AV False Positive reported about xiv-on-mac HOT 6 CLOSED

from xiv-on-mac.

If you have further questions about XOM and if it's safe to use, please read: https://www.xivmac.com/frequently-asked-questions#q-is-xiv-on-mac-safe

from xiv-on-mac.

Thanks. I searched for previous issues on virus/trojans and anti-virus, and it reported no matches, hence the "just in case" post. Didn't know about the built-in AV on MacOS -- Helpful link for our own compliance documentation. Cheers!

from xiv-on-mac.

Thanks. I searched for previous issues on virus/trojans and anti-virus, and it reported no matches, hence the "just in case" post. Didn't know about the built-in AV on MacOS -- Helpful link for our own compliance documentation. Cheers!

Yea, and I apologize for being soo stern on this topic.

The issue is that posts like these can be misunderstood by certain users. My goal here is to squash any misconceptions or ideas that people might have in the first place about our software.

Bottomline, we take security here EXTREMELY seriously. It's the main reason we keep everything open source. Any user is free to look at the code & compile the application themselves.

I appreciate your understanding, i'm glad the document could shed some light on the situation.

from xiv-on-mac.

No worries -- You never know when a library has dependencies on other libraries that bring along compromised content. This supply chain vulnerability vector is often overlooked by development teams, especially in open source development, or so it has been my experience. Hence the "FYI" -- I understand the concern with people who misunderstand possibility with reality, especially in open public forums like this one, though the developer-oriented nature of Github would hopefully mitigate this. Thanks for taking the time and effort, and having the passion, to all involved, for making a great (and safe) software!

from xiv-on-mac.

No worries -- You never know when a library has dependencies on other libraries that bring along compromised content.

I also understand this as well, it's why when I say we take security serious for our users, I meant it.

A good example of this is how we work side by side with the Dalamud team, Wine and moltenvk devs. They are integral to a lot of aspects of our software. Those same devs are also active in our discord private dev channels and share the same philosophies as us. Find out more about their security stuff here: https://goatcorp.github.io/faq/xl_troubleshooting.html#q-are-xivlauncher-dalamud-and-dalamud-plugins-safe-to-use

One last thing I'd like to mention is that a windows library file was false flagged from a Dalamud process...the key point here is that it was a windows .dll and has zero authority in a sandboxed environment. Even if it was malcious (which it is not) the worst it could do would be to mess up Wine inside our XOM application.

Lastly, on the topic of XIVL/Dalamud, these guys are insanely huge. They aren't going to be pulling a gshade on anyone!

from xiv-on-mac.