TWEXE vs McAfee

DisabledDisaster · August 25, 2025, 7:51pm

I’m a complete tyro here. In an effort to avoid EVER having another catastrophic failure of a key tiddlywiki, I was looking at Twexe as a way to work with the existing files on my desktop.

https://ihm4u.github.io/twexe/

McAfee keeps insisting that the file is a “threat,” to the point of discouraging me repeatedly from using the download link.

Has anyone successfully installed this? Is McAffe jumping at shadows? I was under the impression that github was less likely to spread problematic files.

Mark_S · August 25, 2025, 8:04pm

It’s unfortunately true that you sell more AV software if you keep people afraid. If twexe has a virus, it would be 9 years old by now!

Here’s a scan from VirusTotal. None of the reputable names, including McAfee* report a problem with TWexe.

https://www.virustotal.com/gui/file/01cb7a7a70aa7f7d8da018ce9f4e16c51853d838d703ec8d5080d7ca7f0a4631

On Windows, I think you can also use Windows defender to get a 2nd opinion.

So, it’s a judgement call.

Assuming you think McAfee is credible.

TW_Tones · August 25, 2025, 10:19pm

The genius and problem if you use twexe is it loads a single file wiki into itself the exe. As a result it may verywell generate false alarms when the content “looks like” a virus signature.

Unfortunatly exe’s are not readable to check the code.

If you can safely source it is should be ok.

DisabledDisaster · August 25, 2025, 10:44pm

I trust github more than mcafee, frankly.

It’s still a judgment call, of course, but because it will solve one of my major issues, I’m willing to take a bit more risk.

TW_Tones · August 26, 2025, 10:51pm

This may be resonable but be aware there is an increasing number of “supply chain attacks” being reported especialy in open source libraries. People contribute for years to open source projects, just to eventualy inject malware into the supply chain because a lot of comercial solutions use open source as part of their solutions.

DisabledDisaster · August 26, 2025, 11:07pm

So there’s always a risk. Always. But it might be a good solution for me. I’ll keep checking into it.

Mark_S · August 26, 2025, 11:29pm

In this case we can see that neither the source nor the exe has been touched since 2015.

DisabledDisaster · August 26, 2025, 11:53pm

Well, that’s a good thing. I’ve learned about more of the technical details of Tiddlywiki in the last week than I have in probably years. G What can I say; it worked for me out of the box so it wasn’t worth the extra work to deal with the fine details (and specifically, customization).

TW_Tones · August 27, 2025, 12:19am

Note the .hta method may also work for you. This need not use an exe.

Be aware it has being depricated as well as by microsoft windows
Tiddler import works but not drag and drop
Bookmarklets (in a tiddler from https://bookmarklets.tiddlyhost.com/) will not run

[Edited] I am researching the creation of a modern solution to replace the hta method. Unlike twexe you will need to have a seperate executable or file association configured but going forward just save your tiddler wiki not as .hta but .tw

Using the edge engin but with local permissions given to the tw page for local activities.
As a result you do not browse the internet with this, at most file:// and web links open in default (or nominated) browser.