Blitz3D-V1.113 now available!
Hi all,
Blitz3D-V1.113 is now available! This is basically just Blitz3D-V1.112 built with the latest MSVC compilers and tools, in the hope that it 'triggers' fewer virus checkers, although I also just remembered there's a fix for broken unicode in the debugger in there too, so freeby!
Anyway, I recently had to download V1.112 and MS Windows Defender complained about the blitzcc.exe file and decided to remove it from the zip. This didn't happen last time I tested V1.112 (which I did several times because there were some complaints) so I assume my virus checker definiton file has since been updated or something. Perhaps it's always slightly out of date, NZ is typically well behind the rest of the world in pretty much everything so it makes some sense.
Anyway, for whatever reason, V1.113 does NOT trigger Windows Defender now on my machine, so if you were having doubts about V1.112, you might want to try V1.113.
This whole false positives issue is very frustrating, because I *do* think people should be careful with software, and just assuming something's a false positive is placing an awful lot of trust in someone else. My computer doesn't *appear* to be riddled with malware, but *you* can't know that. In fact, not even *I* can know with 100% certainty that there's not 'something' on my machine hacking into exe's as soon as MSVC spits them out.
One way to *prove* (to a reasonably high degree of confidence anyway) that my exes are safe would be to get together a 'team' of helpers to build the same source code with the same tools on the same OS as me, and to compare the output files. I might try this with a single helper at some point, at the very least it seems like the only way you can prove a false positive actually *is* a false positive - unless of course we're *both* malicious actors...
Bye,
Mark
Files
Get Blitz3D
Blitz3D
The classic Blitz3D compiler for PC.
Status | Released |
Category | Tool |
Author | Blitz Research |
More posts
- Blitz3D V1.118 now available90 days ago
- Blitz3D V1.117 now available!Aug 19, 2024
- Minor Blitz3D updates now up!Jul 22, 2024
- Blitz3Dx95-V1.109 for Windows 95 released!Jun 24, 2024
- Blitz3D-V1.114 now available and MORE!Jun 18, 2024
- Blitz3D V1.112 now available!Apr 14, 2024
- Blitz3D-V1.111 now available!Apr 13, 2024
- LibSGD AnnouncementFeb 28, 2024
Comments
Log in with itch.io to leave a comment.
Publishing the project as a zip archive is a good idea. Is the archive with media and help data also located on Github? Maybe there will be people willing to replenish it...
Unfortunately this version definitely triggers Windows Defender too
Is anyone else getting the same error?
OK, so I submitted the entire zip to microsoft for malware analysis and there were too many files in it, so I resubmitted the binaries only and nothing was found. Note the submission was for testing with MS Defender for Windows 11, their submission process only allows you to test one tool at a time and I'm guessing the above screensheet is Windows11 .
So I guess until software signing becomes free or at least realistically affordable for indie/open source devs, we're just gonna have to put up with this bullshit.
Signing is apparently expensive because of the need for 'auditing' (which imagine would be another barrier for indie devs), yet 'LetsEncrypt' website signing is free and all you need for that is the server you plan to use. I guess proof that you have write access to the server is good enough proof of identity - or at least proves you're responsible for it - and there's no real equivalent in software development?
I do plan to start including hashes with my downloads in future though. Just as there's a chance Blitz3D-V1.113.zip contained malware when I uploaded it, there's also a chance the zip was infected somehow 'in transit', and hashes are a simple way of proving at least that (alomst certainly) hasn't happened.
I haven't found anyone interested in my 'double building' idea yet though, so you'll still have to trust the zip wasn't infected 'at source'.
Thanks for the info, very interesting. I'm using Windows 10 though.
In any case I just downloaded this version again and now it works... strange thing.
I do a lot of coding now with 7800basic (creating games for the Atari7800 console). which is made up of a number c libraries much like Blitz and each release often has similar issues to this. I think that uses MinGW for cross platform compilation.
I had a point last year where most exes I made were being deleted instantly(strangely enough not all) In the end I sent my exe to microsoft and they verified it as safe and I had no issues since then
That's a good idea, I've sent MS b3d zips before to get checked but have never heard back from them, might try it again.
If it does work, it means having to do it every release I guess, but that's OK except there'd be a 'window' of false positives, unless you sent it long enough before release.
OK, tried uploading the entire zip, but it apparently contains too many files so I'm trying again with just the binaries...
Hi Mark,
Nice update and yes, overly zealous products (scanners) can make a perfectly legitimate product look and feel bad.
One the most trusted methods for trusting exe's is to digitally sign them. Code signing certificates are quite cheap nowadays. I work in a sector where our customers would never touch our software unless it was digitally signed by us.
Just a thought.
No way is that practical for me - I hardly sell any b3d's, it's more just a hobby for me at this point.
Also, the whole thing sounds like a huge 'protection racket' to me. I assume Windows Defender qwill be more 'tolerant' towards signed releases, but is signed software really always free of viruses?
I already pay my Windows tax dutiful, do I really also need to pay a zip tax too now?!?
OK, I looked into this further, and while the cost of code signing is slightly less than I thought, it's still more than Blitz3D is likely to make over the rest of it's entire lifetime so it's still impractical. In fact, it's likely to be impractical for a ton of open source software unless it becomes very cheap or free.
As far as I can work out, MS don't make any money out of the system (above board anyway) so it feels slightly less protection rackety to me now. Although, still, it feels kind of 'off' to me that signed software gets treated diffrently by virus checkers, like sneaking the bouncer a tenner to get in the door or something!
There are apparently moves afoot to offer free or at least cheap certificates for open source software (similar to how 'LetsEncrypt' offers free certificates for websites, like mine) so maybe one day signing could make sense for things like blitz3d, but not yet.
I do think my releases would benefit from adding a hash/checksum, as there's currently no way to tell if the download is being corrupted 'in transit' after it left my computer. And who knows, maybe this is already happening with some of the MS Defender alerts? I guess 'signed' software would at least get picked up if something tried to infect it, but blitz3d wouldn't.
:)