What do we do to keep Greenshot clean from malware and viruses
Every now and then we get reports of users who have anti-virus software which detects something in Greenshot, and they are wondering how secure Greenshot actually is.
First, we strongly recommend to always download Greenshot from our official website
- there have been reports about some (even popular) software portals offering wrapped installers of open source projects, bundling adware or even malware with the original installer. Also the installers for download are often outdated or “nightly builds” which might be buggy and are not intended to be used by a wide audience.
Although there is no 100% guarantee of building an application which is not infected. We have set a high standard, I would say much higher as some software you must pay for.
The following describes how we work to keep Greenshot clean:
- Greenshot only contains program code which we place into our Github Open Source repository, everybody can look into it meaning there are no secrets.
- Only we decide what ends up in our repository, and with that what ends into Greenshot. The community can supply us with changes but those are approved by us before moved into Greenshot.
- Thanks to the nice people at AppVeyor Greenshot is built on a clean Windows image, not on our PCs. This has 2 advantages:
- The Windows installation is never used by people and reset every time before a build starts. This makes sure that the Windows installation is not infected.
- There is no chance that some modification ends up in Greenshot, which is on our system but not pushed to github.
- We check Greenshot with Virus Total before we make it available to the public
- We sign our product with a code signing certificate, since 1.2.9, so people can detect if someone tampered with the files.
So, as long as you download via our site you should be fine.
About those people who reported that their anti-virus software detected something, up to now I think we did our work as:
- some never replied back to our question from where they downloaded Greenshot.
- some downloaded Greenshot from elsewhere, not from our site.
- the others were identified as false positives.