It’s the top result if you searched in GitHub about removing Microsoft edge, while it’s not detected by Windows Security, Eset or Kaspersky (the best av vendors) it’s being detected by other av engines, is it a false positive?
From a quick glance, there’s a “setup.exe” file in the source directory, which seems very sketchy. Sources should generally contain source code, not precompiled executables. I certainly wouldn’t chance it.
Edit: According to VirusTotal, it attempts to connect to
sb.scorecardresearch.com
, a tracking service. It also apparently creates a scheduled task. Definitely do not use this software.Holy shit lmao
Should this be reported to github?
Yes, definitely. I think they’re usually pretty good about removing malicious repos.
Check out the VirusTotal results for
Remove-EdgeOnly.exe
That’s so much worse lmao. I assume that’s the main payload, and
setup.exe
only downloads it or something.
Without building it from source yourself you need to trust the maintainer. Do you?
I feel that this tool with 2.1k stars is kind of looks safe to me.
As far as I can tell the AV vendors who detect it is mostly either ai based or normally aggressive (high amount of false positives in normal operation mode) I just wanted to see the opinions of advanced users here, to be more informed about this tool.
Number of interactions on GitHub is irrelevant to whether you should trust it.
Stargazer Goblin established a system where they create hundreds of repositories using three thousand fake ‘ghost’ accounts. These accounts star, fork, and subscribe to malicious repositories to increase their apparent legitimacy and make them more likely to appear on GitHub’s trending section.
Sketchy tools with bad english being used to modify your OS is a red flag. A quick google search shows that there are much better ways to patch Windows, so you’re really taking an unnecessary risk here. If any antivirus thinks a program is risky, that’s a sign that you should stop what you’re doing and ask yourself if you’re really sure you want to risk your system to some guy on Github named “ShadowWhisperer”.
If you really have so much trouble with built-in Windows features, then the best way to uninstall Edge would be this: https://fedoraproject.org/workstation/
from the page itself
-
Removing Edge may cause update failure loop. Install Edge, install all Windows updates, then remove Edge.
-
Some reports of Windows Defender blocking this. Disable Defender first.
those as separate cases would make it second guess using it, the fact they both are there, I wouldn’t personally use it. there is also reports from virustotal that it isnt safe, if you used this software already, I highly recommend a deep cleanse of your system
that being said, the “source” page of it looks genuine, but definitely a hard hack, if it is as the commit claims and it is the MS setup executable, which can’t be confirmed source
That Python script is basically just running
setup.exe
(which has no apparent source code). Definitely doesn’t look genuine in the slightest.its running setup.exe with the values --uninstall --system-level --force-uninstall, which sound good as long as the setup.exe is actually the MSedge setup file as it claims, current checksums do not match though, but this could be that the setup was changed from now and when it was added last year, but you can’t verify it. That being said, the rest of the code does indeed remove the residue edge from the system, which if the exe wasnt uninstalling it would cause problems as you operated it. That being said, yes you can’t verify it without knowing the current setup file version, and having the original to validate the checksum.
Didn’t realize Edge actually had a file named setup.exe used for uninstalling. Though it’s quite suspicious they’d include their own file instead of using the one already included with Edge.
I’m still looking into it myself tbh, so far I checked the checksums of the file itself, and the one that was active for the commit date 1/6/23 and the current edge installer exe, none of them match the file in the repo I don’t personally trust it either. The command line parameters are valid though, as in they appear to match the expected command line for the setup.exe file that should be in
%PROGRAMFILES(X86)%\Microsoft\Edge\Application\xxx\Installer
, with XXX being your edge version.
-
I find it absolutely hilarious that people have to debloat windows, using some untrusted third party scripts running in the terminal, in order to make it usable.
I’d recommend just installing linux mint and not dealing with all the bloatware. However, if you’re still deadset on windows, maybe use a tool that many others use:
Eh IDK how “required” it is.
I set my default browser to Firefox, and then never saw edge again.
I mean yes, there’s extra crap sitting on the drive that I don’t want or need or will ever use, but I also don’t spend any time actually thinking about it, either.
Windows 11 is still a piece of shit, though, and I hate it with all my being and would love to be able to ditch it, but alas, not quite yet.
Have you opened edge lately?
Have you done a search in bing and found that your computer login has a bing account created for it?
Have you had notifications to verify your login with a Windows account?
Have you tried opening a link from Outlook using its default built-in link handling protocol?
I don’t understand why this isn’t criminal at this point. Are our lawmakers completely unaware of these issues or do they just not care?
You Linux Desktop Evangelists crack me up.
I’ve been using Unix likely longer than you’ve been alive, and run Linux for host systems. The thought of using Linux as a desktop is just insane.
I keep having to say this, as much as I like Linux for certain things, as a desktop it’s still no competition to Windows, even with this awful shit going on.
As some background - I had my first UNIX class in about 1990. I wrote my first Fortran program on a Sperry Rand Univac (punched cards) in about 1985. Cobol was immediately after Fortran (wish I’d stuck with Cobol).
I run a Mint laptop. Power management is a joke. Configured as best as possible, walked in the other day and it was dead - as in battery at zero, won’t even boot. Windows would never do this, unless you went out of your way to config power management to kill the battery (even then, to really kill it you have to boot to BIOS and let it sit, Windows will not let a battery get to zero).
There no way even possible via the GUI to config power management for things like low/critical battery conditions /actions.
There are many reasons why Linux doesn’t compete with Windows on the desktop - this is just one glaring one.
Now let’s look at Office. Open an Excel spreadsheet with tables in any app other than excel. Tables are something that’s just a given in excel, takes 10 seconds to setup, and you get automatic sorting and filtering, with near-zero effort. The devs of open office refuse to support tables, saying “you should manage data in a proper database app”. No, I’m not setting up a DB in an open-source competitor to Access. That’s just too much effort for simple sorting and filtering tasks, and isn’t realistically shareable with other people. I do this several times a day in excel.
Now there’s that print monitor that’s on by default, and can only be shut up by using a command line. Wtf? In the 21st century?
Networking… Yea, samba works, but how do you clear creds you used one time to connect to a share, even though you didn’t say “save creds”? Oh, yea, command line again or go download an app to clear them for for you. Smh.
Oh, you have a wireless Logitech mouse? Linux won’t even recognize it. You have to search for a solution and go find a third-party download that makes it work. My brand new wireless mouse works on any version of windows since 2000, at the least, and would probably work on Win95.
Someone else said it better than me:
Every time I’ve installed Linux as my main OS (many, many times since I was younger), it gets to an eventual point where every single thing I want to do requires googling around to figure out problems. While it’s gotten much better, I always ended up reinstalling Windows or using my work Mac. Like one day I turn it on and the monitor doesn’t look right. So I installed twenty things, run some arbitrary collection of commands, and it works… only it doesn’t save my preferences.
So then I need to dig into .bashrc or .bash_profile (is bashrc even running? Hey let me investigate that first for 45 minutes) and get the command to run automatically… but that doesn’t work, so now I can’t boot… so I have to research (on my phone now, since the machine deathscreens me once the OS tries to load) how to fix that… then I am writing config lines for my specific monitor so it can access the native resolution… wait, does the config delimit by spaces, or by tabs?? anyway, it’s been four hours, it’s 3:00am and I’m like Bryan Cranston in that clip from Malcolm in the Middle where he has a car engine up in the air all because he tried to change a lightbulb.
And then I get a new monitor, and it happens all damn over again. Oh shit, I got a new mouse too, and the drivers aren’t supported - great! I finally made it to Friday night and now that I have 12 minutes away from my insane 16 month old, I can’t wait to search for some drivers so I can get the cursor acceleration disabled. Or enabled. Or configured? What was I even trying to do again? What led me to this?
I just can’t do it anymore. People who understand it more than I will downvote and call me an idiot, but you can all kiss my ass because I refuse to do the computing equivalent of building a radio out of coconuts on a deserted island of ancient Linux forum posts because I want to have Spotify open on startup EVERY time and not just one time. I have tried to get into Linux as a main dev environment since 1997 and I’ve loved/liked/loathed it, in that order, every single time.
I respect the shit out of the many people who are far, far smarter than me who a) built this stuff, and 2) spend their free time making Windows/Mac stuff work on a Linux environment, but the part of me who liked to experiment with Linux has been shot and killed and left to rot in a ditch along the interstate.
Now I love Linux for my services: Proxmox, UnRAID, TrueNAS, containers for Syncthing, PiHole, Owncloud/NextCloud, CasaOS/Yuno, etc, etc. I even run a few Windows VM’s on Linux (Proxmox) because that’s better than running Linux VM’s on a Windows server.
Linux is brilliant for this stuff. Just not brilliant for a desktop, let alone in a business environment.
Linux doesn’t even use a common shell (which is a good thing in it’s own way), and that’s a massive barrier for users.
If it were 40 years ago, maybe Linux would’ve had a chance to beat MS, even then it would’ve required settling on a single GUI (which is arguably half of why Windows became a standard, the other half being a common API), a common build (so the same tools/utilities are always available), and a commitment to put usability for the inexperienced user first.
These are what MS did in the 1980’s to make Windows attractive to the 3 groups who contend with desktops: developers, business management, end users.
All this without considering the systems management requirements of even an SMB with perhaps a dozen users (let alone an enterprise with tens of thousands).
Yeah I didn’t read your wall of text, but the “insanity” of running exclusively Linux on the desktop for the past 20 years is what landed me a career.
Brilliant. I don’t agree with all of your grievances but found the read amazing. Thanks for sharing!
Tables are something that’s just a given in excel, takes 10 seconds to setup, and you get automatic sorting and filtering, with near-zero effort.
I also find excel easier to use than libreoffice calc as I’m more experienced with excel. This example though is easily solved by using Autostyle + Autoformat
You’re in a cybersecurity community worried about the safety of software, yet you’re using Windows? Need to at least have crossed the starting line.
That being said, I would absolutely never trust random binary files off the internet that aren’t part of a common open source package repository. That includes most video games, that get their own containment hardware.