kicad-developers team mailing list archive
-
kicad-developers team
-
Mailing list archive
-
Message #23213
Re: Windows 10 reports stable 4.0.1 installer as malware.
Do we have anyway to confirm the current binary on the website is indeed
what was produced by the package builder?
On 2/17/2016 4:00 PM, Nick Østergaard wrote:
> Yeah, I was under the understanding that over time the cert would gain
> reputation, but it seems that this is not happening. But it seems that
> microsoft have a new tool one can use to submit the signature to them to
> eventually accept it.
>
> Maybe there is a feature in that smartscreen thing for users to say ok
> to microsoft for this signature.
>
> Den 17/02/2016 21.55 skrev "Wayne Stambaugh" <stambaughw@xxxxxxxxx
> <mailto:stambaughw@xxxxxxxxx>>:
>
> This [see attached] display is rather alarming and I can understand
> users being wary. I believe it's something that changed in the last
> windows update. Before I only saw the unknown source warning dialog.
> It would be nice if we could provide some measure of confidence that the
> installer binary is really what we say it is for windows users.
>
> On 2/17/2016 3:41 PM, Nick Østergaard wrote:
> > The installer is signed by Mark Roszko, I did consider adding the
> > fingerprint on the download page, but I never got around to that.
> >
> > But I am sure it is fine, it is just the windows smartscreen
> filter thing.
>
> "windows smartscreen", that's an oxymoron if I ever heard one. :)
>
> >
> > It does not really say that it is malware, it just says that it comes
> > from an unknown source. Nothing to worry about as such.
> >
> > Den 17/02/2016 20.12 skrev "Wayne Stambaugh" <stambaughw@xxxxxxxxx
> <mailto:stambaughw@xxxxxxxxx>
> > <mailto:stambaughw@xxxxxxxxx <mailto:stambaughw@xxxxxxxxx>>>:
> >
> > On 2/17/2016 2:09 PM, Simon Richter wrote:
> > > Hi,
> > >
> > > On 17.02.2016 19:55, Wayne Stambaugh wrote:
> > >
> > >> Is there any way
> > >> to confirm that the installer on the website hasn't been
> compromised?
> > >
> > > That is a known problem with the heuristic detection: it
> triggers
> > often
> > > on JIT compilers, so it is possible that we are getting false
> > alarms here.
> >
> > I figured it was a false alarm but I want to give users some
> reassurance
> > that's all that it is.
> >
> > >
> > >> Perhaps an md5sum of the original installer binary. Can
> someone
> > who has
> > >> access to the packager builder please look into this for me.
> > >
> > > I'm extending the build script so the SHA sums of the
> generated files
> > > are recorded in the build log, then we can check them easily.
> >
> > Please let me know when the SHA sums have been generated and
> where I can
> > download them to compare against the binary I downloaded from the
> > website.
> >
> > >
> > > Simon
> > >
> > >
> > >
> > > _______________________________________________
> > > Mailing list: https://launchpad.net/~kicad-developers
> > > Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
> > <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx
> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>>
> > > Unsubscribe : https://launchpad.net/~kicad-developers
> > > More help : https://help.launchpad.net/ListHelp
> > >
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~kicad-developers
> > Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
> > <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx
> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>>
> > Unsubscribe : https://launchpad.net/~kicad-developers
> > More help : https://help.launchpad.net/ListHelp
> >
>
Follow ups
References
