Extensions :
K-Meleon Web Browser Forum
Hello guys.
I just downloaded your browser on my old computer.
I installed the K-meleon extension manager, as I often do, I scanned the package on virustotal.com and I notice that some engines detect a virus.
Why does this happen? Is it safe to use?
Thank you
https://www.virustotal.com/gui/file/b3f646c170802af41f04db79dc26c84bbdc203214f1b26e3bc4d26430753cc9a/detection
I'd say is safe. I wouldn't bet for it because I don't use it, but shouldn't be anything to worry.
Probably it is because they detect it comes for an AutoIt source (available in the downloaded zip) and they say it is malware as a handful of virus nowadays are made with it.
You can inspect the source code. As I said, it is available in file.
Nothing seems to look harmful to me. But I don't know.
To be fair, I don't know who maintain it (according the zip file last time on 2016), or who maintains kmext.sourceforge.net (I never knew if it was Dorian, Jujuland, Guenter, desga, disrupted or anyone else (K-meleon admins and/or developers)), but shouldn't be worries about the files on the site.
Note: the above may seem alarming, but are only my thoughts.
Mostly must be what is said above. I tested on my system and no undesired changes have been made. And the downloader it is an executable that hasn't been modified in over 10 years.
Edited 1 time(s). Last edit at 10/01/2020 06:46PM by JohnHell.
Thanks friend.
We await an opinion from the developers
You won't have, just saying.
The latest developer for this extension disappeared long ago.
I'm just saying that all in kmext is safe (I should have saved "that" paragraph). Whatever an antivirus says by their heuristics, is fine, but the source code is there and there isn't any harm.
Edited 1 time(s). Last edit at 10/01/2020 10:23PM by JohnHell.
I feel I need to clear the above.
I'm, among a few others, one of the last-standing men and current administrator.
As is, doesn't mean anything, as I may be wrong, but you shouldn't delude yourself expecting an answer that won't come, and accept this answer as the, not most, but almost, accurate answer you will have.
Edited 2 time(s). Last edit at 10/01/2020 11:05PM by JohnHell.
Hello John.
I think I understand that the addon is safe, right?
But does browser development continue or will it be stopped?
The browser seems to work fine, and light.
Thank you
As far as I can tell, my opinion is yes.
The shell itself, and so the compatibility with new Gecko engine versions, is on halt and no one knows for how long.
The browser is lacking developers right now.
But the engine is being updated with Goanna (Palemoon 27.x engine version) by roytam on his builds (Goanna unofficial versions development subforum).
Virus warnings:
As JH said already, some of the more powerful extensions (like ExtManager, itself an extension) are created with AutoIt and compressed with UPX. This upx format is the prob, it has always been infamous for getting false positive alerts if scanners cannot look inside. Not because they detected anything, just because they cannot check it. At any rate that's what their authors explained here in the past while still being around, personally have no clue of such stuff.
Just a note for readers who may not be aware:
K-Meleon extensions can also be installed WITHOUT needing any manager at all (just by dropping their files into matching folders, with a file manager).
The purpose of ExtMgr is only to provide a GUI to make things a bit easier, especially for people who are used to have such managers ;-) And it's meant mainly for bigger extensions with a bunch of files in several folders, just as reminder which ones. But ExtMgr can only work anyway if the extension author included a special little file list for it, /kmextensions/*.ini Other extensions without such a file will not show up in it anyway.
KM uses different extension types, which are managed in different places:
ALL installed kmm-macros are listed and switchable in F2 > KM Plugins > Macro Extension. A whole bunch comes already included out-of-box, most are necessary for core functions.
Some extensions contain a kmm-macro with a bunch of other files. Those "other files" are not listed anywhere - except if author included a little info file for kmextensions/*.ini, meant only for this ExtManager. In general it's a good idea to keep the original 7z-packages somewhere, to later remember which files came with it, when wanting to uninstall them again.
By the way all younger extensions from recent years are only posted here in the forum. KMEXT would be handy but sadly not maintained anymore since years.
KM's native own plugins in folder "KPlugins" show up in F2 > KM Plugins, and can be toggled there. But cautious when disabling, most are also needed for normal function. Regarding user extensions, almost none available which add any kplugins, just perhaps 1-2 in the far past.
KM also uses global SYSTEM Plugins automatically, those show up in Help > About Plugins. But this page is only for info, not for toggling. I assume there's probably a config for those in one of the "about:" pages in younger KM-versions, but not quite sure (stuck on older version myself). And MimeType configs...
But in general system plugins can also be toggled on "about:config" page, filtering for "plid" prefs. For example in older KM-versions setting pref "plugin.scan.plid.all=false" disables all global system plugins, except those which have an own pref and it's set to true. In younger KM versions it's more complicated, involving more prefs for better finetuning. Test&See is often the motto for KM ;-) But better make a backup copy of profile folder first, or at least file "prefs.js".
.
A "younger" extension type for KM are XPI-Addons, adopted from Firefox/PaleMoon. But sadly without expert updates only very few actually work in KM too - and the main prob is: hardly any experts around anymore, rather none
(roytam is only working on engine stuff) So today the rest of us here can only fix a bit easy stuff ourselves, mainly create menulines or buttons but only for simple stuff like toggling prefs or opening URLs. Best chance for xpi "addons" is searching here in forum, chapter extensions, if in the past an addon was already adopted.
For managing XPI-addons, those show up in page "about:addons" like in Firefox too. That whole module is so far only inherited unmodified from the engine, not adjusted for KM-shell, so not everything works in KM too (e.g. forget about "Themes" here, KM uses own skins, posted in "Graphics" subforum). Probably due to this "unfinished" state KM doesn't include yet a menu to open such engine configs. But no prob, to get a menu, users can download tiny macro "AboutAbout" and edit it as wished (and I hope some day someone with FF experience can make a little list which of the many about-pages make sense in KM and which not yet).
(Side note: page "about:about" shows the big config package "inherited" from the engine. Same module as in other related browsers, but attention: not converted for KM yet! So don't trust those settings too blindly since not all apply to KM-shell too. KM has it's own traditional config which opens with F2-key, and a bit other stuff shattered in menus)
If such an XPI-addon cannot be "uninstalled" on page "about:addons", that usually just means the xpi-file is not placed in the profile, but in KM program folder. To uninstall just remove that xpi-file.
All about K-Meleon extensions.
Threats in the K-meleon extension manager?
Posted by:
Richy
Date: October 01, 2020 09:03AM
Hello guys.
I just downloaded your browser on my old computer.
I installed the K-meleon extension manager, as I often do, I scanned the package on virustotal.com and I notice that some engines detect a virus.
Why does this happen? Is it safe to use?
Thank you
https://www.virustotal.com/gui/file/b3f646c170802af41f04db79dc26c84bbdc203214f1b26e3bc4d26430753cc9a/detection
Re: Threats in the K-meleon extension manager?
Posted by:
JohnHell
Date: October 01, 2020 06:42PM
I'd say is safe. I wouldn't bet for it because I don't use it, but shouldn't be anything to worry.
Probably it is because they detect it comes for an AutoIt source (available in the downloaded zip) and they say it is malware as a handful of virus nowadays are made with it.
You can inspect the source code. As I said, it is available in file.
Nothing seems to look harmful to me. But I don't know.
To be fair, I don't know who maintain it (according the zip file last time on 2016), or who maintains kmext.sourceforge.net (I never knew if it was Dorian, Jujuland, Guenter, desga, disrupted or anyone else (K-meleon admins and/or developers)), but shouldn't be worries about the files on the site.
Note: the above may seem alarming, but are only my thoughts.
Mostly must be what is said above. I tested on my system and no undesired changes have been made. And the downloader it is an executable that hasn't been modified in over 10 years.
Edited 1 time(s). Last edit at 10/01/2020 06:46PM by JohnHell.
Re: Threats in the K-meleon extension manager?
Posted by:
Richy
Date: October 01, 2020 10:06PM
Thanks friend.
We await an opinion from the developers
Re: Threats in the K-meleon extension manager?
Posted by:
JohnHell
Date: October 01, 2020 10:22PM
Quote
Richy
Thanks friend.
We await an opinion from the developers
You won't have, just saying.
The latest developer for this extension disappeared long ago.
I'm just saying that all in kmext is safe (I should have saved "that" paragraph). Whatever an antivirus says by their heuristics, is fine, but the source code is there and there isn't any harm.
Edited 1 time(s). Last edit at 10/01/2020 10:23PM by JohnHell.
Re: Threats in the K-meleon extension manager?
Posted by:
JohnHell
Date: October 01, 2020 11:04PM
I feel I need to clear the above.
I'm, among a few others, one of the last-standing men and current administrator.
As is, doesn't mean anything, as I may be wrong, but you shouldn't delude yourself expecting an answer that won't come, and accept this answer as the, not most, but almost, accurate answer you will have.
Edited 2 time(s). Last edit at 10/01/2020 11:05PM by JohnHell.
Re: Threats in the K-meleon extension manager?
Posted by:
Richy
Date: October 07, 2020 12:20PM
Hello John.
I think I understand that the addon is safe, right?
But does browser development continue or will it be stopped?
The browser seems to work fine, and light.
Thank you
Re: Threats in the K-meleon extension manager?
Posted by:
JohnHell
Date: October 07, 2020 08:08PM
Quote
Richy
Hello John.
I think I understand that the addon is safe, right?
As far as I can tell, my opinion is yes.
Quote
Richy
But does browser development continue or will it be stopped?
The shell itself, and so the compatibility with new Gecko engine versions, is on halt and no one knows for how long.
The browser is lacking developers right now.
But the engine is being updated with Goanna (Palemoon 27.x engine version) by roytam on his builds (Goanna unofficial versions development subforum).
Re: Threats in the K-meleon extension manager?
Posted by:
siria
Date: October 08, 2020 03:27AM
Virus warnings:
As JH said already, some of the more powerful extensions (like ExtManager, itself an extension) are created with AutoIt and compressed with UPX. This upx format is the prob, it has always been infamous for getting false positive alerts if scanners cannot look inside. Not because they detected anything, just because they cannot check it. At any rate that's what their authors explained here in the past while still being around, personally have no clue of such stuff.
Just a note for readers who may not be aware:
K-Meleon extensions can also be installed WITHOUT needing any manager at all (just by dropping their files into matching folders, with a file manager).
The purpose of ExtMgr is only to provide a GUI to make things a bit easier, especially for people who are used to have such managers ;-) And it's meant mainly for bigger extensions with a bunch of files in several folders, just as reminder which ones. But ExtMgr can only work anyway if the extension author included a special little file list for it, /kmextensions/*.ini Other extensions without such a file will not show up in it anyway.
KM uses different extension types, which are managed in different places:
ALL installed kmm-macros are listed and switchable in F2 > KM Plugins > Macro Extension. A whole bunch comes already included out-of-box, most are necessary for core functions.
Some extensions contain a kmm-macro with a bunch of other files. Those "other files" are not listed anywhere - except if author included a little info file for kmextensions/*.ini, meant only for this ExtManager. In general it's a good idea to keep the original 7z-packages somewhere, to later remember which files came with it, when wanting to uninstall them again.
By the way all younger extensions from recent years are only posted here in the forum. KMEXT would be handy but sadly not maintained anymore since years.
KM's native own plugins in folder "KPlugins" show up in F2 > KM Plugins, and can be toggled there. But cautious when disabling, most are also needed for normal function. Regarding user extensions, almost none available which add any kplugins, just perhaps 1-2 in the far past.
KM also uses global SYSTEM Plugins automatically, those show up in Help > About Plugins. But this page is only for info, not for toggling. I assume there's probably a config for those in one of the "about:" pages in younger KM-versions, but not quite sure (stuck on older version myself). And MimeType configs...
But in general system plugins can also be toggled on "about:config" page, filtering for "plid" prefs. For example in older KM-versions setting pref "plugin.scan.plid.all=false" disables all global system plugins, except those which have an own pref and it's set to true. In younger KM versions it's more complicated, involving more prefs for better finetuning. Test&See is often the motto for KM ;-) But better make a backup copy of profile folder first, or at least file "prefs.js".
.
A "younger" extension type for KM are XPI-Addons, adopted from Firefox/PaleMoon. But sadly without expert updates only very few actually work in KM too - and the main prob is: hardly any experts around anymore, rather none
(roytam is only working on engine stuff) So today the rest of us here can only fix a bit easy stuff ourselves, mainly create menulines or buttons but only for simple stuff like toggling prefs or opening URLs. Best chance for xpi "addons" is searching here in forum, chapter extensions, if in the past an addon was already adopted.
For managing XPI-addons, those show up in page "about:addons" like in Firefox too. That whole module is so far only inherited unmodified from the engine, not adjusted for KM-shell, so not everything works in KM too (e.g. forget about "Themes" here, KM uses own skins, posted in "Graphics" subforum). Probably due to this "unfinished" state KM doesn't include yet a menu to open such engine configs. But no prob, to get a menu, users can download tiny macro "AboutAbout" and edit it as wished (and I hope some day someone with FF experience can make a little list which of the many about-pages make sense in KM and which not yet).
(Side note: page "about:about" shows the big config package "inherited" from the engine. Same module as in other related browsers, but attention: not converted for KM yet! So don't trust those settings too blindly since not all apply to KM-shell too. KM has it's own traditional config which opens with F2-key, and a bit other stuff shattered in menus)
If such an XPI-addon cannot be "uninstalled" on page "about:addons", that usually just means the xpi-file is not placed in the profile, but in KM program folder. To uninstall just remove that xpi-file.
English