Are you sure the software is safe ?

Asked by froitu on 2016-03-14

Real bad score on Virustotal.

I just wanted the software because I wanted a secure erasing program, but it appears that I scan every software on virustotal before installing.

When I put down there the software for analysis, the score was really bad : https://www.virustotal.com/fr/file/cb63ff77cacbe649fdc25f3d8e5f82832de720ecf1558864772caf31b88fda4f/analysis/1457929814/

Because I am a Windows user and I am very careful... I hope that will be fixed soon.

Also, I have seen the FAQ : "Q: Is BleachBit "safe"? "
"A: BleachBit identifies and organizes the files you are most likely want to delete. For a few options which are most likely to cause you regret, it shows a popup warning.[...]"

I know the software is open-source, so easily inspectable, but as I don't have any deep code inspection knowledge neither experience, how can I believe you ? I am a true script-kiddie.
I understood why it could be safe, but I don't understood how I can trust you : Is there any reference ? Thinking about references like we can easily find on any privacy-oriented software : torproject.org, tails.boum.org,... , like "approval of EFF" etc.

I hope I am not too much asking, and I hope there will be an answer. Thanks a lot.

I removed some links and questions I puted here which aren't relevant for two reasons :
- Thoses are for Linux Users, which is a total different OS and I didn't inspect the packages differents from .exe
- Thoses are telling the program is bad because it has some deep cleaning functions that deep clean so it can hurt the OS. Whereas I am asking about how I can be sure there isn't some automated badware that will, for example, take my registred password to sell them on the deepweb ?

Question information

Language:
English Edit question
Status:
Solved
For:
BleachBit Edit question
Assignee:
No assignee Edit question
Solved by:
Andrew Ziem
Solved:
2016-03-14
Last query:
2016-03-14
Last reply:
2016-03-14
Andrew Ziem (ahziem1) said : #1

You have written a lot, so the short answer is YES.

It is normal for some antivirus software to have false positives, and in my opinion 2/56 is not "a very bad score." Some antivirus software gets confused because BleachBit on Windows uses UPX to reduce disk space usage. UPX is easy to decompress, so it is not hiding anything. Also, remember that BleachBit for Windos is digitally signed to prevent tampering.

The deep scan option cleans files with certain extensions, suck as .bak, and only in the user's profile folder. To prevent surprises, you can (and should) preview any operation.

froitu (froitu) said : #2

Ok, You did explain how or what is bad detected for someone who has a few code knowledge. Which isn't my case, sadly.

I don't want to take too much of your time asking you this, but it will really help me if you answer this last question.

I will be boring, but.. is there any good reference about this software, in computer magasines for example ?

Best Andrew Ziem (ahziem1) said : #3

Bruce Schneier is a security guru, and he has publicly mentioned he uses BleachBit. Do a web search for "Bruce Schneier BleachBit."

For example:

https://www.schneier.com/blog/archives/2013/09/how_to_remain_s.html

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

froitu (froitu) said : #4

Thanks Andrew Ziem, that solved my question.

froitu (froitu) said : #5

Thanks for those answer and sorry of taken of your precious time, for a such detail.

I will use and recommand this software and send to bin the ccleaner.