legend Posted January 20, 2015 Posted January 20, 2015 (edited) Hi, Is there any reason that the last release of autoit3.exe with a certificate is 3.3.8.1? All newer releases got no certificate at all Edited January 20, 2015 by legend
Mobius Posted January 21, 2015 Posted January 21, 2015 Too easy for malicious applications that bundle AutoIt3.exe in some form or another to bring unwanted heat on AutoIt Consulting Ltd (Jon), technically riding the trust relationship offered by the digital signature.
legend Posted January 21, 2015 Author Posted January 21, 2015 Well, as soon as you compile it, it wont have the certificate, witch is Also how it should work, having no certificate on autoit3.exe, Can give false detections
Mobius Posted January 21, 2015 Posted January 21, 2015 (edited) Legend, AutoIt3.exe cannot be "compiled" as you put it like the standalone interpreter, rather it would be distributed in its original form (signature intact) and used by malware in conjunction with heavily obfuscated scripts (a3x), resulting in the heat I mentioned. The "false detections" you mentioned stem from AutoIt3.exe's similarities to the standalone interpreter and not the absence of a digital signature. Basically the AutoIt developer removed the signature for good reason, understanding that reason is not necessary for respecting it. Ed: clarity. Vlad Edited January 21, 2015 by Mobius
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now