rootx

Codesign price Help me

16 posts in this topic

#1 ·  Posted (edited)

Hi guys, I'm tired of having false positive problems, there is no life to free software without a digital signature, do you have a free method? I do not think you have it, I found this offer that you think of it, any suggestion is welcome. THX

<snip>

Edited by Melba23
Link removed

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

https://www.globalsign.com/en/code-signing-certificate/code-signing-tool/

 

you will still have false positives, especially if you packed with UPX.

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

rootx,

You should know by now we do not accept links to payware.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
15 hours ago, Melba23 said:

rootx,

You should know by now we do not accept links to payware.

M23

Sorry

Share this post


Link to post
Share on other sites
16 hours ago, iamtheky said:

https://www.globalsign.com/en/code-signing-certificate/code-signing-tool/

 

you will still have false positives, especially if you packed with UPX.

I tried without success.. can you explain how to use it

I have installed .net framework 4.6 and I have C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe but I recive this error

 

x.PNG

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

use the command line arguments provided in the instructions, and not whatever GUI that is?

but again, and this time with feeling; if you are trying to eliminate 'false positives' this is not the answer.  You will just have a self-signed exe that throws false positives, most likely because you just hit F7 and prayed real hard. 

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

I doubt it...that's be pretty naive to assume just because a program is signed it is not malicious.  Malware, to my greater knowledge, is based on file heuristics regardless if it is digitally signed or not.  

Share this post


Link to post
Share on other sites
10 hours ago, spudw2k said:

I doubt it...that's be pretty naive to assume just because a program is signed it is not malicious.  Malware, to my greater knowledge, is based on file heuristics regardless if it is digitally signed or not.  

If the software is not signed, it is automatically seen as potentially dangerous, and if you had read the new Google policy regarding the no ssl web sites and software not signed would understand the issue better.

The programs should have a valid code signing issued and verified by a certificate authority presenting verifiable publisher information.

https://www.google.com/about/company/unwanted-software-policy.html

 

Share this post


Link to post
Share on other sites

#10 ·  Posted

Well, I was talking about malware in general in response jguinch.  I don't see where Google was brought up in this thread until you just did.

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

wait, if you need a valid CA and you don't want to pay, you may want to go look at Let's Encrypt.

But these just say that you existed before, and someone gave you a sticker that says you existed, and they know for sure you exist now because they gave you a sticker.  Still not going to change your false positive rate.

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#12 ·  Posted

Sometimes there is just no working around things, and Life isn't easy.

Are you, like iamtheky suggested, using UPX or another compressor/packer?
That can make it harder to scan your program, especially by slack AV or those who go over the top with protection.

I was recently asked why my programs get so few positives (about 99% success rate when submitted). And I couldn't really say. Except that it might be due to level of complexity or the older version of AutoIt (v3.3.0.0) and UPX that I use, my reputation (sic) and no password ... or all three four etc. ;)


AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Share this post


Link to post
Share on other sites

#13 ·  Posted

You can upload your program to VirusTotal so that security experts can analyse your program, they may rarely fix the false positive in their Anti-Virus software.


AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Spoiler

My contributions to the AutoIt Community

Some messages & Apologizes:

If I hurt you, Please accept my apologies, I never (regardless of the situation) mean to hurt anybody!!!

Also, I am very busy with my project so I will appear in the last row of the online list, if you want to contact me: Email@TheDcoder.xyz

Or you can have a nice chat with me in freenode, I use the same nick on freenode too!

3fHNZJ.gif

PLEASE JOIN ##AutoIt AND HELP THE IRC AUTOIT COMMUNITY!

Share this post


Link to post
Share on other sites

#14 ·  Posted

For my part, I manage the antivirus protection for my company's network. I make an exclusion rule for each compiled (based on the full path name) and I have zero false positive.
I asked the question to the support : can I avoid a false positive by signing the program. The answer is : "no. You have to submit your exe file to the false positive form on our web site". Same thing for each antivirus.


 

1 person likes this

Share this post


Link to post
Share on other sites

#15 ·  Posted

18 hours ago, jguinch said:

For my part, I manage the antivirus protection for my company's network. I make an exclusion rule for each compiled (based on the full path name) and I have zero false positive.
I asked the question to the support : can I avoid a false positive by signing the program. The answer is : "no. You have to submit your exe file to the false positive form on our web site". Same thing for each antivirus.


 

Same answer.....

A question might be, how do you certify applications with obfuscated code, the software company encrypts the source code even with passwords, I recommend everyone to read this article by a developer that everyone knows or almost!

http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

Exclusion is certainly the way to go, if you have Admin Rights.

In fact, I exclude my Projects & Projects Backup drives, to speed up things and ensure nothing nasty happens. They are encrypted container files anyway and the drives don't exist when they are closed. But that's all at the other end of your story.

So, like has been said, you can't do much more than Exclude & Submit ... and the situation isn't likely to change anytime soon ... maybe even get worse, for we are at the whim of the AV companies.

Edited by TheSaint

AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now