← Back to team overview

kicad-developers team mailing list archive

Re: Windows 10 reports stable 4.0.1 installer as malware.

 

Adam,

Thanks for the offer.  I'm hoping we can live without giving money to
Microsoft or any of their signing agents for the time being.  The idea
of giving them money to use software they did not create rubs me the
wrong way.  If our backs are up against the wall, then I will consider it.

Thanks,

Wayne



On 2/17/2016 6:21 PM, Adam Wolf wrote:
> I tend to not follow most of the Windows stuff, but if there's a
> financial way we can fix this problem, with a little more certainty than
> "maybe it'll help", please ping me :)
> 
> Thanks!
> 
> Adam Wolf
> Cofounder and Engineer
> Wayne and Layne
> 
> On Wed, Feb 17, 2016 at 4:58 PM, Nick Østergaard <oe.nick@xxxxxxxxx
> <mailto:oe.nick@xxxxxxxxx>> wrote:
> 
>     FWIW, I tried to run the Windows App Certification Kit on the
>     installer and it errored with an invalid "Publisher" property. And I
>     can see in my nsis script that that variable is empty so I have tried
>     to enter something there now, and I will retest tomorrow to see if
>     that fixes that single issue. I think that was the only thing that was
>     marked as failed, there were a couple of warnings.
> 
>     2016-02-17 23:48 GMT+01:00 Mark Roszko <mark.roszko@xxxxxxxxx
>     <mailto:mark.roszko@xxxxxxxxx>>:
>     > It's hard to say, Microsoft keeps quiet on most details. EV
>     > code-signing certs supposedly are given "good" reputation immediately.
>     > EV certs cost $$$ and require a legal business registration
>     > (+identification to prove it to the CA).
>     >
>     > But that's the theory because they also say:
>     > "Other factors are considered when generating reputation and
>     > determining product experiences and EV-signed programs will be closely
>     > monitored over time."
>     >
>     >
>     > So they can shitlist your EV cert anyway for things as simple as
>     > "Windows has detected the installer did not complete" messages that
>     > are kind of typical on bad setups :/ They do base things on on the
>     > telemetry windows gathers.
>     >
>     >
>     > Other than that's it's not difficult or anything to sign the builds
>     > with a different certificate since its just a single command line once
>     > the cert is in the server's certificate store.
>     >
>     > So its mostly the money and risk factor (that it doesn't work).
> 
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
> 


Follow ups

References