We Have Moved!

This blog has been retired and will receive no new content. To read new Cranial Soup articles, please visit our new location.

Saturday, December 06, 2008

AutoHotkey is NOT a Virus, Worm, or Trojan!

AutoHotkey I am so sick and tired of irresponsible antivirus companies unfairly flagging compiled AutoHotkey (AHK) scripts as viruses, trojans, and worms.

AutoHotkey is a free, open source scripting language, just as much as Perl, Python, Ruby, or JavaScript is a scripting language.

There is nothing wrong with the language itself, nor is there anything wrong with most scripts written in it. A lot of really awesome, useful, Windows utilities have been developed in AutoHotkey.

The language is powerful, easy to learn, enables you to write Windows utilities very quickly, and you can compile them to .exe and distribute them to others that don't have AutoHotkey installed, or you can give them the source script (.ahk) and they can run that if they do have it installed.

The problem is that there are idiots that will write malware in AHK, just as there are idiots that will write malware in any other programming language. You can't blame the language for this. And you can't blame all the developers that use the language, either.

But that is exactly what the antivirus companies are doing. They have decided that if a single person writes and compiles malware in AHK, then all compiled AHK scripts are malware. This results in tons of false positives, ruined reputations of innocent programmers, and a mistrust in AHK applications by the general public.

Developers have repeatedly contacted antivirus companies and complained, which after enough outcry from programmers and the public will result in them fixing the problem with the false positives. That is until a new version of AutoHotkey is released. Then the antivirus vendors get amnesia and forget that AutoHotkey is a language again, and flag all utilities made with it as malware, once again.

Lather, rinse, repeat.

This has been going on for a few years now and it's a viscous cycle that needs to stop.

I have written utilities that I would love to distribute to the public, with the source code, but I am afraid of putting them on my website, out of fear that my reputation will be destroyed by the stupidity of the antivirus companies.

This is unacceptable behavior on their part. Can you imagine if these antivirus companies decided to pick on another programming language and did the same thing they do to AutoHotkey? Can you imagine if every six months they decided that all applications written in C/C++ were malware? Or anything compiled with Microsoft's Visual Studio was malware? How about if they decided that all JavaScript was malware? You wouldn't be able to load most web pages or run most of your software. If they did that, those antivirus companies would all be out of business very quickly.

But that is exactly what they are doing. And AHK is the language they are picking on.

I am asking all developers and AHK users to join an organized effort to take the bull by the horns and petition the antivirus companies to stop the unfair treatment of our software.

10 comments:

Anonymous said...

Amen!!
Great essay app.

App said...

Thanks, mouser.

Anonymous said...

Great initiative, guys!

App said...

Wow! It's the great Skrommel, himself. I feel so honored. :-D

You have created an impressive collection of scripts that not only serve as tools for those that wish to use them, but as the greatest collection of example code to learn from.

You have gone out of your way and provided so much for so many, without ever asking for anything in return. Your generosity and skill is inspiring.

It's developers like you that motivated me to make this post.

To those that know you, something like this couldn't possibly tarnish your name.

But for those that don't, it's unfair that these companies are allowed to drag your reputation through the mud, like they do.

And it is unfair to those that aspire to follow in your footsteps, that they are handed an unfair disadvantage and never given a chance to develop a reputation they deserve, based on their skills, and instead are branded incorrectly as malware creators.

Nobody should have to endure this kind of abuse because of their choice in programming language.

Matt Dell said...

I have struck this problem in the past too. Funny how a free program gets less play with the big AV companies than commercial ventures.
Does anyone know of any AV product that does work properly with AHK?

App said...

There are plenty of other open source compilers that don't have these issues. I don't believe it has anything to do with AHK being free.

I am also not aware of which AV's don't have issues with it. I haven't had too much in the way of problems with AVG Free, but I have had other false positives from AVG that really annoyed me, and some of them with my own software.

I wrote a Javascript game and used an application that allows you to bundle an entire website, graphics & all into an .exe file. AVG went nuts over it, claiming it was spyware and nothing I did would allow it to be excluded. I kept getting warnings every time I rebooted my machine till I deleted the compiled version of the game. I eventually recompiled it with something else it didn't have an issue with.

A friend had a similar experience with compiling one of his Javascript games with the same thing I used.

There are also quite a few anti-spyware applications that are not friendly to Delphi developers, and will flag certain source code files that are never distributed with your compiled application (unless it's open source) as a Kazaa trojan, based on file extension alone. They never flag the compiled executable, though. If an anti-spyware app calls my source to a simple notepad application a Kazaa trojan, I know right away it's crap and to uninstall it. Regular people and non-Delphi developers don't usually have the luxury of that kind of test, though.

The big problem is if you are making things for yourself, having an AV that doesn't have an issue with AHK is fine, but you really can't control what AV other people run on their own machines, and distribution is where you will run into this problem, constantly.

s.decerf said...

yes,yes,yes
thats wath everyone on autohotkey is thinking!!!
thank you!


sam
decerf


belgium

AutoHotkey said...

Just for the record: it's spelled/cased: AutoHotkey (capital A, capital H, lowercase k)
(soo many people all over the net get this wrong!, even supporters, like here)

Sorry, old post said...

Wow, didn't know this was posted in 2008, sheesh.

app said...

It's never too late to correct a mistake. I appreciate your comment, no matter how old this post is.