Jump to content

Should AutoIt3.exe be digitally signed?  

16 members have voted

  1. 1. Should AutoIt3.exe be digitally signed?

    • Yes
      13
    • No
      3


Recommended Posts

  • Administrators
Posted

Most of the files in AutoIt are digitally signed (installer and components). In the last few releases concern was raised that as AutoIt3.exe was signed it could fool someone into running a #requireadmin script because the UAC prompt says "hey this file is signed". Obviously this only applies to uncompiled files that are distributed with the AutoIt3.exe file.

A digital signature is in no way saying that a file is safe. It just verifies where it comes from. The VBscript/PowerShell exes in Windows are signed so maybe I should resign the AutoIt3.exe?

Discuss. I'm doing a 3.3.14.2 release today or tomorrow to fix a couple of nasty bugs. So...

Posted
  On 9/17/2015 at 10:16 AM, Jon said:

Discuss. I'm doing a 3.3.14.2 release today or tomorrow to fix a couple of nasty bugs. So...

Awesome news.


The other question - I'm not sure - I apologize for the lack of knowledge in this field, (I recently asked the same question in relation to my compiled scripts).

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

  Reveal hidden contents

Signature last update: 2023-04-24

  • Moderators
Posted

Jon,

Despite the fact that the signature does not guarantee that the file is safe to run, it could be taken as such by less-experienced coders (the main users of AutoIt?) and so lead them to assume that the script they are running is safe. Have we received any complaints where the lack of a signature has caused a problem? The only instance I can imagine is where corporate security policy prevented the installation of an un-signed executable thus rendering non-compiled scripts unusable, but is there any evidence that this has ever occurred?

On balance I would suggest leaving the file unsigned.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

  Reveal hidden contents

 

Posted

I wonder if the antivirus can add signatures (certificates) used to sign the application so as to take account of the anti-virus program as safe?
In this case, the management console for the antivirus software can be centrally add a certificate as a trusted and immediately the whole company likes the software :)

I will ask my ESET helpdesk.

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

  Reveal hidden contents

Signature last update: 2023-04-24

Posted

Executable signing should be a matter of integrity and author, not safety. Exact same story with HTTPS. It does not mean "automagic secure". It means integrity and author. That thinking that Melba described is exactly the kind of attitude that needs to change. We should do our part.

Posted

I voted yes as i deal with a lot of unsigned drivers at work, AutoIt itself would be considered safe so i don't see a reason for it not to be signed.

Agreed what others do with it will always cause problems no matter which way it goes

Posted (edited)

yes, sign everything please.  The people who blindly click on dialog boxes (and those that mistake signature for security) are not the target audience for that effort, they will manufacture ways to get owned all by themselves.

Edited by boththose

  Reveal hidden contents

Posted

are we talking about signed file in Au3 installation ?
or
are we talking also about signing files compiled by Au2exe ?

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

  Reveal hidden contents

Signature last update: 2023-04-24

  • Moderators
Posted (edited)

mLipok,

Just the standard AutoIt3.exe executable would be signed - there is no way that we would want compiled scripts to be signed.

M23

Edited by Melba23
Typo

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

  Reveal hidden contents

 

Posted
  On 9/17/2015 at 6:00 PM, Melba23 said:

mLipok,

Just the standard AutoIt3.exe executable would be signed - there is no way that we would want compiled scripts to be signed.

M23

So I vote: Yes.

 

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

  Reveal hidden contents

Signature last update: 2023-04-24

Posted
  On 9/17/2015 at 10:43 AM, mLipok said:

I will ask my ESET helpdesk.

Here is response:

  Quote

W obecnym momencie nie posiadamy wskazanej funkcjonalności. 
Oczywiście zostało to zgłoszone do producenta jako feature request. 
Niestety nie jesteśmy w stanie powiedzieć kiedy podana funkcjonalność zostanie wprowadzona.

and translation:

  Quote

At the present moment we do not have the specified functionality.
Of course, this has been reported to the manufacturer as a feature request.
Unfortunately we are unable to say when the specified functionality will be introduced.

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

  Reveal hidden contents

Signature last update: 2023-04-24

  • Jon locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...