"Flagged by windows as a virus"
WRONG Windows Smart Screen is a part of the Windows security system and is meant to protect users from apps that may harm their computers. Essentially, the way it does this is by keeping a large databse of blacklisted and whitelisted applications. If your app is blacklisted (Likely because Windows thinks it may contain a virus) windows will display a Smart Screen popup and you will likely get a notification from Windows Defender. The problem, is the application whitelist. If your app isnt explicitly whitelisted by Microsoft, windows will display the same exact popup as if it was a virus. You can even see in Retro's video that is said it was from an Unknown Publisher. Since out app has not built a repuation with the Microsoft databaes yet, windows will display a popup.
If windows displays the same message for known malware and unrecognized software, how can I be sure that Cloaks+ is not actually a malicious program? This ties into the next claim by Retro:
"Confirmed to contain trojans"
WRONG Virus total (the website used in the video) is a free website where you can upload any file and it will run it against several dozen AntiVirus softwares. Given how many different AVs it uses to scan the file, it's possible that a small amount might think it contains malware when it actually doesnt. This is known as a "false positive", and they are quite common. Only 2/69 AVs flagged it which is negligible. If the Cloaks+ installer actually contained malware (which it doesnt), more than 1 or 2 AVs would be able to pick that up. Also, this isnt a super valid point, but the Antiviruses shown to detect Cloaks+ as being malicious are AVs that I have personally never heard of which means they probably aren't super reputatble (but thats another discusion).
Now, it is important to note, that the exe scanned in the video was from the old indtaller. Since then we have released a brand new installer and we are proud to say that it does not get flagged whatsoever by any of the AVs on Virus Total. Aditionally, the code is open source and publically available in the official CloaksPlus Github page for anyone to review themselves or contribute to.
The next section:
"It's coded wrong and that's why it contains a RAT"
WRONG This claim was partially made (but taken out of context) by a member in our discord server who was awaiting an interview for a staff position. First of all they weren't even staff so they probably dont know much about how the code works. At one point on of the devs simplified the virus flag as "It's coded wrong" or "It's not professionally coded" because not many people would understand the actual technical terms. In hindsight this was a bad way to simplify the issue, but that's in the past and we cant change that. The real reason is mentioned above, but this oversimplified excuse didnt provide the full context for the issue at hand. This oversimplification was picked up by some of the members of the discord but is not true at all.
Also, the code does not contain any RATs (Remote Access Tools) and does not do anything harmful to your computer. ALL of the code is available on github and anyone who knows how C# apps work would be able to confirm that the installer only has one function. It's a fancy way to write one line to a file. It is exactly the same as the manual installation method, but it does is automatically and is faster for users who aren't really sure what they are doing. If anyone can find a place in the code where the installer puts a RAT on your computer I will personally PayPal you $200 (I am serious), but I know that it doesnt exist so I won't ever need to pay anyone.
Why does the installer ask for Administrator permissions? Thats S U S
The installer requires Administrative permissions on your computer so that it is able to modify the hosts file. The hosts file is simply a text file on your computer which tells Windows to redirect traffic bound a specified domain to a different IP address. Windows requires that you have administrative permissions to modify it because otherwise any program could potentially redirect all of your user data somewhere that it shouldnt belong. Almost every installer out there requires Administrative privelleges, so Cloaks+ is not anything special. Again the code is available on github, and it is very clear that it only modifies one line, and that's it.
How can I be sure that the Installer is actually using the same code that is on GitHub?
Good question. if you really think we are that scummy then I have news for you. C# is not like C or C++ where it compiles down to machine code. Instead, buried in the exe file are traces of the original code which can be completely decompiled to reveal the underlying code. The Installer can be easily decompiled using a free progam such as dotPeek or DNSpy
Will you every be able to get rid of the Windows Smart Screen pop up?
Yes, it will eventually be possible for us to remove the Smart Screen popup, but it requires us to purchase a Code Signing certificate which costs a minimum of $50. Once we make enough money from donations, we will be investing in one of these certificates to secure our application and to show users that the code is not malicious.