digitalmars.D - Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
- Rel (5/5) Jul 25 2018 To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen".
- rikki cattermole (3/10) Jul 25 2018 This is a pretty regular problem for Windows.
- Radu (8/18) Jul 25 2018 It is a very simple thing to do. But the foundation hasn't
- Seb (27/47) Jul 26 2018 It's not about paying for the certificate, if that would be all,
- Radu (10/49) Jul 26 2018 It is important to have that certificate, as you can see from
- Vladimir Panteleev (3/8) Jul 26 2018 Does anti-virus software exempt signed executables?
- Suliman (4/13) Jul 26 2018 I really think that it's problem of Kaspersky than D. They should
- rikki cattermole (3/16) Jul 26 2018 Yes, but it'll be a lot easier to convince them that we are ok, if they
- rikki cattermole (5/14) Jul 26 2018 It really depends upon the AV engine as to what extent it is beneficial.
- Mike Franklin (6/11) Jul 25 2018 It's been reported at
- FeepingCreature (9/21) Jul 25 2018 Possibly because anything that says "pay money or we'll flag your
- Uknown (6/16) Jul 25 2018 To add to this, I've had issues with kaspersky tagging any 50
- Seb (4/16) Jul 26 2018 See
To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.
Jul 25 2018
On 25/07/2018 8:27 PM, Rel wrote:To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c1 ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Jul 25 2018
On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:On 25/07/2018 8:27 PM, Rel wrote:It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap. Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Jul 25 2018
On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote:On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:It's not about paying for the certificate, if that would be all, we would have done this long ago! The problem is to integrate it in our release process and that no one involved has much experience with Windows. It doesn't make things easier that we run Windows via VirtualBox for the release building and the snake oil industry requires a hardware 2FA process when signing binaries with their certificate. Let me quote Martin (our release tzar) from one of the many internal mails:On 25/07/2018 8:27 PM, Rel wrote:It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap. Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.I can figure this all out, it's again a small but lower-priority issue cutting the line though. After my vacation I'm currently finalizing the highly-available code.dlang.org migration. Next will be migrating ci.dlang.io to Buildkite, then beginning the research for use-after-free/alias tracking. --- Would be great if someone with actual interest in this would take care of it completely. Win binary builds to sign .exe and .dll: https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268 Win installer build: https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322 Setup script for Win box in case we need to install tools: https://gist.github.com/MartinNowak/8270666 --- <<<
Jul 26 2018
On Thursday, 26 July 2018 at 07:25:24 UTC, Seb wrote:On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote:It is important to have that certificate, as you can see from this https://forum.dlang.org/post/siugqkvkngnzdgqulaxo forum.dlang.org signing the installer is not a big deal. `osslsigncode` runs on Linux so I think it should be fairly straight forward to add it as a step in the build script. The example command from the link I gave is used in production somewhere and it works. So, buy a certificate :)On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:It's not about paying for the certificate, if that would be all, we would have done this long ago! The problem is to integrate it in our release process and that no one involved has much experience with Windows. It doesn't make things easier that we run Windows via VirtualBox for the release building and the snake oil industry requires a hardware 2FA process when signing binaries with their certificate. Let me quote Martin (our release tzar) from one of the many internal mails:[...]It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap. Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.I can figure this all out, it's again a small but lower-priority issue cutting the line though. After my vacation I'm currently finalizing the highly-available code.dlang.org migration. Next will be migrating ci.dlang.io to Buildkite, then beginning the research for use-after-free/alias tracking. --- Would be great if someone with actual interest in this would take care of it completely. Win binary builds to sign .exe and .dll: https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268 Win installer build: https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322 Setup script for Win box in case we need to install tools: https://gist.github.com/MartinNowak/8270666 --- <<<[...]
Jul 26 2018
On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:On 25/07/2018 8:27 PM, Rel wrote:Does anti-virus software exempt signed executables?I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Jul 26 2018
On Thursday, 26 July 2018 at 08:27:33 UTC, Vladimir Panteleev wrote:On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:I really think that it's problem of Kaspersky than D. They should fix they crap, not we.On 25/07/2018 8:27 PM, Rel wrote:Does anti-virus software exempt signed executables?I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Jul 26 2018
On 26/07/2018 8:39 PM, Suliman wrote:On Thursday, 26 July 2018 at 08:27:33 UTC, Vladimir Panteleev wrote:Yes, but it'll be a lot easier to convince them that we are ok, if they can check for a cert.On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:I really think that it's problem of Kaspersky than D. They should fix they crap, not we.On 25/07/2018 8:27 PM, Rel wrote:Does anti-virus software exempt signed executables?I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Jul 26 2018
On 26/07/2018 8:27 PM, Vladimir Panteleev wrote:On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote:It really depends upon the AV engine as to what extent it is beneficial. But they can do white listing[0] and a few other things which would be very good on our end. [0] https://forum.avast.com/index.php?topic=202088.0On 25/07/2018 8:27 PM, Rel wrote:Does anti-virus software exempt signed executables?I think, we should do something about it, at very least report for false-positive to Kaspersky or something.This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Jul 26 2018
On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.It's been reported at https://issues.dlang.org/show_bug.cgi?id=18786 For some reason it's not being taken seriously. It's embarrassing to say the least. Mike
Jul 25 2018
On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote:On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:Possibly because anything that says "pay money or we'll flag your binary and scare our users about it!" sounds like a scam. Also, nowadays virus scanners arguably cause more problems than they prevent - viruses have already exploited vulns in virus scanners, which usually run as root. And if somebody breaks into Github or dlang.org and replaces the binary with a backdoored one, they won't use a backdoor that'll be detected by common scanners because why would they?To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.It's been reported at https://issues.dlang.org/show_bug.cgi?id=18786 For some reason it's not being taken seriously. It's embarrassing to say the least. Mike
Jul 25 2018
On Wednesday, 25 July 2018 at 14:30:57 UTC, FeepingCreature wrote:On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote:To add to this, I've had issues with kaspersky tagging any 50 line program I wrote as a virus, as long as it had a do{} while() loop in main. Very annoying. At some point people need to realize that anti-viruses are not simply never going to improve computer security.On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:Possibly because anything that says "pay money or we'll flag your binary and scare our users about it!" sounds like a scam. Also, nowadays virus scanners arguably cause more problems than they prevent - viruses have already exploited vulns in virus scanners, which usually run as root. And if somebody breaks into Github or dlang.org and replaces the binary with a backdoored one, they won't use a backdoor that'll be detected by common scanners because why would they?
Jul 25 2018
On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote:On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote:See https://forum.dlang.org/post/reccnvpdbboenpomexxz forum.dlang.org - I also forwarded a few internal mails to you.To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.It's been reported at https://issues.dlang.org/show_bug.cgi?id=18786 For some reason it's not being taken seriously. It's embarrassing to say the least. Mike
Jul 26 2018