Virus in download

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Virus in download

Jeff Stout
Hi,
I tried to download 3D slicer today, but Sophos anti-virus is blocking my access to the file:

20160914 144740              Virus/spyware 'Mal/Generic-S' has been detected at "http://slicer.kitware.com/midas3/download?bitstream=461637"

I can think up a work around, but it makes me awfully nervous. Can anyone allay my fears?

Thanks,

Jeff


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

inorton
The Slicer download has been false-positive flagged occasionally (see: http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detection-issue-resolved-td4029949.html)

Unfortunately we are still not able to sign all the binaries, or use https:// for downloads, so the binaries get higher scrutiny and may even be flagged without matching a specific signature.

The binaries are built on machines managed by Kitware, FWIW. If you don't want to trust the build factories, building from source is always an option.

On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
Hi,
I tried to download 3D slicer today, but Sophos anti-virus is blocking my access to the file:

20160914 144740              Virus/spyware 'Mal/Generic-S' has been detected at "http://slicer.kitware.com/midas3/download?bitstream=461637"

I can think up a work around, but it makes me awfully nervous. Can anyone allay my fears?

Thanks,

Jeff


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Andrey Fedorov-2
> Unfortunately we are still not able to sign all the binaries, or use
> https:// for downloads, so the binaries get higher scrutiny and may even be
> flagged without matching a specific signature.

Yet another reason to move away from hosting binaries on midas and
switch to github. As was discussed in
http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.


On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton <[hidden email]> wrote:

> The Slicer download has been false-positive flagged occasionally (see:
> http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detection-issue-resolved-td4029949.html)
>
> Unfortunately we are still not able to sign all the binaries, or use
> https:// for downloads, so the binaries get higher scrutiny and may even be
> flagged without matching a specific signature.
>
> The binaries are built on machines managed by Kitware, FWIW. If you don't
> want to trust the build factories, building from source is always an option.
>
> On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>>
>> Hi,
>> I tried to download 3D slicer today, but Sophos anti-virus is blocking my
>> access to the file:
>>
>> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> detected at "http://slicer.kitware.com/midas3/download?bitstream=461637"
>>
>> I can think up a work around, but it makes me awfully nervous. Can anyone
>> allay my fears?
>>
>> Thanks,
>>
>> Jeff
>>
>>
>> _______________________________________________
>> slicer-users mailing list
>> [hidden email]
>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> To unsubscribe: send email to [hidden email] with
>> unsubscribe as the subject
>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
>
> _______________________________________________
> slicer-users mailing list
> [hidden email]
> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
> To unsubscribe: send email to [hidden email] with
> unsubscribe as the subject
> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Andras Lasso-2
Also, today Slicer package download from midas took 21 minutes (from github download takes about half minute).

Andras

-----Original Message-----
From: slicer-users [mailto:[hidden email]] On Behalf Of Andrey Fedorov
Sent: September 14, 2016 14:29
To: Isaiah Norton <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

> Unfortunately we are still not able to sign all the binaries, or use
> https:// for downloads, so the binaries get higher scrutiny and may
> even be flagged without matching a specific signature.

Yet another reason to move away from hosting binaries on midas and switch to github. As was discussed in http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.


On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton <[hidden email]> wrote:

> The Slicer download has been false-positive flagged occasionally (see:
> http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detec
> tion-issue-resolved-td4029949.html)
>
> Unfortunately we are still not able to sign all the binaries, or use
> https:// for downloads, so the binaries get higher scrutiny and may
> even be flagged without matching a specific signature.
>
> The binaries are built on machines managed by Kitware, FWIW. If you
> don't want to trust the build factories, building from source is always an option.
>
> On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>>
>> Hi,
>> I tried to download 3D slicer today, but Sophos anti-virus is
>> blocking my access to the file:
>>
>> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> detected at "http://slicer.kitware.com/midas3/download?bitstream=461637"
>>
>> I can think up a work around, but it makes me awfully nervous. Can
>> anyone allay my fears?
>>
>> Thanks,
>>
>> Jeff
>>
>>
>> _______________________________________________
>> slicer-users mailing list
>> [hidden email]
>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> To unsubscribe: send email to [hidden email]
>> with unsubscribe as the subject
>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
>
> _______________________________________________
> slicer-users mailing list
> [hidden email]
> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
> To unsubscribe: send email to [hidden email]
> with unsubscribe as the subject
> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

inorton
In reply to this post by inorton
On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov <[hidden email]> wrote:
Yet another reason to move away from hosting binaries on midas and
switch to github. As was discussed in

If my objection is holding this back (however unlikely), I'm happy to withdraw it.

 
http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.


On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton <[hidden email]> wrote:
> The Slicer download has been false-positive flagged occasionally (see:
> http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detection-issue-resolved-td4029949.html)
>
> Unfortunately we are still not able to sign all the binaries, or use
> https:// for downloads, so the binaries get higher scrutiny and may even be
> flagged without matching a specific signature.
>
> The binaries are built on machines managed by Kitware, FWIW. If you don't
> want to trust the build factories, building from source is always an option.
>
> On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>>
>> Hi,
>> I tried to download 3D slicer today, but Sophos anti-virus is blocking my
>> access to the file:
>>
>> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> detected at "http://slicer.kitware.com/midas3/download?bitstream=461637"
>>
>> I can think up a work around, but it makes me awfully nervous. Can anyone
>> allay my fears?
>>
>> Thanks,
>>
>> Jeff
>>
>>
>> _______________________________________________
>> slicer-users mailing list
>> [hidden email]
>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> To unsubscribe: send email to [hidden email] with
>> unsubscribe as the subject
>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
>
> _______________________________________________
> slicer-users mailing list
> [hidden email]
> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
> To unsubscribe: send email to [hidden email] with
> unsubscribe as the subject
> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Andrey Fedorov-2
In reply to this post by inorton
On Wed, Sep 14, 2016 at 3:27 PM, Isaiah Norton <[hidden email]> wrote:

> On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov <[hidden email]>
> wrote:
>>
>> Yet another reason to move away from hosting binaries on midas and
>> switch to github. As was discussed in
>
>
> If my objection is holding this back (however unlikely), I'm happy to
> withdraw it.
>
>

Oh no, by no means. I think the main reason this didn't happen is just
that no-one took ownership of this task.

Since I proposed it, I promise to spend some time this week to
investigate - basically, we need to figure out how to use github API
to do an upload. Once that is done, augmenting the dashboard script
should be trivial. If there is someone on the list who has experience
with github API (I don't have any) who wants to own it - please speak
up!


>>
>>
>> http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.
>>
>>
>> On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton <[hidden email]>
>> wrote:
>> > The Slicer download has been false-positive flagged occasionally (see:
>> >
>> > http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detection-issue-resolved-td4029949.html)
>> >
>> > Unfortunately we are still not able to sign all the binaries, or use
>> > https:// for downloads, so the binaries get higher scrutiny and may even
>> > be
>> > flagged without matching a specific signature.
>> >
>> > The binaries are built on machines managed by Kitware, FWIW. If you
>> > don't
>> > want to trust the build factories, building from source is always an
>> > option.
>> >
>> > On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>> >>
>> >> Hi,
>> >> I tried to download 3D slicer today, but Sophos anti-virus is blocking
>> >> my
>> >> access to the file:
>> >>
>> >> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> >> detected at
>> >> "http://slicer.kitware.com/midas3/download?bitstream=461637"
>> >>
>> >> I can think up a work around, but it makes me awfully nervous. Can
>> >> anyone
>> >> allay my fears?
>> >>
>> >> Thanks,
>> >>
>> >> Jeff
>> >>
>> >>
>> >> _______________________________________________
>> >> slicer-users mailing list
>> >> [hidden email]
>> >> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> >> To unsubscribe: send email to [hidden email] with
>> >> unsubscribe as the subject
>> >> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>> >
>> >
>> >
>> > _______________________________________________
>> > slicer-users mailing list
>> > [hidden email]
>> > http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> > To unsubscribe: send email to [hidden email] with
>> > unsubscribe as the subject
>> > http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Halle, Michael Wilfred,Ph.D.
In reply to this post by inorton
The download stats we collect does depend on the midas architecture right now, so any change would require engineering on our side.

Another fix would be for midas just to serve the metadata and cough up a URL to somewhere else (GitHub, AWS, Google cloud) for the binary blob that is the download file itself. That would offload the kitware infrastructure and give better performance all around.

BTW, have we definitively confirmed that service via http and without app signing would have any impact on virus scanning, or was that just an hypothesis?

I am not saying those things aren't good, I just want to focus on the problem at hand.

-Mike



From: Isaiah Norton <[hidden email]>
Sent: Sep 14, 2016 3:27 PM
To: Andrey Fedorov
Cc: SPL Slicer Users
Subject: Re: [slicer-users] Virus in download

On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov <[hidden email]> wrote:
Yet another reason to move away from hosting binaries on midas and
switch to github. As was discussed in

If my objection is holding this back (however unlikely), I'm happy to withdraw it.

 
http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.


On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton <[hidden email]> wrote:
> The Slicer download has been false-positive flagged occasionally (see:
> http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detection-issue-resolved-td4029949.html)
>
> Unfortunately we are still not able to sign all the binaries, or use
> https:// for downloads, so the binaries get higher scrutiny and may even be
> flagged without matching a specific signature.
>
> The binaries are built on machines managed by Kitware, FWIW. If you don't
> want to trust the build factories, building from source is always an option.
>
> On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>>
>> Hi,
>> I tried to download 3D slicer today, but Sophos anti-virus is blocking my
>> access to the file:
>>
>> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> detected at "http://slicer.kitware.com/midas3/download?bitstream=461637"
>>
>> I can think up a work around, but it makes me awfully nervous. Can anyone
>> allay my fears?
>>
>> Thanks,
>>
>> Jeff
>>
>>
>> _______________________________________________
>> slicer-users mailing list
>> [hidden email]
>> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> To unsubscribe: send email to [hidden email] with
>> unsubscribe as the subject
>> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
>
> _______________________________________________
> slicer-users mailing list
> [hidden email]
> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
> To unsubscribe: send email to [hidden email] with
> unsubscribe as the subject
> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Andrey Fedorov-2
In reply to this post by inorton
>
> BTW, have we definitively confirmed that service via http and without app
> signing would have any impact on virus scanning, or was that just an
> hypothesis?
>

Mike, the advantages of using github were summarized earlier in that
thread. Switching to https is just one feature we would get for free
from githib, and switching to https makes common sense. Other than
statistics tracking, I didn't see any valid counter arguments. Now the
choice is what is more important for us as a community - download
stats or github goodies.

Considering we de facto don't have consensus on the next steps, I
withdraw my offer to investigate this issue, since I don't feel like
it will not be waste of my time.


On Wed, Sep 14, 2016 at 3:36 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:

> The download stats we collect does depend on the midas architecture right
> now, so any change would require engineering on our side.
>
> Another fix would be for midas just to serve the metadata and cough up a URL
> to somewhere else (GitHub, AWS, Google cloud) for the binary blob that is
> the download file itself. That would offload the kitware infrastructure and
> give better performance all around.
>
> BTW, have we definitively confirmed that service via http and without app
> signing would have any impact on virus scanning, or was that just an
> hypothesis?
>
> I am not saying those things aren't good, I just want to focus on the
> problem at hand.
>
> -Mike
>
>
> ________________________________
> From: Isaiah Norton <[hidden email]>
> Sent: Sep 14, 2016 3:27 PM
> To: Andrey Fedorov
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Virus in download
>
> On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov <[hidden email]>
> wrote:
>>
>> Yet another reason to move away from hosting binaries on midas and
>> switch to github. As was discussed in
>
>
> If my objection is holding this back (however unlikely), I'm happy to
> withdraw it.
>
>
>>
>>
>> http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.
>>
>>
>>
>> On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton <[hidden email]>
>> wrote:
>> > The Slicer download has been false-positive flagged occasionally (see:
>> >
>> > http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-detection-issue-resolved-td4029949.html)
>> >
>> > Unfortunately we are still not able to sign all the binaries, or use
>> > https:// for downloads, so the binaries get higher scrutiny and may even
>> > be
>> > flagged without matching a specific signature.
>> >
>> > The binaries are built on machines managed by Kitware, FWIW. If you
>> > don't
>> > want to trust the build factories, building from source is always an
>> > option.
>> >
>> > On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>> >>
>> >> Hi,
>> >> I tried to download 3D slicer today, but Sophos anti-virus is blocking
>> >> my
>> >> access to the file:
>> >>
>> >> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> >> detected at
>> >> "http://slicer.kitware.com/midas3/download?bitstream=461637"
>> >>
>> >> I can think up a work around, but it makes me awfully nervous. Can
>> >> anyone
>> >> allay my fears?
>> >>
>> >> Thanks,
>> >>
>> >> Jeff
>> >>
>> >>
>> >> _______________________________________________
>> >> slicer-users mailing list
>> >> [hidden email]
>> >> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> >> To unsubscribe: send email to [hidden email] with
>> >> unsubscribe as the subject
>> >> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>> >
>> >
>> >
>> > _______________________________________________
>> > slicer-users mailing list
>> > [hidden email]
>> > http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> > To unsubscribe: send email to [hidden email] with
>> > unsubscribe as the subject
>> > http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
> The information in this e-mail is intended only for the person to whom it is
> addressed. If you believe this e-mail was sent to you in error and the
> e-mail
> contains patient information, please contact the Partners Compliance
> HelpLine at
> http://www.partners.org/complianceline . If the e-mail was sent to you in
> error
> but does not contain patient information, please contact the sender and
> properly
> dispose of the e-mail.
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Andras Lasso-2
Could we set up google analytics or some other analytics package to track download page visits and clicks?

If we make the download page a regular wiki page (that is updated nightly with links to new releases) then we could use the same infrastructure to get info on both downloads and page visits.

Google analytics seems to be available for MediaWiki already (https://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration).

Andras

-----Original Message-----
From: slicer-users [mailto:[hidden email]] On Behalf Of Andrey Fedorov
Sent: September 14, 2016 15:47
To: Halle, Michael Wilfred,Ph.D. <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>

Mike, the advantages of using github were summarized earlier in that thread. Switching to https is just one feature we would get for free from githib, and switching to https makes common sense. Other than statistics tracking, I didn't see any valid counter arguments. Now the choice is what is more important for us as a community - download stats or github goodies.

Considering we de facto don't have consensus on the next steps, I withdraw my offer to investigate this issue, since I don't feel like it will not be waste of my time.


On Wed, Sep 14, 2016 at 3:36 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:

> The download stats we collect does depend on the midas architecture
> right now, so any change would require engineering on our side.
>
> Another fix would be for midas just to serve the metadata and cough up
> a URL to somewhere else (GitHub, AWS, Google cloud) for the binary
> blob that is the download file itself. That would offload the kitware
> infrastructure and give better performance all around.
>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>
> I am not saying those things aren't good, I just want to focus on the
> problem at hand.
>
> -Mike
>
>
> ________________________________
> From: Isaiah Norton <[hidden email]>
> Sent: Sep 14, 2016 3:27 PM
> To: Andrey Fedorov
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Virus in download
>
> On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov
> <[hidden email]>
> wrote:
>>
>> Yet another reason to move away from hosting binaries on midas and
>> switch to github. As was discussed in
>
>
> If my objection is holding this back (however unlikely), I'm happy to
> withdraw it.
>
>
>>
>>
>> http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.
>>
>>
>>
>> On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton
>> <[hidden email]>
>> wrote:
>> > The Slicer download has been false-positive flagged occasionally (see:
>> >
>> > http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-de
>> > tection-issue-resolved-td4029949.html)
>> >
>> > Unfortunately we are still not able to sign all the binaries, or
>> > use https:// for downloads, so the binaries get higher scrutiny and
>> > may even be flagged without matching a specific signature.
>> >
>> > The binaries are built on machines managed by Kitware, FWIW. If you
>> > don't want to trust the build factories, building from source is
>> > always an option.
>> >
>> > On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>> >>
>> >> Hi,
>> >> I tried to download 3D slicer today, but Sophos anti-virus is
>> >> blocking my access to the file:
>> >>
>> >> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> >> detected at
>> >> "http://slicer.kitware.com/midas3/download?bitstream=461637"
>> >>
>> >> I can think up a work around, but it makes me awfully nervous. Can
>> >> anyone allay my fears?
>> >>
>> >> Thanks,
>> >>
>> >> Jeff
>> >>
>> >>
>> >> _______________________________________________
>> >> slicer-users mailing list
>> >> [hidden email]
>> >> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> >> To unsubscribe: send email to [hidden email]
>> >> with unsubscribe as the subject
>> >> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>> >
>> >
>> >
>> > _______________________________________________
>> > slicer-users mailing list
>> > [hidden email]
>> > http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> > To unsubscribe: send email to [hidden email]
>> > with unsubscribe as the subject
>> > http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
> The information in this e-mail is intended only for the person to whom
> it is addressed. If you believe this e-mail was sent to you in error
> and the e-mail contains patient information, please contact the
> Partners Compliance HelpLine at http://www.partners.org/complianceline 
> . If the e-mail was sent to you in error but does not contain patient
> information, please contact the sender and properly dispose of the
> e-mail.
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Halle, Michael Wilfred,Ph.D.
In reply to this post by Andrey Fedorov-2
Given that we have an effective download stats mechanism, I would suggest focusing on the problems at hand (virus reports, download speed) and broadening the scope only as needed.

We can ask our media wiki consultant Greg about adding Google analytics to the slicer wiki, which really is a separate issue.

-Mike



From: Andras Lasso <[hidden email]>
Sent: Sep 15, 2016 9:08 AM
To: Andrey Fedorov; Halle, Michael Wilfred,Ph.D.
Cc: SPL Slicer Users
Subject: RE: [slicer-users] Virus in download

Could we set up google analytics or some other analytics package to track download page visits and clicks?

If we make the download page a regular wiki page (that is updated nightly with links to new releases) then we could use the same infrastructure to get info on both downloads and page visits.

Google analytics seems to be available for MediaWiki already (https://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration).

Andras

-----Original Message-----
From: slicer-users [[hidden email]] On Behalf Of Andrey Fedorov
Sent: September 14, 2016 15:47
To: Halle, Michael Wilfred,Ph.D. <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>

Mike, the advantages of using github were summarized earlier in that thread. Switching to https is just one feature we would get for free from githib, and switching to https makes common sense. Other than statistics tracking, I didn't see any valid counter arguments. Now the choice is what is more important for us as a community - download stats or github goodies.

Considering we de facto don't have consensus on the next steps, I withdraw my offer to investigate this issue, since I don't feel like it will not be waste of my time.


On Wed, Sep 14, 2016 at 3:36 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:
> The download stats we collect does depend on the midas architecture
> right now, so any change would require engineering on our side.
>
> Another fix would be for midas just to serve the metadata and cough up
> a URL to somewhere else (GitHub, AWS, Google cloud) for the binary
> blob that is the download file itself. That would offload the kitware
> infrastructure and give better performance all around.
>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>
> I am not saying those things aren't good, I just want to focus on the
> problem at hand.
>
> -Mike
>
>
> ________________________________
> From: Isaiah Norton <[hidden email]>
> Sent: Sep 14, 2016 3:27 PM
> To: Andrey Fedorov
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Virus in download
>
> On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov
> <[hidden email]>
> wrote:
>>
>> Yet another reason to move away from hosting binaries on midas and
>> switch to github. As was discussed in
>
>
> If my objection is holding this back (however unlikely), I'm happy to
> withdraw it.
>
>
>>
>>
>> http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.
>>
>>
>>
>> On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton
>> <[hidden email]>
>> wrote:
>> > The Slicer download has been false-positive flagged occasionally (see:
>> >
>> > http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-de
>> > tection-issue-resolved-td4029949.html)
>> >
>> > Unfortunately we are still not able to sign all the binaries, or
>> > use https:// for downloads, so the binaries get higher scrutiny and
>> > may even be flagged without matching a specific signature.
>> >
>> > The binaries are built on machines managed by Kitware, FWIW. If you
>> > don't want to trust the build factories, building from source is
>> > always an option.
>> >
>> > On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>> >>
>> >> Hi,
>> >> I tried to download 3D slicer today, but Sophos anti-virus is
>> >> blocking my access to the file:
>> >>
>> >> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> >> detected at
>> >> "http://slicer.kitware.com/midas3/download?bitstream=461637"
>> >>
>> >> I can think up a work around, but it makes me awfully nervous. Can
>> >> anyone allay my fears?
>> >>
>> >> Thanks,
>> >>
>> >> Jeff
>> >>
>> >>
>> >> _______________________________________________
>> >> slicer-users mailing list
>> >> [hidden email]
>> >> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> >> To unsubscribe: send email to [hidden email]
>> >> with unsubscribe as the subject
>> >> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>> >
>> >
>> >
>> > _______________________________________________
>> > slicer-users mailing list
>> > [hidden email]
>> > http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> > To unsubscribe: send email to [hidden email]
>> > with unsubscribe as the subject
>> > http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
> The information in this e-mail is intended only for the person to whom
> it is addressed. If you believe this e-mail was sent to you in error
> and the e-mail contains patient information, please contact the
> Partners Compliance HelpLine at http://www.partners.org/complianceline
> . If the e-mail was sent to you in error but does not contain patient
> information, please contact the sender and properly dispose of the
> e-mail.
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ

_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Andras Lasso-2
In reply to this post by Andrey Fedorov-2

As far as I know, development of MIDAS is effectively stopped (Kitware is working on girder instead), so probably we cannot expect MIDAS to be enhanced to support downloading from external sources. Therefore, I think we have to look for solutions elsewhere.

 

If make the download page a wiki page then improving wiki analytics could solve both wiki and download stats at the same time.

 

The current Slicer download stats information is OK and better than what github offers, but Google analytics is a different league, it would allow us to get to know our users much better.

 

Andras

 

From: Halle, Michael Wilfred,Ph.D. [mailto:[hidden email]]
Sent: September 15, 2016 9:25
To: Andras Lasso <[hidden email]>; Andrey Fedorov <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

 

Given that we have an effective download stats mechanism, I would suggest focusing on the problems at hand (virus reports, download speed) and broadening the scope only as needed.

We can ask our media wiki consultant Greg about adding Google analytics to the slicer wiki, which really is a separate issue.

-Mike

 

 


From: Andras Lasso <[hidden email]>
Sent: Sep 15, 2016 9:08 AM
To: Andrey Fedorov; Halle, Michael Wilfred,Ph.D.
Cc: SPL Slicer Users
Subject: RE: [slicer-users] Virus in download

 

Could we set up google analytics or some other analytics package to track download page visits and clicks?

If we make the download page a regular wiki page (that is updated nightly with links to new releases) then we could use the same infrastructure to get info on both downloads and page visits.

Google analytics seems to be available for MediaWiki already (https://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration).

Andras

-----Original Message-----
From: slicer-users [[hidden email]] On Behalf Of Andrey Fedorov
Sent: September 14, 2016 15:47
To: Halle, Michael Wilfred,Ph.D. <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>

Mike, the advantages of using github were summarized earlier in that thread. Switching to https is just one feature we would get for free from githib, and switching to https makes common sense. Other than statistics tracking, I didn't see any valid counter arguments. Now the choice is what is more important for us as a community - download stats or github goodies.

Considering we de facto don't have consensus on the next steps, I withdraw my offer to investigate this issue, since I don't feel like it will not be waste of my time.


On Wed, Sep 14, 2016 at 3:36 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:
> The download stats we collect does depend on the midas architecture
> right now, so any change would require engineering on our side.
>
> Another fix would be for midas just to serve the metadata and cough up
> a URL to somewhere else (GitHub, AWS, Google cloud) for the binary
> blob that is the download file itself. That would offload the kitware
> infrastructure and give better performance all around.
>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>
> I am not saying those things aren't good, I just want to focus on the
> problem at hand.
>
> -Mike
>
>
> ________________________________
> From: Isaiah Norton <[hidden email]>
> Sent: Sep 14, 2016 3:27 PM
> To: Andrey Fedorov
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Virus in download
>
> On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov
> <[hidden email]>
> wrote:
>>
>> Yet another reason to move away from hosting binaries on midas and
>> switch to github. As was discussed in
>
>
> If my objection is holding this back (however unlikely), I'm happy to
> withdraw it.
>
>
>>
>>
>> http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.
>>
>>
>>
>> On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton
>> <[hidden email]>
>> wrote:
>> > The Slicer download has been false-positive flagged occasionally (see:
>> >
>> > http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-de
>> > tection-issue-resolved-td4029949.html)
>> >
>> > Unfortunately we are still not able to sign all the binaries, or
>> > use https:// for downloads, so the binaries get higher scrutiny and
>> > may even be flagged without matching a specific signature.
>> >
>> > The binaries are built on machines managed by Kitware, FWIW. If you
>> > don't want to trust the build factories, building from source is
>> > always an option.
>> >
>> > On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>> >>
>> >> Hi,
>> >> I tried to download 3D slicer today, but Sophos anti-virus is
>> >> blocking my access to the file:
>> >>
>> >> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> >> detected at
>> >> "http://slicer.kitware.com/midas3/download?bitstream=461637"
>> >>
>> >> I can think up a work around, but it makes me awfully nervous. Can
>> >> anyone allay my fears?
>> >>
>> >> Thanks,
>> >>
>> >> Jeff
>> >>
>> >>
>> >> _______________________________________________
>> >> slicer-users mailing list
>> >> [hidden email]
>> >> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> >> To unsubscribe: send email to [hidden email]
>> >> with unsubscribe as the subject
>> >> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>> >
>> >
>> >
>> > _______________________________________________
>> > slicer-users mailing list
>> > [hidden email]
>> > http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> > To unsubscribe: send email to [hidden email]
>> > with unsubscribe as the subject
>> > http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
> The information in this e-mail is intended only for the person to whom
> it is addressed. If you believe this e-mail was sent to you in error
> and the e-mail contains patient information, please contact the
> Partners Compliance HelpLine at http://www.partners.org/complianceline
> . If the e-mail was sent to you in error but does not contain patient
> information, please contact the sender and properly dispose of the
> e-mail.
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
Reply | Threaded
Open this post in threaded view
|

Re: Virus in download

Halle, Michael Wilfred,Ph.D.
In reply to this post by Andrey Fedorov-2
I don't believe Google analytics is going to know how to aggregate all the slicer 4.5 downloads across all nightlies into a single number for a grant proposal, so there would need to be custom infrastructure built on top anyway.

The download stats might be just "OK", but it was designed from the ground up to answer at least some of the questions we frequently need answers for.

-Mike



From: Andras Lasso <[hidden email]>
Sent: Sep 15, 2016 9:38 AM
To: Halle, Michael Wilfred,Ph.D.; Andrey Fedorov
Cc: SPL Slicer Users
Subject: RE: [slicer-users] Virus in download

As far as I know, development of MIDAS is effectively stopped (Kitware is working on girder instead), so probably we cannot expect MIDAS to be enhanced to support downloading from external sources. Therefore, I think we have to look for solutions elsewhere.

 

If make the download page a wiki page then improving wiki analytics could solve both wiki and download stats at the same time.

 

The current Slicer download stats information is OK and better than what github offers, but Google analytics is a different league, it would allow us to get to know our users much better.

 

Andras

 

From: Halle, Michael Wilfred,Ph.D. [mailto:[hidden email]]
Sent: September 15, 2016 9:25
To: Andras Lasso <[hidden email]>; Andrey Fedorov <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

 

Given that we have an effective download stats mechanism, I would suggest focusing on the problems at hand (virus reports, download speed) and broadening the scope only as needed.

We can ask our media wiki consultant Greg about adding Google analytics to the slicer wiki, which really is a separate issue.

-Mike

 

 


From: Andras Lasso <[hidden email]>
Sent: Sep 15, 2016 9:08 AM
To: Andrey Fedorov; Halle, Michael Wilfred,Ph.D.
Cc: SPL Slicer Users
Subject: RE: [slicer-users] Virus in download

 

Could we set up google analytics or some other analytics package to track download page visits and clicks?

If we make the download page a regular wiki page (that is updated nightly with links to new releases) then we could use the same infrastructure to get info on both downloads and page visits.

Google analytics seems to be available for MediaWiki already (https://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration).

Andras

-----Original Message-----
From: slicer-users [[hidden email]] On Behalf Of Andrey Fedorov
Sent: September 14, 2016 15:47
To: Halle, Michael Wilfred,Ph.D. <[hidden email]>
Cc: SPL Slicer Users <[hidden email]>
Subject: Re: [slicer-users] Virus in download

>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>

Mike, the advantages of using github were summarized earlier in that thread. Switching to https is just one feature we would get for free from githib, and switching to https makes common sense. Other than statistics tracking, I didn't see any valid counter arguments. Now the choice is what is more important for us as a community - download stats or github goodies.

Considering we de facto don't have consensus on the next steps, I withdraw my offer to investigate this issue, since I don't feel like it will not be waste of my time.


On Wed, Sep 14, 2016 at 3:36 PM, Halle, Michael Wilfred,Ph.D.
<[hidden email]> wrote:
> The download stats we collect does depend on the midas architecture
> right now, so any change would require engineering on our side.
>
> Another fix would be for midas just to serve the metadata and cough up
> a URL to somewhere else (GitHub, AWS, Google cloud) for the binary
> blob that is the download file itself. That would offload the kitware
> infrastructure and give better performance all around.
>
> BTW, have we definitively confirmed that service via http and without
> app signing would have any impact on virus scanning, or was that just
> an hypothesis?
>
> I am not saying those things aren't good, I just want to focus on the
> problem at hand.
>
> -Mike
>
>
> ________________________________
> From: Isaiah Norton <[hidden email]>
> Sent: Sep 14, 2016 3:27 PM
> To: Andrey Fedorov
> Cc: SPL Slicer Users
> Subject: Re: [slicer-users] Virus in download
>
> On Wed, Sep 14, 2016 at 2:29 PM, Andrey Fedorov
> <[hidden email]>
> wrote:
>>
>> Yet another reason to move away from hosting binaries on midas and
>> switch to github. As was discussed in
>
>
> If my objection is holding this back (however unlikely), I'm happy to
> withdraw it.
>
>
>>
>>
>> http://slicer-devel.65872.n3.nabble.com/Slicer-binary-download-is-extremely-slow-consider-github-for-hosting-packaged-binaries-td4036985i20.html#a4037027.
>>
>>
>>
>> On Wed, Sep 14, 2016 at 2:26 PM, Isaiah Norton
>> <[hidden email]>
>> wrote:
>> > The Slicer download has been false-positive flagged occasionally (see:
>> >
>> > http://slicer-users.65878.n3.nabble.com/Installation-issue-virus-de
>> > tection-issue-resolved-td4029949.html)
>> >
>> > Unfortunately we are still not able to sign all the binaries, or
>> > use https:// for downloads, so the binaries get higher scrutiny and
>> > may even be flagged without matching a specific signature.
>> >
>> > The binaries are built on machines managed by Kitware, FWIW. If you
>> > don't want to trust the build factories, building from source is
>> > always an option.
>> >
>> > On Wed, Sep 14, 2016 at 1:44 PM, Jeff Stout <[hidden email]> wrote:
>> >>
>> >> Hi,
>> >> I tried to download 3D slicer today, but Sophos anti-virus is
>> >> blocking my access to the file:
>> >>
>> >> 20160914 144740              Virus/spyware 'Mal/Generic-S' has been
>> >> detected at
>> >> "http://slicer.kitware.com/midas3/download?bitstream=461637"
>> >>
>> >> I can think up a work around, but it makes me awfully nervous. Can
>> >> anyone allay my fears?
>> >>
>> >> Thanks,
>> >>
>> >> Jeff
>> >>
>> >>
>> >> _______________________________________________
>> >> slicer-users mailing list
>> >> [hidden email]
>> >> http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> >> To unsubscribe: send email to [hidden email]
>> >> with unsubscribe as the subject
>> >> http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>> >
>> >
>> >
>> > _______________________________________________
>> > slicer-users mailing list
>> > [hidden email]
>> > http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
>> > To unsubscribe: send email to [hidden email]
>> > with unsubscribe as the subject
>> > http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ
>
>
> The information in this e-mail is intended only for the person to whom
> it is addressed. If you believe this e-mail was sent to you in error
> and the e-mail contains patient information, please contact the
> Partners Compliance HelpLine at http://www.partners.org/complianceline
> . If the e-mail was sent to you in error but does not contain patient
> information, please contact the sender and properly dispose of the
> e-mail.
_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ


_______________________________________________
slicer-users mailing list
[hidden email]
http://massmail.spl.harvard.edu/mailman/listinfo/slicer-users
To unsubscribe: send email to [hidden email] with unsubscribe as the subject
http://www.slicer.org/slicerWiki/index.php/Documentation/4.3/FAQ