Good catch!

I think this page on the Developer Program Policy for impersonation might cover this.

Quoted from the page (with emphasis on the item I think those apps violate):

We don’t allow apps that mislead users by impersonating someone else (for example, another developer, company, entity) or another app. Don’t imply that your app is related to or authorized by someone that it isn’t. Be careful not to use app icons, descriptions, titles, or in-app elements that could mislead users about your app’s relationship to someone else or another app.
Examples of common violations

Developers that falsely imply a relationship to another company / developer / entity / organization.

The developer name listed for this app suggests an official relationship with Google, even though such a relationship doesn’t exist.

Apps whose icons and titles are falsely implying a relationship with another company / developer / entity / organization.

The app is using a national emblem and misleading users into believing it is affiliated with government.

The app is copying the logo of a business entity to falsely suggest it is an official app of the business.

App titles and icons that are so similar to those of existing products or services that users may be misled.

I for one am going to flag those apps because of the icon/title collisions.

@Mark-Olson said in CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166:

Just want to observe that it looks like fixes have finally made it into master:

And into v8.5.7 RC, so the fixes will be in the next release in the very near future.

@PeterJones
Looks to me like the VirusTotal API was already considered a while back in this issue in the NppPluginList repo. ArkadiuszMichalski made some reasonable points about technical difficulty/feasibility of implementing this in a way that limits the annoyance of dealing with false alarms.

Of course, the post is more than two years old now, so maybe the API is better and more reliable now.

@Lou-Thomas said in Data from closed secure drive displayed in newly-opened Notepad++:

It seems that by design Notepad++ saves the content of such unsaved buffers, so perhaps that behavior was inappropriately applied somehow to files that were no longer available in their original locations when Notepad++ was freshly opened.

It’s not “inappropriately”. It’s working as designed. When you have the setting Settings > Preferences > Backup > ☑ Enable session snapshot and periodic backup, Notepad++ saves a copy of every edited-but-not-saved tab into the listed backup directory. It does not care whether there’s a file on the filesystem or not. If you exit when your “secure” file is edited but not saved, then (1) the copy on the “secure drive” will not be saved to the most recent state, so the real file will not be updated, and (2) the backup copy will be in Notepad++'s directory. When Notepad++ re-runs, it will see you had an unsaved document, and will open with the copy from the backup – it does not care whether that backup maps to a real file or not. (If it did, then the primary use for that feature – saving unnamed new 1-style files that have never had a filesystem name applied yet – would not work.)

If you don’t like that it’s storing the unsaved contents of documents in the backup drive, you can turn off the setting I indicated. (There’s no way to get a mix of the two behaviors; either all open tabs will have unsaved changes stored in backup when that option is on, or no open tabs will have unsaved changes stored in backup with that option is off.)

Of course if this behavior is confirmed it could result in secure data being unintentionally exposed.

If you deal with secure data, then onus is on you to understand how the applications you are using to handle that data deal with the data, and make sure your workflow with those applications does not violate your security protocols. Notepad++ cannot know and protect against every possible security protocol out there. Notepad++'s handling of backups and unsaved files is well documented, both here in our backup FAQ and in the npp-user-manual.org website that’s linked from Notepad++'s ?-menu Notepad++ Online User Manual (specifically, the Preferences > Backup section)

Great, thanks both for your comments.

@Eric-Reiss ,

The algorithms used at VirusTotal are unfairly biased toward automatically flagging any installer built with NSIS (because some viruses masquerade as NSIS installers). Notepad++ is not going to stop using the NSIS installer, so that means that VirusTotal will likely continue to false-flag it.

Per these results, there isn’t currently a false-flag on the official v8.5.3 64bit installer: https://www.virustotal.com/gui/url/5ed5d73a10561c63301ed2f56dd62402b0748880c93a03b147ed09de0864a783

So if you download it from the URL that the report scanned (https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.5.3/npp.8.5.3.Installer.x64.exe – which is the official download URL for v8.5.3), then it’s safe.

@Andrew-Non said in NSIS:HacktoolX-gen Malware/Avast:

What gives?

The “malware scanners” often confuse the NSIS installer/uninstaller signatures as being malware, because some malware uses NSIS installer/uninstaller. When enough users vote the notepad++ executable or installer/uninstaller safe, such warnings usually go away.

(That’s one of my biggest frustrations with such anti-malware ratings: they give an application a black mark without investigating first. Which makes them useless, because then people just learn to ignore their warnings since they give so many false positives)

@Gary-Collier said in License Fee:

installation of unpaid and unlicensed software is prohibited.

Who (allegedly) prohibits it? If it is an entity within your company, perhaps a more fruitful avenue would be to ask them to clarify their position on Free and Open Source Software, as the policy you were taught appears ambiguous. If the intent is to claim that it is prohibited by law, then the training material should be clarified, as it can be misunderstood to encompass Free and Open Source Software (installation of which is most certainly not prohibited by law).

Note that not all free software is Free and Open Source Software. Some products are free for personal use but require a license when used in business, government, etc. The trainers might have intended to indicate that it is your responsibility to be sure any software you install does not require a license to be used in the applicable context, even if it would be free for your personal use. Clarification would still be in order.

@Robbert-Jan-van-der-Meer

Then don’t upload it?!!
And storing passwords in plain text in files is not what you should do anyway.

@Bgnm-Indo, what did you do to clean your system?.
Thanks

@datatraveller1 said in Fake Notepad++ website:

Hi @PeterJones
Yes, strangely I also don’t get these “Ad” links anymore I used to get a few hours ago with my google search.

I think you can “report” such ads to Google, and they can take action, because it is in Google’s best interests to not be advertising dangerous sites and malware-“copies” of real software. presumably something like that happened. In the future, you might look into the ▼ menu that Google provides on such ads, and see if it has a “report” option.

@zeta-orionis ,

Viruses often masquerade themselves as installers (or embed themselves into standard installer executables or msi’s, like the NSIS installer that Notepad++ uses). So sometimes virus scanners associate the “signature” of normal/safe code of an NSIS installer as part of that virus, which then means the antivirus will flag any NSIS-based installer, like Notepad++. Usually they get enough complaints of false-positives that they fix their definitions pretty quickly. But it doesn’t always happen.

(Either that, or you didn’t download the Notepad++ from an official source – either from the “announcements” thread in this forum, directly from https://notepad-plus-plus.org/downloads/, or from https://github.com/notepad-plus-plus/notepad-plus-plus/ . Anyplace else is not supported and not guaranteed or warranteed.)

@Terry-R Thank you for answering my questions.
Though my company recently took away our PC administrator right, I can see the files which I was allow to view in the windows explore. So I guess that I do not need to tun Notepad++ as “admin” in order to be able to search key words crossing files as I always do.

I do not need to search any network drivers mapped.

The original user appears to have deleted their account.

Had they stayed, my response would have been that privacy is addressed in the FAQ. And as mentioned there, it is simple enough to sign up for an account with one or more of the OAUTH providers that gives the OAUTH provider no private information, so that the OAUTH provider cannot provide this Community Forum with any private information.

For future readers: changing the password does nothing, because there is no username/password login available. (The forum software will not allow us to hide that setting)

@uraniumcookie ,

That is an impersonation/spoof site. Do not trust downloads of Notepad++ from anyplace but notepad-plus-plus.org or github.com/notepad-plus-plus/notepad-plus-plus

@rdipardo said in Compare plugin detected as malicious by both JoeSandbox and Crowdstrike Falcon:

…it unpacks portable versins of sqlite3 and git2, which it needs to function; but these are flagged as potentially malicious “stowaways”:

Persistence and Installation Behavior

Drops PE files

Source: C:\Windows\SysWOW64\7za.exe
File created: C:\Users\user\Desktop\extract\ComparePlugin\sqlite3.dll

Source: C:\Windows\SysWOW64\7za.exe
File created: C:\Users\user\Desktop\extract\ComparePlugin\git2.dll

Source: C:\Windows\SysWOW64\7za.exe
File created: C:\Users\user\Desktop\extract\ComparePlugin.dll

Yes. It appears the sqlite3.dll and git2.dll files are the ones actually causing the Hybrid-Analysis sandbox to register the whole .zip as malicious as well. Not sure the best way to test them to verify they are good…

@serge-adourian Don’t download NPP from an unofficial site