[Bug] Bitdefender thinks its dangerous (Virus Warning)

[calienyal]

What happened?

Bitdefender blocked downloading latest version:-

Online Threat Prevention

We blocked this dangerous page for your protection:
https://objects.githubusercontent.com/github-production-release-asset-2e65be/733694482/4da4a124-8eb5-4baf-bd97-de229a74e052?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241113%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241113T164655Z&X-Amz-Expires=300&X-Amz-Signature=779819c6601dad1fbb7022826710848897c2660f807edd7e0c8603678e399ab8&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTIDAL-Downloader-NG_windows-x64.zip&response-content-type=application%2Foctet-stream
Threat name: Gen:Variant.Giant.Mikey.95
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

Version App

v0.20.1

What operating system are you seeing the problem on?

Windows

Relevant log output

none

Your settings

none

[exislow]

That is a bummer. Thank you for reporting. Do not know what I can do here except to suggest to not use BitDefender.

Here is the VirusTotal scan: https://www.virustotal.com/gui/file/18eaa21ff0fd075914d57517127028a29c58a4fa9639e5176e08cb7c4b388a69

I will extend the README how to disable BitDefender.

[SteadyStatus21]

Hey @exislow, sadly Windows Defender caught on to the program, and now shows the newest release as malware:

I have to whitelist it during this time, but wanted to make you aware that Windows Security / Defender also now detects this.

EDIT:
Windows Security flags as the following:

[exislow]

Windows is miss classifying. See other examples:

• Threat detected by Windows Security: AndroidOS/ZkarletFlash  inconshreveable/ngrok#948
• TypeTreeGenerator detected as a virus SeriousCache/UABE#479 (comment)
• ...

Just don't rely on Microsoft, when it comes to security.

[F1zzyD]

Just don't rely on Microsoft, when it comes to security.

This is terrible advice... I'm sorry, but I don't trust a project that borderline says "trust me bro"......

[psychosys]

All the Antivirus solutions are blocking this now

[psychosys]

I built from source , this time Antivirus is not nagging but still some detect as trojan ( false/positive )
My EXE Size came as 9,641KB

FOR THOSE WHO ARE ACCUSING, I DID INSPECT AND APP IS COMPLETELY SAFE ... SOME PYTHON EXTENSIONS GOT FLAGGED WHICH IS CAUSING THIS PROBLEM, I AM TRYING TO FIND THAT EXTENSION

EDIT :
I was able to find and resolve the problem, PyInstaller got flagged as trojan, this is why it is happening .. to resolve the issue follow these steps

You have Two choices, either run the program through the source by :
poetry run tidal-dl-ng-gui

OR if you want EXE these are my suggestions

1. Upgrade the pyinstaller to the latest version
   pip install --upgrade pyinstaller

create a version_info.txt with following content in program root directory

VSVersionInfo(
  ffi=FixedFileInfo(
    filevers=(0, 20, 3, 0),
    prodvers=(0, 20, 3, 0),
    mask=0x3f,
    flags=0x0,
    OS=0x40004,
    fileType=0x1,
    subtype=0x0,
    date=(0, 0)
    ),
  kids=[
    StringFileInfo(
      [
      StringTable(
        u'040904B0',
        [StringStruct(u'CompanyName', u'Your Company Name'),
        StringStruct(u'FileDescription', u'TIDAL Downloader NG'),
        StringStruct(u'FileVersion', u'0.20.3'),
        StringStruct(u'InternalName', u'tidal-dl-ng'),
        StringStruct(u'LegalCopyright', u'\xa9 2024 Your Name'),
        StringStruct(u'OriginalFilename', u'TIDAL-Downloader-NG.exe'),
        StringStruct(u'ProductName', u'TIDAL Downloader NG'),
        StringStruct(u'ProductVersion', u'0.20.3')])
      ]),
    VarFileInfo([VarStruct(u'Translation', [1033, 1200])])
  ]
)

Create app.manifest

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="0.20.3.0"
    processorArchitecture="*"
    name="TIDALDownloaderNG"
    type="win32"
  />
  <description>TIDAL Downloader NG Application</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
    </application>
  </compatibility>
</assembly>

Then build like this :

@echo off
REM Add version information and metadata
poetry run pyinstaller --noconfirm ^
    --windowed --onedir ^
    --name "TIDAL-Downloader-NG" ^
    --icon "tidal_dl_ng/ui/icon.ico" ^
    --version-file "version_info.txt" ^
    --add-binary "pyproject.toml;." ^
    --add-data "tidal_dl_ng/ui/default_album_image.png;tidal_dl_ng/ui" ^
    --collect-submodules "PySide6" ^
    --collect-submodules "tidalapi" ^
    --manifest "app.manifest" ^
    tidal_dl_ng/gui.py

[exislow]

Just don't rely on Microsoft, when it comes to security.

This is terrible advice... I'm sorry, but I don't trust a project that borderline says "trust me bro"......

First of all, this is not what I have said and second, feel free NOT to use this project :-)

@psychosys: Great job. Thank you for your effort. I will try implement this in the build workflow.

[orbittwz]

same here, didn't happen on last version...
did you changed something in the code which triggered heuristics elements?

[orbittwz]

[rh-nl]

To the creator,
When is a solution expected?

I am not going to remove Bitdefender.
Applying the exception rule in Bitdefender does not work either.

Bitdefender keeps throwing the Tidal NG Downloader in quarantine

[exislow]

@rh-nl: As soon, as you propose one. Feel free to get me a pull request. Nobody expects you to remove BitDefender.

@orbittwz: Nothing specific. Check the commit history. Maybe I have overseen something.

[orbittwz]

sorry I don't code with Python so I cannot check anything.
shame, I hope you fix this.
safe programming is fundamental these days.

[psychosys]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

it has nothing to do with developer, the component that makes the EXE files called pyinstaller is causing this false positive issue, the code is clean and safe ... I already implemented the fix which mentioned above, I will make a Pull request, implementing the fix into the existing code so developer can merge it into the current project

[exislow]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

Feel free to not use this app ever again :-)

@psychosys: This sounds awesome. Thank you for your effort in advance.

[ladle3000]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

it has nothing to do with developer, the component that makes the EXE files called pyinstaller is causing this false positive issue, the code is clean and safe ... I already implemented the fix which mentioned above, I will make a Pull request, implementing the fix into the existing code so developer can merge it into the current project

@exislow was @psychosys fix implemented yet? I'm getting the same issue as others just downloading with firefox. I don't know what scanner they use by default. But my pc only has built in windows defender.

Also, is there anyway in the meantime (if not implemented) to check for updates on load? thanks

[orbittwz]

sorry I don't code with Python so I cannot check anything. shame, I hope you fix this. safe programming is fundamental these days.

Feel free to not use this app ever again :-)

I don't think my answer was negative enough to deserve your answer.

[psychosys]

I was not able to create a Pull Request so I write the procedure here :

Adding Watermarking to Executable file to prevent False Positive Detection by Antivirus solutions

Create Two files in source directory with following contents :

version_info.txt

VSVersionInfo(
  ffi=FixedFileInfo(
    filevers=(0, 20, 3, 0),
    prodvers=(0, 20, 3, 0),
    mask=0x3f,
    flags=0x0,
    OS=0x40004,
    fileType=0x1,
    subtype=0x0,
    date=(0, 0)
    ),
  kids=[
    StringFileInfo(
      [
      StringTable(
        u'040904B0',
        [StringStruct(u'Exislow', u'Exislow'),
        StringStruct(u'FileDescription', u'TIDAL Downloader NG'),
        StringStruct(u'FileVersion', u'0.20.3'),
        StringStruct(u'InternalName', u'tidal-dl-ng'),
        StringStruct(u'LegalCopyright', u'\xa9 2024 Exislow'),
        StringStruct(u'OriginalFilename', u'TIDAL-Downloader-NG.exe'),
        StringStruct(u'ProductName', u'TIDAL Downloader NG'),
        StringStruct(u'ProductVersion', u'0.20.3')])
      ]),
    VarFileInfo([VarStruct(u'Translation', [1033, 1200])])
  ]
)

Create app.manifest file

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="0.20.3.0"
    processorArchitecture="*"
    name="TIDALDownloaderNG"
    type="win32"
  />
  <description>TIDAL Downloader NG Application</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
    </application>
  </compatibility>
</assembly>

Replace Line 60 to 92 in Makefile with this and Rebuild

.PHONY: gui-windows
gui-windows: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.ico \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

.PHONY: gui-linux
gui-linux: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.png \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

.PHONY: gui-macos
gui-macos: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.icns \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

[Dustman259]

there is some kind of miner in it, 1 hour after i used it, my GPU when 100% just be sitting in windows doing nothing, ESET found TIDAL NG running in memory, after it killed it GPU went to 0%

[exislow]

@Dustman259: This is a hard accusation. Either I recommend you to proof that or stop spreading false accusations.

[psychosys]

there is some kind of miner in it, 1 hour after i used it, my GPU when 100% just be sitting in windows doing nothing, ESET found TIDAL NG running in memory, after it killed it GPU went to 0%

This is an open source project and you can read all the files, there is no such functionality neither in the compiled EXE file or the source code, clear as the day light ... if you used this program you must appreciate and support this man for spending his valuable time to write such a program.

[C-O-D]

I have also noticed that the program does not always exit cleanly, which may be a bug. I have created a small script myself with which I do this manually after each use, also to make sure that the app is not accidentally started twice, which surely can lead to a high CPU usage...

[robfrawley]

Has anyone taken the time to reach out to Bitdefender, Microsoft, or any of the other security vendors? "False positives" can be submitted to Bitdefender for manual inspection at bitdefender.com/consumer/support/answer/29358. Microsoft also accepts submissions for Windows Security/Defender false positives at microsoft.com/en-us/wdsi/filesubmission. It's likely other vendors have similar systems for submitting potential false positives.

I don't know how quickly they go through these submissions, but the latest release, version 0.23.0, is flagged by Google Chrome (which completely prevents the download, marking it in the most severe category with no ability to override the block), Firefox (which flags the download as "malicious" but allows you to override the block), Windows Security (which automatically quarantines the download, though it can be manually restored), as well as twenty other security vendors (virustotal.com results for the 0.23.0 release).

---

@orbittwz @Damians0 While Chrome throws a less aggressive error that can be bypassed when downloading version 0.15.6 (unlike version 0.23.0, which it simply refuses to download), even 0.15.6 is now flagged by Google Chrome as "suspicious." Multiple other vendors also mark this version as "malware" (virustotal.com results for the 0.15.6 release). Edit: I also just noticed that Windows Security flags version 0.15.6 after scanning it manually.

---

None of this is to say this project does or does not contain malware. I haven't looked through the source code, don't have the time to do so, and have decided to use an alternative solution until this is resolved (though I am interested in circling back to this project in the future, as I like its options and interface). So, to be clear, I'm not making any implications about whether this project is safe or not, I just thought it might be important to address this directly with the security vendors. If it is a false positive related to pyinstaller, it seems reasonable to assume others have (or will) run into this issue, so it's critical to resolve why the software is being detected as malware with the security vendors themselves, not just to make changes to the source in future releases to avoid the "false detections."

[ladle3000]

I was not able to create a Pull Request so I write the procedure here :

Adding Watermarking to Executable file to prevent False Positive Detection by Antivirus solutions

Create Two files in source directory with following contents :

version_info.txt

VSVersionInfo(
  ffi=FixedFileInfo(
    filevers=(0, 20, 3, 0),
    prodvers=(0, 20, 3, 0),
    mask=0x3f,
    flags=0x0,
    OS=0x40004,
    fileType=0x1,
    subtype=0x0,
    date=(0, 0)
    ),
  kids=[
    StringFileInfo(
      [
      StringTable(
        u'040904B0',
        [StringStruct(u'Exislow', u'Exislow'),
        StringStruct(u'FileDescription', u'TIDAL Downloader NG'),
        StringStruct(u'FileVersion', u'0.20.3'),
        StringStruct(u'InternalName', u'tidal-dl-ng'),
        StringStruct(u'LegalCopyright', u'\xa9 2024 Exislow'),
        StringStruct(u'OriginalFilename', u'TIDAL-Downloader-NG.exe'),
        StringStruct(u'ProductName', u'TIDAL Downloader NG'),
        StringStruct(u'ProductVersion', u'0.20.3')])
      ]),
    VarFileInfo([VarStruct(u'Translation', [1033, 1200])])
  ]
)

Create app.manifest file

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="0.20.3.0"
    processorArchitecture="*"
    name="TIDALDownloaderNG"
    type="win32"
  />
  <description>TIDAL Downloader NG Application</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
    </application>
  </compatibility>
</assembly>

Replace Line 60 to 92 in Makefile with this and Rebuild

.PHONY: gui-windows
gui-windows: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.ico \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

.PHONY: gui-linux
gui-linux: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.png \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

.PHONY: gui-macos
gui-macos: ## Build GUI app with PyInstaller
	@poetry run pyinstaller --noconfirm \
		--windowed --onedir \
		--name "$(APP_NAME)" \
		--noupx \
		--manifest "app.manifest" \
		--version-file "version_info.txt" \
		--icon $(path_asset)/icon.icns \
		--add-binary="pyproject.toml:." \
		--add-data="tidal_dl_ng/ui/default_album_image.png:./tidal_dl_ng/ui" \
		tidal_dl_ng/gui.py

Why are you "not able to make a pull request"?

[robfrawley]

This is the version I compiled, Just replace the EXE file with this

tidal-ng.zip

Assuming this file was created using the procedure you outlined in #231 (comment), those changes have not resolved the issue. Windows Defender automatically quarantines it as a "Trojan:Script/Wacatac.B!ml," and virustotal.com has eighteen detections for that archive.

[psychosys]

This is the version I compiled, Just replace the EXE file with this
tidal-ng.zip

Assuming this file was created using the procedure you outlined in #231 (comment), those changes have not resolved the issue. Windows Defender automatically quarantines it as a "Trojan:Script/Wacatac.B!ml," and virustotal.com has eighteen detections for that archive.

Sorry, Try this

TIDAL-Downloader-NG.zip

Pyinstaller is dead, Developer needs to switch to https://nuitka.net/

[psychosys]

Here is how to build, ICON and -Windows causing problem ... you need to remove --window or -w

Here is the Command :

poetry run pyinstaller --noconfirm --onedir --clean --name "TIDAL-Downloader-NG" --noupx --manifest "app.manifest" --version-file "version_info.txt" --add-binary "pyproject.toml:." --add-data "tidal_dl_ng/ui/default_album_image.png:tidal_dl_ng/ui" "tidal_dl_ng/gui.py"

[Damians0]

I solved, I added the false positive in the exceptions of Windows defender and amen.

[orbittwz]

I don't understand why the author cannot revert the changes regarding this issue to the 0.15.6 version which is OK even now.

[robfrawley]

I don't understand why the author cannot revert the changes regarding this issue to the 0.15.6 version which is OK even now.

@orbittwz You consider what I described in #231 (comment) "OK," because I do not (there are nine totalvirus.com detections found when scanning the 0.15.6 release).

---

Sorry, Try this

TIDAL-Downloader-NG.zip

@psychosys This second attempt at creating a "clean" executable still triggers a Windows Defender quarantine, as well as detections by multiple other security vendors.

---

I solved, I added the false positive in the exceptions of Windows Defender and amen.

@Damians0 This only ignores the problem; it is not a "solution." We aren't talking about software prone to false positives (like DLL injection, game mod loaders, software debuggers, or other programs that have to perform more "interesting" operations to work as intended); this is a file download tool. Nothing about its intended behavior should cause these sort of security vendor results.

There are only three reasonable possibilities:

1. This software is malicious and should not be used.
2. This software is not malicious but contains untraditional programming choices that mimic known malware behavior and should be changed.
3. This software is not malicious, is written in a completely normal way, and the security vendors need to be made aware of this false positive so it can be corrected on their end.

[orbittwz]

yep it's really with 9 detection alerts, I didn't knew this...
don't know what to say... guess it's time to avoid completely.

EDIT:
https://www.virustotal.com/gui/file/0ad857beab0ee09085344f381948327ecf6e9065c1e94bf9ac8aa52cdaea0fac/details

more like 18 detection alerts... bummer

[psychosys]

I don't understand why the author cannot revert the changes regarding this issue to the 0.15.6 version which is OK even now.

@orbittwz You consider what I described in #231 (comment) "OK," because I do not (there are nine totalvirus.com detections found when scanning the 0.15.6 release).

Sorry, Try this
TIDAL-Downloader-NG.zip

@psychosys This second attempt at creating a "clean" executable still triggers a Windows Defender quarantine, as well as detections by multiple other security vendors.

I solved, I added the false positive in the exceptions of Windows Defender and amen.

@Damians0 This only ignores the problem; it is not a "solution." We aren't talking about software prone to false positives (like DLL injection, game mod loaders, software debuggers, or other programs that have to perform more "interesting" operations to work as intended); this is a file download tool. Nothing about its intended behavior should cause these sort of security vendor results.

There are only three reasonable possibilities:

1. This software _is_ malicious and should not be used.

2. This software is _not_ malicious but contains untraditional programming choices that mimic known malware behavior and should be changed.

3. This software is _not_ malicious, is written in a completely normal way, and the security vendors need to be made aware of this false positive so it can be corrected on their end.

The topic was about Bitdefender , if you want to run the program as EXE this is the best you could get , Five detection with some junk antiviruses, it is working fine with all business standard antiviruses , also my Windows Defender doesn't block it ... have you updated your virus signatures ?

[psychosys]

I don't understand why the author cannot revert the changes regarding this issue to the 0.15.6 version which is OK even now.

1.5.6 is not okay anymore 🗡️

[ATJStellar]

Ok, So after some tinkering I found that specifically in my instance that Windows defender was blocking the download for Chrome, Opera, and Microsoft Edge. Windows Defender can prevent downloads in these browsers I have come to learn through troubleshooting. As for Why it is blocking this, IDK. Based on my tinkering, other antiviruses can override these browsers download protection with their own like windows defender does.

The Dev still needs to fix the pyinstaller issues, but Temporarily disabling antivirus during the initial download should work until it is fixed.

[orbittwz]

how disabling your AV should help this issue?? you are vulnerable if you do this and don't...

[ATJStellar]

how disabling your AV should help this issue?? you are vulnerable if you do this and don't...

Sorry if I phrased it wrong. Temporary turning off your AV. As in for specifically downloading TidalDownloaderGUI and then turning the AV back on. It's not recommended to do this of course, but if someone really wants to download the app it will work.

[orbittwz]

No, I understand what you said, but it doesn't help this issue, because the program is still malicious according to all...

[ATJStellar]

No, I understand what you said, but it doesn't help this issue, because the program is still malicious according to all...

So I see alot of discorse from a bunch of closed reports about this going back to here. It seems the issue is entirely due to PyInstaller, not that the code is malicious. It's sorta like the idea of Flash getting removed from the Internet. It's not that everything made with it was bad, but It left vulnerabilities that was deemed enough to stop anything made with it. Hence why PyInstaller itself is abandoned now.

[exislow]

@ALL of you, who cannot stop whining: Just stop and do your homework! Read the source code, google and especially read the README, if you like to use this project. Bonus

Also: PyInstaller is not dead. It still receives commits and releases. If somebody like to replace it with nuitka, feel free to get me a pull request :-)

I have updated the README with the information above, see 0f36d25

Thus, I am closing this issue now. Feel free to submit any ideas resulting out of this thread by a new issue and pull request!

[F1zzyD]

@exislow thanks for the read about pyinstaller. This is good to know when using other's projects.

However, when people politely raised concerns and provided feedback you claim that we are "whining" and respond with terrible rhetoric which makes it hard to trust your software.

Hopefully you apply the feedback and guidance that others have so kindly provided for you. I'm sure we'll wait for when your software doesn't pose a security risk.

[ryoko7]

Obviously, there is no way for the developer to correct someone else's false alarms. As they mentioned, ideas like getting rid of PyInstaller should be submitted as a pull request / feature issue. If you're worried about a "security risk," install an older version, compile the GUI yourself... or just don't use the project. The developer is doing all of this for free.

[robfrawley]

@ALL of you, who cannot stop whining: Just stop and do your homework! Read the source code, google and especially read the README, if you like to use this project. Bonus

Also: PyInstaller is not dead. It still receives commits and releases. If somebody like to replace it with nuitka, feel free to get me a pull request :-)

I have updated the README with the information above, see 0f36d25

Thus, I am closing this issue now. Feel free to submit any ideas resulting out of this thread by a new issue and pull request!

@exislow This was the wrong approach to take. Nothing about this issue is "invalid." It's fine if you don't have the resources to resolve this right now, but leave the issue open for others to find (and possibly work to fix). Closing it and saying, "stop whining [...] do your homework [and] read the source," comes across as passive-aggressive and doesn't solve anything for the many people who likely want to use this and (unlike us) aren't developers.

[psychosys]

You can download the SOURCE and run the program without having an EXE file .... these are the instructions

Install python 3.12
Download the Program Source Code, Copy and extract somewhere like C:\abc
Open Command Prompt, type :
pip3 install poetry

go to the location that you copied the program like :
C:
cd abc

type the following commands :

poetry lock
poetry install --all-extras --with dev,docs

now run the program by

poetry run tidal-dl-ng-gui

Create a Shortcut on Desktop
Paste Target as
poetry.exe run tidal-dl-ng-gui

and Start in the Path you have the program Source Code like C:\abc\tidal-dl-ng-master\tidal_dl_ng

Click on Apply, Run the Shortcut from the Desktop, Easy as that ... No More EXE

[kaif-00z]

@exislow use https://nuitka.net/ rather than pyinstaller , and nuitka doesn't give false positive

[orbittwz]

of course it does, as mentioned before:

running v0.23.8 here and the program is not being flagged.

[MonkeyDLuffy-Gang]

This sucks big time having to switch off the antivirus when using the app is frustrating because if I don't Bit defender for whatever reason will still flag and delete it even when you add the app and it's other assets to exceptions bit defender will still try to remove it.

[orbittwz]

I already mentioned it's OK for me with latest version, my AV flagged the exe file, I just excluded it and seems fine.
The program is using Nuitka Packager now and it's known to trigger antiviruses as noted in #314