Every time a new version of LaserGRBL is released, someone reports that the browser itself, windows defender, or another antivirus, blocks the execution by reporting the presence of a virus, trojan, malware etc.
Why? Is LaserGRBL safe or not?
Antivirus systems are mainly based on two mechanisms:
- the code signatures
- the heuristic check
It is not of interest in this article to explain the functioning of antivirus and the causes of false positives, but you can learn more about the topic with an internet search.
Each time a new version of LaserGRBL is released the “signatures” and the “patterns” of LaserGRBL compiled code is changed, so AV engines are not able to recognize it and catalog it as a know “clean” software. Sometimes they simply ignore it, other times they catalog it as doubtful, other times they mistake it for a virus with similar signatures.
In fact, every time LaserGRBL is compiled in a new version, it is as if a completely new product comes out for antivirus, which no longer have any way of recognizing it as “the old, known, safe, LaserGRBL” and maintain its good reputation.
The only way to allow antivirus to recognize LaserGRBL would be to compile it with “digital signature” but digitally signing a software require money, because companies that issue certificates for the digital signature of the code want to be payed.
Since LaserGRBL is free, and I develop it in my spare time, I have no intention of paying anyone for digital signature certificates. Furthermore, the digital signature only guarantees the origin of a software, but it is not a guarantee of absence from viruses.
This applies to any program, even if signed, even if you pay for it, which may contain malicious code and you have no way of knowing.
Can I trust LaserGRBL?
LaserGRBL is open-source, this means that its source code is published on the internet, and can be inspected by anyone (who has the skills to do so).
This allows anyone to verify that there are no strange things (such as reading personal information) and to verify that the distributed program is consistent with this source code.
This also allows anyone to modify and improve the program, and distribute “unofficial” versions. Unluckily along with the improvements, someone could also insert some threats.
For this reason I always suggest you to get LaserGRBL from the official sources, that is:
- the site https://lasergrbl.com/download/
- github page https://github.com/arkypita/LaserGRBL/releases
I am always very careful with what I publish, and I compile on a clean and up-to-date PC.
In any case if you don’t trust me you can check the file against 70 different antivirus engine by submit LaserGRBL.exe to online service called virustotal
How can I install?
Ok LaserGRBL is safe, but how can I install if the antivirus block the download or the install process?
Each antivirus has a feature that allow you to install a program even if from unknown source or false positive detected. Usually you have this feature hidden under a “more info” or “more options” button in virus warning dialog.
If you cannot find it, google for “how to allow install program with [antivirus name]”.