Thanks for the answer. So, the installer connects to internet, not Geany itself, right? In conclusion, the installer is safe, isn't it?
PS:Could I ask you which tools you use to monitor network activity and to grep whole Windows system?
----- Original Message -----
On 12/16/18 11:29 PM, Enrico Tröger wrote:
Hi,
On 12/16/18 10:37 PM, dany111@email.it wrote:
I don't want to sound paranoid but I've just scanned geany binaries with Hybrid Anlisys. I've got these results: https://www.hybrid-analysis.com/sample/109748fc6e6276462258ee104996fe29c9d82... In particular, could you explain me why the installer connects to the Swiss IP Address 194.230.81.170?
Interesting. I have not yet an explanation but am not panicly. The IP belongs to Akamai which is not per se anything bad but just a CDN. I'll try to get some more details.
I tested with my Windows system and the only network activity I saw was a request to www.msftncsi.com/ncsi.txt which is Microsoft's network connectivity check (https://blog.superuser.com/2011/05/16/windows-7-network-awareness/).
While www.msftncsi.com actually resolves to an IP address of the Akamai CDN IP range, it might be just accidental.
I would assume that Hybrid Analysis is smart enough to filter out Windows' own connectivity check from the tests.
Furthermore, I grepped my whole Windows system used for the release binaries for that IP address - without any matches.
If you are interested enough, it might help to contact Hybrid Analysis for support and/or debug the installer yourself to get more information than I gathered.
It might help to get some insights about how Geany for Windows is built. The used software and build instructions are documented in the wiki at https://wiki.geany.org/howtos/win32/msys2.
Regards, Enrico