kicad-developers team mailing list archive
-
kicad-developers team
-
Mailing list archive
-
Message #23215
Re: Windows 10 reports stable 4.0.1 installer as malware.
The fingerprint.
@Mark, do you have it handy?
2016-02-17 22:25 GMT+01:00 Wayne Stambaugh <stambaughw@xxxxxxxxx>:
> Do we have anyway to confirm the current binary on the website is indeed
> what was produced by the package builder?
>
> On 2/17/2016 4:00 PM, Nick Østergaard wrote:
>> Yeah, I was under the understanding that over time the cert would gain
>> reputation, but it seems that this is not happening. But it seems that
>> microsoft have a new tool one can use to submit the signature to them to
>> eventually accept it.
>>
>> Maybe there is a feature in that smartscreen thing for users to say ok
>> to microsoft for this signature.
>>
>> Den 17/02/2016 21.55 skrev "Wayne Stambaugh" <stambaughw@xxxxxxxxx
>> <mailto:stambaughw@xxxxxxxxx>>:
>>
>> This [see attached] display is rather alarming and I can understand
>> users being wary. I believe it's something that changed in the last
>> windows update. Before I only saw the unknown source warning dialog.
>> It would be nice if we could provide some measure of confidence that the
>> installer binary is really what we say it is for windows users.
>>
>> On 2/17/2016 3:41 PM, Nick Østergaard wrote:
>> > The installer is signed by Mark Roszko, I did consider adding the
>> > fingerprint on the download page, but I never got around to that.
>> >
>> > But I am sure it is fine, it is just the windows smartscreen
>> filter thing.
>>
>> "windows smartscreen", that's an oxymoron if I ever heard one. :)
>>
>> >
>> > It does not really say that it is malware, it just says that it comes
>> > from an unknown source. Nothing to worry about as such.
>> >
>> > Den 17/02/2016 20.12 skrev "Wayne Stambaugh" <stambaughw@xxxxxxxxx
>> <mailto:stambaughw@xxxxxxxxx>
>> > <mailto:stambaughw@xxxxxxxxx <mailto:stambaughw@xxxxxxxxx>>>:
>> >
>> > On 2/17/2016 2:09 PM, Simon Richter wrote:
>> > > Hi,
>> > >
>> > > On 17.02.2016 19:55, Wayne Stambaugh wrote:
>> > >
>> > >> Is there any way
>> > >> to confirm that the installer on the website hasn't been
>> compromised?
>> > >
>> > > That is a known problem with the heuristic detection: it
>> triggers
>> > often
>> > > on JIT compilers, so it is possible that we are getting false
>> > alarms here.
>> >
>> > I figured it was a false alarm but I want to give users some
>> reassurance
>> > that's all that it is.
>> >
>> > >
>> > >> Perhaps an md5sum of the original installer binary. Can
>> someone
>> > who has
>> > >> access to the packager builder please look into this for me.
>> > >
>> > > I'm extending the build script so the SHA sums of the
>> generated files
>> > > are recorded in the build log, then we can check them easily.
>> >
>> > Please let me know when the SHA sums have been generated and
>> where I can
>> > download them to compare against the binary I downloaded from the
>> > website.
>> >
>> > >
>> > > Simon
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > Mailing list: https://launchpad.net/~kicad-developers
>> > > Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
>> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
>> > <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx
>> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>>
>> > > Unsubscribe : https://launchpad.net/~kicad-developers
>> > > More help : https://help.launchpad.net/ListHelp
>> > >
>> >
>> > _______________________________________________
>> > Mailing list: https://launchpad.net/~kicad-developers
>> > Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
>> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
>> > <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx
>> <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>>
>> > Unsubscribe : https://launchpad.net/~kicad-developers
>> > More help : https://help.launchpad.net/ListHelp
>> >
>>
References
