Code signing to help with Windows virus false positives
Bob Arnson via Digitalmars-d
digitalmars-d at puremagic.com
Sat Oct 15 08:57:52 PDT 2016
On Tuesday, 11 October 2016 at 01:37:55 UTC, Martin Nowak wrote:
> Whatever makes more sense. From my very limited understanding
> .msi installers are natively understood installers in Windows,
> and the weapon of choice for robust and more professional
> installers.
> If innosetup is just another NSIS like tool, it might not solve
> all our problems.
InnoSetup is like NSIS in that it builds an .exe that does the
file copying, registry writing, downloading, executing, and so
forth. MSI packages are "executed" by the MSI engine built into
the OS -- the logic is in the OS, the data is in the MSI package.
> We're fairly clueless here and could really use help here.
>
> Just signing the NSIS installers could work for now, any
> support for this hypothesis.
> I tried to submit the latest release as sample to Microsoft but
> their file upload had a size limit smaller than the binary.
Getting past the antivirus gauntlet is mostly about (1) signing
and (2) submitting installers until they get tired of blocking
you. The two go hand-in-hand because it's basically building up a
history of trusted behavior.
I don't know that NSIS is any worse or better than Inno about
triggering antivirus. If that's your primary goal, it might not
be worth a big porting job.
Bob (co-BDFL, WiX toolset, http://wixtoolset.org/,
https://www.joyofsetup.com/)
More information about the Digitalmars-d
mailing list