Code signing to help with Windows virus false positives

Basile B. via Digitalmars-d digitalmars-d at puremagic.com
Mon Aug 15 13:47:10 PDT 2016


On Monday, 15 August 2016 at 19:58:14 UTC, Brad Anderson wrote:
> On Monday, 15 August 2016 at 18:52:03 UTC, Basile B. wrote:
>> On Monday, 15 August 2016 at 17:05:32 UTC, Brad Anderson wrote:
>>> With all of the issues people are having with Windows [...]
>>> There is already an issue created for this here: 
>>> https://issues.dlang.org/show_bug.cgi?id=16065
>>
>> Do you think that a certificate prevents an antivirus to scan 
>> an executable ? I'm laughing out of loud here.
>
> No. Of course not.
>
> To quote Microsoft: "Signing your program’s files in a 
> consistent manner, with a digital certificate issued by a 
> trusted root authority, helps our research team quickly 
> identify the source of a program and apply previously gained 
> knowledge. In some cases this can result in your program being 
> quickly added to the known list or, far less frequently, in 
> adding your digital certificate to a list of trusted 
> publishers."
>
> At work we added class 3 code signing and it helped quite a bit 
> with McAfee's warnings about our software for end users. In 
> that case it was warnings about new releases of our software 
> that hadn't had many installs yet.
>
> Microsoft isn't selling certificates (though it'd be nice if 
> they offered them like Apple does although with Apple you have 
> to get a DUNS number which I'm sure you consider a scam as 
> well).
>
> Please share your suggestions for how to help with the false 
> positive issue (or just continue laughing in ignorance based on 
> an assumption of something I never said).

If the origin of the problem is NSIS then in a first time it 
would be worth trying InnoSetup or also a MSI installer.


More information about the Digitalmars-d mailing list