Most Secure Portable Project Gets Even Better: Antivirus Scan Links, SHA-256, and more

John T. Haller's picture
Submitted by John T. Haller on April 15, 2019 - 1:10pm is proud to announce the addition of Antivirus Scan links and the rollout of SHA-256 hashes to app download pages. is already the most secure portable software project with antivirus scanning of every app release, hashing of every app release, hash checking by the Platform of every app downloaded, packaging in the secure Format with CRC self-checks that prevent and detect alteration, digital signing with SHA-256 digests of our tools, platform, in-house apps, open source apps, and closed source apps (where possible/appropriate), and lots more. As of today, it gets even better.

We've added an 'Antivirus Scan' link below the download button on the portable app homepages. For our apps 200MB and smaller, this will link you to the online antivirus scan results from 60+ antivirus engines. For apps larger than 200MB, we scan in-house using Microsoft Defender, ClamWin, and at least one free antivirus engine (AVG, Avast, etc) and the link takes you to an explanation of this. We will be adding details of the engine and definitions used for each scan in an upcoming update. Note, of course, that with any set of dozens of antiviruses, some of them will have false positive issues.

We're also adding SHA-256 hashes to our app pages directly, so you can manually verify your downloaded copy regardless of the toolset you use. You'll find the hashes in the Download Details section of the app pages, which you can quickly scroll down to by clicking the Details link below the download button.

The antivirus scan links are live now to all app download pages in the updated format. Older and less popular app pages will be updated shortly. SHA-256 hashes are being rolled out with app updates and page updates over the coming weeks.

We take your digital safety and ours seriously, which is why we've had security measures like this implemented for over a decade. Events like the CCleaner hack a little over a year ago, which was distributed to users of other portable projects without appropriate security underscore the importance of these efforts. We're always looking for ways to improve and will continue to do so.

Happy (and safe!) portable-apping!

Story Topic:


John T. Haller's picture

Bkav is an obvious false positive. Anything under 4 is an obvious false positive. Even up to 6 is fine if it's all minor engines like Bkav. Bkav in particular has tons of false positive issues. I may add some guidance for the results in the form of an interstitial page when clicking for virus results with an explanation of how to read them. As a general rule, we ignore false positives in engines like Bkav due to their frequency and difficulty/impossibility of removal.

As mentioned above, we don't digitally sign everything when it comes to closed source freeware: "closed source apps (where possible/appropriate)". Just specific apps when we have a setup with their publisher.

Sometimes, the impossible can become possible, if you're awesome!