legend Posted January 20, 2015 Share Posted January 20, 2015 (edited) Hi, Is there any reason that the last release of autoit3.exe with a certificate is 3.3.8.1? All newer releases got no certificate at all Edited January 20, 2015 by legend Link to comment Share on other sites More sharing options...
Mobius Posted January 21, 2015 Share Posted January 21, 2015 Too easy for malicious applications that bundle AutoIt3.exe in some form or another to bring unwanted heat on AutoIt Consulting Ltd (Jon), technically riding the trust relationship offered by the digital signature. Link to comment Share on other sites More sharing options...
legend Posted January 21, 2015 Author Share Posted January 21, 2015 Well, as soon as you compile it, it wont have the certificate, witch is Also how it should work, having no certificate on autoit3.exe, Can give false detections Link to comment Share on other sites More sharing options...
Mobius Posted January 21, 2015 Share Posted January 21, 2015 (edited) Legend, AutoIt3.exe cannot be "compiled" as you put it like the standalone interpreter, rather it would be distributed in its original form (signature intact) and used by malware in conjunction with heavily obfuscated scripts (a3x), resulting in the heat I mentioned. The "false detections" you mentioned stem from AutoIt3.exe's similarities to the standalone interpreter and not the absence of a digital signature. Basically the AutoIt developer removed the signature for good reason, understanding that reason is not necessary for respecting it. Ed: clarity. Vlad Edited January 21, 2015 by Mobius Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now