _The Doctor__

[Thomas Jentzsch]

Has anyone tested if .a26 works any better?

[Panther]

1 hour ago, Albert said:

I'm only going to leave that up there for a few days so most people who visit regularly will see it.  I'll also pin this post in the "Announcements" forum.  Unfortunately, there's no easy way for me to have it appear just on the front page of the forum.

I figured it wouldn't remain long, I was just teasing.

[+Bruce-Robert Pocock]

24 minutes ago, Thomas Jentzsch said:

Has anyone tested if .a26 works any better?

You could try e.g. these old binaries, works for me but I doubt my configurations are typical.https://forums.atariage.com/topic/322957-grizzards-—-turn-based-rpg-completed/page/3/#comment-5019984

 

[TGB1718]

8 minutes ago, Bruce-Robert Pocock said:

You could try e.g. these old binaries, works for me but I doubt my configurations are typical.https://forums.atariage.com/topic/322957-grizzards-—-turn-based-rpg-completed/page/3/#comment-5019984

Chrome blocks .a26 files for me, at this rate we won't be able to download anything without turning safety off.

 

Why don't they have a setting where you can say what extensions you want or don't want, carpet blocking is so stupid.

[TGB1718]

I use Avira Anti-Virus and they have their own Secure Browser that I can use instead of Chrome (it's based on Chrome)

however it uses it's own scanners etc. and doesn't block files based on their extensions, it actually scans the files

for malware.

 

I just tried and XEX and a26 download and they both came down with no warning, the only reason I don't

currently use it as my default browser is that Auto-translate doesn't work, but seeing the problems with

downloads, I think I'll switch back to it.

 

Not sure if it's free to use (seems to say so on the web site) if you don't subscribe to their Anti-Virus.

 

https://www.avira.com/en/avira-secure-browser

[shane857]

Go with whatever protection necessary. 😂

[Albert]

1 hour ago, Thomas Jentzsch said:

Has anyone tested if .a26 works any better?

I think .a26 is fine, although I would need to verify that again to be sure. 

 

 ..Al

[Albert]

1 hour ago, TGB1718 said:

Chrome blocks .a26 files for me, at this rate we won't be able to download anything without turning safety off.

 

Why don't they have a setting where you can say what extensions you want or don't want, carpet blocking is so stupid.

Yeah, Chrome blocked it for me, but Firefox allowed it.  This makes it even more stupid.  I wonder if they have a whitelist of file extensions they allow without these frightening warnings. 

 

 ..Al