Is the NMM version 0.62.8 from github safe?

[FireHazardFX]

This is a short and sweet question, Is the NMM version 0.62.8 from this site https://github.com/Nexus-Mods/Nexus-Mod-Manager/releases/tag/0.65.8 the official update for the NMM? If not, is it a update from a reputable source?

 

I've done scans and it seems to be fine, but through this site https://www.virustotal.com/en/file/6c248baab22c718fc5dd982a8a99b1b21ed5495101ab9cc4fa34f22aecb0dbc9/analysis/ majority say it is also fine, except for one that says its a trojan virus. I'm more or less asking for a group opinion since I've not seen this version anywhere except from the site itself and from some people suggesting to get it from said site.

 

And i'm skeptical mainly because this has not been posted anywhere from what I could gather that tells people to get this fix, so I just find it kind of odd that if this is the official update for NMM I only have one question then. Why is it not on the main site to get the latest version of it?

[dubiousintent]

There is no "official" update to NMM. Nexus stopped support for it more than a year ago to focus on Vortex. They only released v0.65.4 because of the change required to meet the EU GDPR requirement. The GitHub version is "community maintained" and updated by volunteers. As such it is "open source" (GPL 2.0 license). The source code is made available for anyone to check out for hidden malware if they wish. So, that source is "official" as it gets today. It is always possible that the machine used to compile the distributed binaries was infected, but GitHub developers usually take care to prevent that.

 

As a professional who spent many years maintaining and supervising the antivirus efforts of a large organization I can assure you that many perfectly safe programs can trigger an "alert" from some AV program. They should always be checked out, but unless the alert is for a specific "zero day" problem just discovered, if the suspect passes multiple other scanners then it is probably just a false alarm. But you have to measure your own risk and how much you are willing to chance it versus the time to get it checked out. If you aren't willing to risk it, then submit the program in question to the vendor of the AV program in question so they can check it themselves to confirm or rectify their "false positive" code.

 

Be suspicious of "alerts" that are based on "heuristic analysis". Such analysis is simply detecting that the code has instructions to make changes to files; which is a perfectly valid operation for many programs. They are the most common cause of "false positives", but also the most likely to detect a previously unknown "zero day" release. Any alert which specifies a particular virus by name (other than something "generic") should be cross-checked against another site (such as VirusTotal) for scanning by other engines.

 

"Trojan:Win32/Inject.O" is a known virus. Microsoft has included detection of it in Windows Defender since 2008. If only one vendor (CMC: who is that?) out of 67 detected it, I wouldn't worry myself about it. If it was one of the big names in the field, then I would wait a few days to see what the others say.

 

The different AV vendors are never completely "in sync" with their ability to detect the latest known malware. They are in a constant race against the malware developers (and losing ground every day) as well as each other. There are literally thousands of variants of malware released every day. This is why you want to check suspicious files against multiple scanners.

 

-Dubious-

[FireHazardFX]

There is no "official" update to NMM. Nexus stopped support for it more than a year ago to focus on Vortex. They only released v0.65.4 because of the change required to meet the EU GDPR requirement. The GitHub version is "community maintained" and updated by volunteers. As such it is "open source" (GPL 2.0 license). The source code is made available for anyone to check out for hidden malware if they wish. So, that source is "official" as it gets today. It is always possible that the machine used to compile the distributed binaries was infected, but GitHub developers usually take care to prevent that.

 

As a professional who spent many years maintaining and supervising the antivirus efforts of a large organization I can assure you that many perfectly safe programs can trigger an "alert" from some AV program. They should always be checked out, but unless the alert is for a specific "zero day" problem just discovered, if the suspect passes multiple other scanners then it is probably just a false alarm. But you have to measure your own risk and how much you are willing to chance it versus the time to get it checked out. If you aren't willing to risk it, then submit the program in question to the vendor of the AV program in question so they can check it themselves to confirm or rectify their "false positive" code.

 

Be suspicious of "alerts" that are based on "heuristic analysis". Such analysis is simply detecting that the code has instructions to make changes to files; which is a perfectly valid operation for many programs. They are the most common cause of "false positives", but also the most likely to detect a previously unknown "zero day" release. Any alert which specifies a particular virus by name (other than something "generic") should be cross-checked against another site (such as VirusTotal) for scanning by other engines.

 

"Trojan:Win32/Inject.O" is a known virus. Microsoft has included detection of it in Windows Defender since 2008. If only one vendor (CMC: who is that?) out of 67 detected it, I wouldn't worry myself about it. If it was one of the big names in the field, then I would wait a few days to see what the others say.

 

The different AV vendors are never completely "in sync" with their ability to detect the latest known malware. They are in a constant race against the malware developers (and losing ground every day) as well as each other. There are literally thousands of variants of malware released every day. This is why you want to check suspicious files against multiple scanners.

 

-Dubious-

Interesting, thanks for helping me figure this out.

[dubiousintent]

Just to clarify: I should have said "If it was one of the big names in the field, then I would [quarantine the file and] wait a few days to see what the others say." Better safe than sorry.

 

(I always seem to forget something when I write it off the top of my head.)

 

-Dubious-