TLauncher has no SpyWare! [Details]
It is a detailed analysis of rumors about the presence of SpyWare in TLauncher and its files. We will tell you about the fake evidence of anonymous researchers and other relevant things. This article will confirm that we are right and TLauncher is safe! There is no SpyWare in TLauncher!
If you haven’t read our first article that says that TLauncher is free from viruses, then feel free to read it first and try to find answers to some frequently asked questions.
Other articles about exposing fakes:
Are there viruses in TLauncher? Details!
Fakes about TLauncher virus checks
- Why do they make fake stories about you?
- Why do you download Java not from the official website but from your servers?
- Are Forge and Fabric downloaded from your servers?
- Are you allowed to collect analytics data?
- Do you edit server files and block servers?
- Is there anything strange when unpacking installer files?
- What is TL SKIN CAPE and how does it relate to Java?
- Are there false positives generated by Jiangmin, SecureAge?
- Can I download TLauncher from other sites?
- Do you install something without the user knowing?
- Can I delete my TLauncher account or collected analytics?
- Are all those who spread fakes about you bribed by competitors?
- Results
We cannot cover all those things described by “expert bloggers” since it is not clear what they mean and where to check this. We focus on material evidence published in various sources. But for some reason, their authors often keep silent about many important things and put TLauncher in a negative light...
Why do they make fake stories about you?
It is better to ask those who make fakes about us. But will they tell you the truth? Competitors always work using the same methods. Therefore, a blogger attack is a rather common thing. You may have trust in some YouTube bloggers and you will install what they advertise and delete what they criticize without any proof. What is happening is that they do not hesitate to advertise programs that have viruses according to VirusTotal... Although a minute ago, you were told about “viruses” in our program. How much are they paid to release such weird videos? Probably a lot...
Why do you download Java not from the official website but from your servers?
As strange as it may sound, this caused a negative reaction. The reasons for this decision are obvious and there are quite a few of them. One of the main reasons is the blocking of Java downloads in various countries, as well as some other restrictions. Europeans and Americans do not understand this, but their IT companies block downloads of free products for “sanctioned” countries (for example, Sudan). This video demonstrates downloading when in a “sanctioned” country and its blocking. We’re talking about the Oracle website (Java developer).
Video Mirror: https://gyazo.com/0e39b6cd8cad89e595b7716b48781f25
Other technology companies also block downloads. Just enter the following phrase in Google search: “Company name” download blocking for the country. For example, Intel has blocked access to its website from all over Russia.
Screenshot message: We have immediately suspended all business operations in Russia. This follows our previous decision to suspend all deliveries to customers in Russia and Belarus.
Microsoft blocks Ukrainian users from accessing its Store and other products…
There are an infinite number of such cases since all companies have some kind of blocking and restrictions. This is just an example and you can search the Internet for more information. Keeping track of any blocking is quite difficult, including understanding where Java is blocked at the moment.
We condemn the blocking of product downloads for ordinary citizens from any country! Their citizens are not to blame for political problems. And for our part, we cannot fully depend on technology companies, support blocking, and rely on the company’s decency.
We want our program to be available in all countries, regardless of the policy of technology companies. Our program is written in Java and works only after it is installed. Therefore, we will continue to add mirrors to our servers for downloading files. All files are digitally signed by Oracle, which guarantees the integrity of Java files against changes! By the way, the so-called experts keep silent about the digital signature, which is the main proof of the file’s safety after the file is downloaded from any official source.
Additional reasons: Java often restricts downloads from direct links; it may limit download speeds; their servers may be blocked in certain countries by authorities; etc.
Are Forge and Fabric downloaded from your servers?
That’s not always like that. We use the official direct links of these modifications. At the same time, they gradually change the structure of files on their servers, after which direct links are no longer available. Not to mention problems on their servers, due to which the official repositories are sometimes unavailable. Because of this, users of our launcher cannot install Forge or Fabric, which ultimately negatively affects us. Therefore, whether we like it or not, we will continue to duplicate files on our servers. These will be original files that will stay unchanged.
Are you allowed to collect analytics data?
Some sources provide pieces of code that allegedly belong to TLauncher. They usually evidence sending analytics, which supposedly proves the unreliability of our program. We can assure you that any analytics has been collected following our Privacy Policy, does not include any personal data, and is related only to our program. All programs collect analytics to improve interaction, which is nothing new or even more SpyWare according to antivirus scanners. You can disable analytics in the launcher settings.
For those “cyber security specialists” who haven’t read our Privacy Policy, we will highlight all the analytics in detail. So, there is the Installer and the Launcher itself. Before installing the program, you accept the license agreement and agree to send analytics.
Installer analytics: OS version and bit size; the amount of RAM; Free disk space (number); Launcher version; Installer version; The presence of Yandex browser and Opera (to offer their installation); Installation error.
Launcher and updater analytics: OS version and bit size; the amount of RAM; Launcher version; Java version; Screen resolution; Game installation; Switching to the recommended server; Ad navigation; Sending program errors.
Why do we need analytics: we need to clearly understand which popular OS people are switching to and which ones have problems when sending us crashes; Information about the amount of RAM makes it possible to find out where to move our Mod Pack system (everyone knows how demanding mod packs may be); Switching to recommended servers makes it possible to analyze user preferences and give recommendations to game server administrators. Other Minecraft launchers also collect analytics, maybe even more than we do, but no one investigates them or calls them evil. Isn’t it a strange coincidence?
This data is minimal compared to what other programs collect, especially on mobile systems. We wonder why those “experts” do not analyze Tik Tok and the way they log every click and tap on the screen. Good question, right? They devote all of their energy to TLauncher, probably for a reason...
They give me links to some strange websites to analyze your program. There is a red “Score”. What is it?
In addition to antivirus scanners, the Internet is full of sites that analyze the behavior of a particular program. However, their results cannot serve as a basis for recognizing the program has viruses. Their verdict is based on what programs do. The more actions, the higher the resulting risk is. However, any installer unpacks files or downloads additional files. Such actions are presented as risky, but this is a common thing for any program.
Do you know what the funniest thing is? According to the same sites, the official Minecraft installer from Minecraft.net spreads viruses with a probability of 8/10.
Link to research the official Minecraft.net launcher: https://tria.ge/221229-1mryzaec36/behavioral2
Sha256 of their current installer file: 2b0e05e169643319074f306153e55f2d839adb0378d6e721c04198233b892bfa
Their installer does not have any viruses detected on VirusTotal! Compare this to Sha256, which is the same file. It is signed with their official digital signature, which can be checked in “Details” -> “Signature info”.
Link to the official launcher on VirusTotal: https://www.virustotal.com/gui/file/2b0e05e169643319074f306153e55f2d839adb0378d6e721c04198233b892bfa/detection
If we proceed from the investigations of those “experts”, we should conclude that the Minecraft official site also has viruses. Let them know about it so they can investigate. No need to thank us for the tip.
Do you edit server files and block servers?
As you know, we offer users to switch to the recommended game servers in the launcher. When you switch to such a server, it is added to your list of favorite servers so that you do not lose it. If this is not done, you may lose your IP, as well as all your belongings on the server. You can always remove any server from your favorites list.
Also, we have ads for some standard popular servers that may get into your favorites list. These servers are useful for new players who don’t know where to start playing Minecraft. You can disable this in the launcher settings if you have a premium.
We can block and remove certain projects from the server list, similar to the blocking system from Mojang. We rarely block servers, unlike the official developers. Servers most often get blocked based on complaints from players, after checking the information sent. We usually block servers for stealing users’ credit cards, when buying privileges on server sites; Malware advertising; luring money from interested parties. Read more about this at TLauncher Guard (you can turn it off in the launcher settings). If “experts” say it is not necessary to block servers that allow for stealing credit cards, then what kind of security specialists they are... Can you imagine?
Is there anything strange when unpacking installer files?
We already posted screenshots of checking our TLauncher installer on VirusTotal, where all antivirus scanners detected it as safe.
Link on VirusTotal: https://www.virustotal.com/gui/file/5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38
After that, we published a screenshot of checking the TLauncher file on VirusTotal, where up to 70 antivirus scanners detected it as safe.
Link on VirusTotal: https://www.virustotal.com/gui/file/765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714
It looks like those “experts” want us to discuss every atom of our software. We can do that since the truth is on our side! But why are they examining third-party files?
What is AdditionalExecuteTL.exe? It is used to install the recommended Opera program and send analytics if you agree to it. At the same time, there are screenshots and links to VirusTotal showing this file has viruses. But the trick is that this file does not have our “Digital Signature”. This means that the file does not belong to us and we do not spread it.
When on VirusTotal, go to “Details” -> “Signature info”. There you can see if the file is signed or not. In the links provided by the “experts”, it is not digitally signed:
When the file is signed with a signature, it should look like that:
You can open our installer (leave it running), go to the Temp folder (c:\Users\YOUR USER\AppData\Local\Temp\_ir_sf_temp_0\), find these files, and check if they have a digital signature!
Check all links on VirusTotal since they want to turn you against us and force you to download other programs (although their programs have viruses according to VirusTotal). They spread third-party files that have nothing to do with us. All our files have a digital signature and have never been modified after publication.
What is suf_rt.exe? This file is part of Setup Factory Runtime, which helps you create installers for programs. In particular, it is used to create an uninstaller for TLauncher. If this file is not a fake one, it will be signed with our digital signature. Check the link for a digital signature on VirusTotal. Fakes will look like that:
The original version will have a digital signature:
What is downloader.exe? This file is used to install Yandex Browser, exclusively in Russia. For users from other countries, it does not mean anything and will not be launched from our installer. It has no viruses since it makes no sense for a large company like Yandex to spread viruses. Besides, the file is signed with their digital signature. Antivirus scanners may sometimes mark it as adware, but our installer doesn’t have a file with those terrible results that are spread in various sources. Why is this file packed separately into an archive? As we wrote above, it is needed only for a limited number of users from Russia. All other users do not need it. Our “experts” can see that it won’t be unpacked for other users and will never be used. Eventually, it will be removed from Temp after the installation is completed! That’s our Easter egg for those who like to talk about viruses in our software. Thus, the file will be unpacked only if Yandex Browser is recommended for installation. Once again, this concerns only users from Russia. In short, an unpacked archive cannot install anything, which is some kind of guarantee. After installing TLauncher, it will be deleted with all other temporary files!
What is CMD.exe? We do not use this file or store it in the installer. The information about this file is FAKE!
What is TL SKIN CAPE and how does it relate to Java?
TL SKIN CAPE — this is our mod for Forge and Fabric to display Animated capes and HD skins (the regular game does not have them). Like all mods it is written in Java programming language. You have to be a very gifted person to accuse a regular Minecraft mod of being a virus... Like thousands of mods for the game, ours performs a specific function (work with skins and capes), for each version of the game, made its own version of TL SKIN CAPE. About this mod know all of our players, but the competition can not understand it, here are the reasons for the strange messages about the viruses. We can assure you that the files are safe and tested by VirusTotal!
Are there false positives generated by Jiangmin, SecureAge?
Sometimes Chinese or other less popular detection systems try to mark our files with their tags. Competitors complain about our files as was the case with Avast for the new version of the launcher (they removed the tag within 24 hours!). But of course, we know about it and send reports. In this case, the tags disappear. Sometimes it takes more time. The usual status of our files on VirusTotal: 0 detections from 70 antivirus scanners! Don’t forget we mean files with our digital signature. They should be downloaded from our official website.
Can I download TLauncher from other sites?
How to check that you are downloading our TLauncher:
- According to VirusTotal, the file must have (be it the Installer or the Launcher) 0 detections from 70 antivirus scanners.
- The file must have a valid digital signature (you can check it on VirusTotal or by using the Properties in Windows).
- The official website of TLauncher is only www.tlauncher.org. This is where you need to download files!
If the file does not meet the first two points, this may be anything! Check each file and do not believe those who can deceive you, especially by providing strange links and programs.
Do you install something without the user knowing?
We do not install any additional programs or elements without your knowledge and express consent. At the same time, antivirus scanners always check that. If we did this, we would have tags from antivirus scanners. For every important action, we ask the user for permission. So, do not skip screens without reading. If you have problems with this issue, please write to us on VKontakte or Facebook. We will study your information in detail.
Can I delete my TLauncher account or collected analytics?
In the next updates of our site or program, we will expand the list of information that a user can delete from our servers. Please follow the information in our official sources.
Is your program Russian?
Our program is global! It does not depend on any particular country. So, we are completely free. Our developers are scattered across many different countries. We run social networks in different languages. At the same time, we do not have physical servers in Russia (we do not store files there). We are not hostages of the political systems of certain countries and will never block access to players based on their nationality. Any criticism for refusing to block access to some countries is racism, which is unacceptable to us!
Are all those who spread fakes about you bribed by competitors?
We are not judges and do not issue verdicts, but it is hard to imagine that people will make videos about viruses without any evidence. But as we can see, in addition to idle chatter, they give fake links to VirusTotal to confirm their words. All this suggests the involvement of competitors since bloggers would not engage in deception without any benefit. We encourage you to check the information before commenting. If analyzing our program is too hard for you, trust verified sources, i.e. antivirus programs.
It can be said for sure that someone makes these fake videos and does not understand that it is all a hoax. They dragged those bloggers into the heinous intrigues against TLauncher! Many YouTube bloggers eventually understand that and delete the fakes. Please inform your friends there are fakes against us!
Results
We looked through various sources to provide information on those fake investigations, but we do not take offense at their authors. After all, these bloggers aren’t cyber security specialists. They cannot be a more reliable source than 70 antivirus scanners from VirusTotal! But we would like to ask them to place links to answers if they have a shred of conscience. First of all, this will be a guarantee that you did not receive money from our competitors.
We have a special message for a moderator of some Reddit group. His name is Andrey and he made us look like an absolute evil for collecting analytics and adding recommended servers. What’s more, he published fake VirusTotal links for third-party files, etc. Can you please post links to our answers? Or did they pay you good money for your “investigation”?
Our players can ask those “experts” about who pays them for their “investigations” and why they do not post links to our answers. You deserve to have some fun. 😊
Once again, we cannot find any basis for all these claims to our program. TLauncher has been safe for users for almost 10 years!
Comments (100)