PortableApps.com is proud to announce the addition of Antivirus Scan links and the rollout of SHA-256 hashes to app download pages. PortableApps.com is already the most secure portable software project with antivirus scanning of every app release, hashing of every app release, hash checking by the PortableApps.com Platform of every app downloaded, packaging in the secure PortableApps.com Format with CRC self-checks that prevent and detect alteration, digital signing with SHA-256 digests of our tools, platform, in-house apps, open source apps, and closed source apps (where possible/appropriate), and lots more. As of today, it gets even better.
We've added an 'Antivirus Scan' link below the download button on the portable app homepages. For our apps 200MB and smaller, this will link you to the online antivirus scan results from 60+ antivirus engines. For apps larger than 200MB, we scan in-house using Microsoft Defender, ClamWin, and at least one free antivirus engine (AVG, Avast, etc) and the link takes you to an explanation of this. We will be adding details of the engine and definitions used for each scan in an upcoming update. Note, of course, that with any set of dozens of antiviruses, some of them will have false positive issues.
We're also adding SHA-256 hashes to our app pages directly, so you can manually verify your downloaded copy regardless of the toolset you use. You'll find the hashes in the Download Details section of the app pages, which you can quickly scroll down to by clicking the Details link below the download button.
The antivirus scan links are live now to all app download pages in the updated format. Older and less popular app pages will be updated shortly. SHA-256 hashes are being rolled out with app updates and page updates over the coming weeks.
We take your digital safety and ours seriously, which is why we've had security measures like this implemented for over a decade. Events like the CCleaner hack a little over a year ago, which was distributed to users of other portable projects without appropriate security underscore the importance of these efforts. We're always looking for ways to improve and will continue to do so.
Happy (and safe!) portable-apping!
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Comments
Nice! But what about actual detections?
If you display scan results, you have to face the consequences, whether they're false positives or not.
The very first app in the homepage, as of now, is https://portableapps.com/apps/accessibility/balabolka-portable which results links to:
False Positives
Bkav is an obvious false positive. Anything under 4 is an obvious false positive. Even up to 6 is fine if it's all minor engines like Bkav. Bkav in particular has tons of false positive issues. I may add some guidance for the results in the form of an interstitial page when clicking for virus results with an explanation of how to read them. As a general rule, we ignore false positives in engines like Bkav due to their frequency and difficulty/impossibility of removal.
As mentioned above, we don't digitally sign everything when it comes to closed source freeware: "closed source apps (where possible/appropriate)". Just specific apps when we have a setup with their publisher.
Sounds good
An interstitial that mentions both issues will indeed be helpful.