No Malware in Tunnelblick

Tunnelblick 3.7.9 and higher is "Notarized", which means that Apple confirms it has been checked for malware before you install it.

In late September 2018, a small number of antivirus and security programs started alterting their users that there was malware in new downloads of Tunnelblick and in some long-existing installations of Tunnelblick.

There was no malware. These alerts were "false positives", that is, the programs were reporting that Tunnelblick contained malware even though it did not.

Such false positives are not uncommon. One way to check for them is to use a website that will scan a file with multiple anti-malware engines, such as VirusTotal, and see how many engines claim a program is infected compares with how many engines claim the program is not infected. Note that some engines uses other engines, so if BitDefender, for example, claims a program contains malware, other engines such as Emsisoft will also claim the program contains malware, without their own independent examinations.

See Tunnelblick News for more details of the 2018 incident.

##Timeline

2018-09-29

• New beta and stable versions of Tunnelblick were released.

2018-09-30

• Several users reported malware alerts about the new versions to the Tunnelblick developers.

• The new versions were removed from the website and updates to the new versions were stopped.

• Tunnelblick developers contacted the antivirus and security vendors to notify them of the problem.

• At one point in the day, 9 of 58 engines on VirusTotal identified Tunnelblick as containing malware.

2018-10-01

• All but one of the false positive alerts were retracted.

• The new stable and beta versions were restored to the Tunnelblick website and updates to the new versions were resumed.