BLIde Plus update available

BlitzMax Forums/BlitzMax Programming/BLIde Plus update available

ziggy(Posted 2013) [#1]
Hello!

A new BLIde Plus update is available to BLIde Plus users.

For newcomers, BLIde Plus is a Windows BlitzMax IDE that provides many features for authoring, modifying, compiling, deploying and debugging games and applications written in BlitzMax. It also provides a complete intellisense system, code folding, and a long list of useful features. For more information see here: http://www.blide.org and here: http://www.blide.org/?page_id=357

This new update brings a new algorithm for the Advanced Module Builder that allows BLIde to build groups of modules with interdependencies in the right order, using an build scheduler.

This is the changelog:
BLIde version 13.03.1201 SP1
• Fixed a crash that could make BLIde crash when the user clicked on a solution link on the welcome page, and the solution was no longer at the registered disk location. This was also affecting recent solutions on the File menu

• Modified the manual Bug Reports system, so it won't appear at a ultra small size.

• Added several security checks to the bug reports and support requests areas of the IDE, so now they are better integrated on BLIde and they're not based on an embedded web service any more.

• New algorithm on the Advanced Modules Builder that uses a transversal iterative build mode that allows to build dependent modules on the right order




GfK(Posted 2013) [#2]
\o/


Tiger(Posted 2013) [#3]
My Antivirus program(Avast) don't let me run this update.
Is it some virus in it?


Chalky(Posted 2013) [#4]
I had the same problem - but only if I tried to download the update from within BLide. If I logged into the BLide customer area via a browser the update downloaded fine - with no complaint from Avast! - and I was then able to install it.


GfK(Posted 2013) [#5]
Avast is getting as bad as Norton in thinking everything is a virus.


ziggy(Posted 2013) [#6]
There's no virus on it. Also, the set-up system used does include a self-contained checksum that checks if the download has been modified or the data contained has been modified to prevent some viruses being inject at a later stage. It may be a false possitive.
Feel free to send the set-up file for examination to Avast. I think the way that an EXE is downloading an executable in a temp folder, and executing it with install privileges can be seen as something "dangerous" for some AV and that can raise some false possitives. It's weird, but if it is a problem, you can always make a manual update from the website (get latest update and install it).


Derron(Posted 2013) [#7]
Although I am quite sure you are not putting viruses in your executables I have to add something here:


Also, the set-up system used does include a self-contained checksum that checks if the download has been modified or the data contained has been modified to prevent some viruses being inject at a later stage.



You have an EXE file (more specific: a wrapper containing the setup instructions, a checksum - and the data which has to get installed and which was used to build the checksum). Hmmm why should I change the installed data if I can inject right into the wrapper. If I do not want it that way I can alter the checksum used by the wrapper to my modified data.
But I assume you mean your "download providing" script checks the checksum before providing the download file to the user.
The security risk is there the providerfile or the file containing the checksums. Both could be compromised somehow.

So to sum up: you will not be able to guarantee a virus-free-binary-file at all (as it could get infected on compilation, wrapper-build etc...). But like you (ziggy) said: feel free to examine the file with some AV-tools.


bye
Ron

PS: Ziggy, this is no rant against you, I just wanted to state that it could be possible and you should take such notes from customers serious at all times.


ziggy(Posted 2013) [#8]
You have an EXE file (more specific: a wrapper containing the setup instructions, a checksum - and the data which has to get installed and which was used to build the checksum). Hmmm why should I change the installed data if I can inject right into the wrapper. If I do not want it that way I can alter the checksum used by the wrapper to my modified data.
But I assume you mean your "download providing" script checks the checksum before providing the download file to the user.
Of course it's possible but you'll have to design a virus specifically for this configuration. That said. I check all the updates with Nod32 AV before commiting them. Take into consideration that the checksum includes the wrapper too.

anyway, the checksum is just a way to make it more dificult for this kind of viruses to modify the set-up package. anyway, we can create a thread to discuss ways to protect updates system. But this is not the intention of this thread. People should have a good AV system on their windows machines, and understand that sometimes some AV can cause false positives.

To sumarize: The BLIde update system, AFAIK, is very secure, but not infalible. I don't think any system is infalible. But it it safer than most zip based update systems.


Hardcoal(Posted 2013) [#9]
Please Put Back and forward buttons on your editor.

It doesnt sound so complicated just to make memory buffer for the last points you have been and its really helpful


GfK(Posted 2013) [#10]
You can add bookmarks to your code to do that. ;)


Hardcoal(Posted 2013) [#11]
I know about bookmarks but Im not sure it will do the task I want
But Ill try. tnx

After 5..Min

Well Ive checked it and nope thats not what I wish for.
Shame..