Sign in to follow this  
Followers 0
legend

autoit3.exe certificate

4 posts in this topic

#1 ·  Posted (edited)

Hi,

Is there any reason that the last release of autoit3.exe with a certificate is 3.3.8.1?

All newer releases got no certificate at all

igK2VrVtrerqI.JPG

Edited by legend

Share this post


Link to post
Share on other sites



Too easy for malicious applications that bundle AutoIt3.exe in some form or another to bring unwanted heat on AutoIt Consulting Ltd (Jon), technically riding the trust relationship offered by the digital signature.

Share this post


Link to post
Share on other sites

Well, as soon as you compile it, it wont have the certificate, witch is Also how it should work, having no certificate on autoit3.exe, Can give false detections

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Legend,

AutoIt3.exe cannot be "compiled" as you put it like the standalone interpreter, rather it would be distributed in its original form (signature intact) and used by malware in conjunction with heavily obfuscated scripts (a3x), resulting in the heat I mentioned.

The "false detections" you mentioned stem from AutoIt3.exe's similarities to the standalone interpreter and not the absence of a digital signature.

Basically the AutoIt developer removed the signature for good reason, understanding that reason is not necessary for respecting it.

Ed: clarity.

Vlad

Edited by Mobius

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0