Look at all the mainstream scanners that failed to detect it!

In reality, if Microsoft Defender (Security or whatever the name is) can detect it (which does in this case), it means it is flagged on most target users' machine.

Of course, there are people who disable built-in security scanning and don't use another antivirus software, and that's on them.

Unfortunately Defender also flags lots of non-malware open source software, which trains users to ignore it.

Example? Personally I have not run into a single such false positive for the past 10 years. Microsoft SmartScreen sometimes shows a warning for executables that are not digitally signed, but that's not Defender, and this is nowhere like flagging as a virus.

qBittorrent which is a reputable and popular torrent client used to download linux isos, gets flagged and removed as "potentially unwanted applications" by windows defender.

That’s pretty normal in my experience. That’s why you check with VirusTotal instead of a single “mainstream” scanner.

Sticking-your-head-in-the-sand-ism isn't helpful either.

But nobody wants to talk about true security. For example, why does a Python module that renders progress bars (for example) need my full trust about what it does to the rest of my system? Etc.

What's the term for the fallacy that this problem can be ignored because that problem is so much worse?

Sorry, patient, why are we talking about setting your broken arm when you are genetically predisposed to cancer that's going to kill you anyway?

It is the "fallacy of relative privation", for the record.

Nobody said the problem could be ignored ...

> why does a Python module that renders progress bars (for example) need my full trust about what it does to the rest of my system?

tqdm is pure Python and available as a wheel. Or is this a general complaint about sandboxing others' code at runtime?

General complaint. Has nothing to do with tqdm.