Comments (15)
See #6 with an extra dose of
from hotcorner.
The binary is fine, it's a false positive..sigh. I don't know what to do about that. Any ideas?
from hotcorner.
I left a comment on the Virus Total page showing the output of wget
+ sha256sum
which matches the checksum for that "malicious" entry.
The only effective weapon against the AV industry seems to be loud public shaming. Which is a shame, because so many people believe it helps.
from hotcorner.
Thanks Scott. Apparently BitDefender won't even let you compile the source code (!?!?!)
https://twitter.com/formally_eLVis/status/813069990597455872
Unbelievable.
from hotcorner.
@taviso So I know this probably isn't the answer that you're looking for, but I Authenticode signed hotcorner.exe and the results on VirusTotal are much better: https://virustotal.com/en/file/bf9ebefe294b1f514c7346398ce21c641d5ab33947f3a4be9eeda59b35fca45d/analysis/1482857740/
Authenticode takes a significant role in AV vendors deciding the trustworthiness of an executable.
from hotcorner.
I suppose I can sign release builds, even though that makes no sense ;-)
I'm told that some AV products won't even let you compile the code, so that won't help there though. Sigh, we'll have to just do the best we can.
from hotcorner.
Compiled with VS2015 . 2/56 https://www.virustotal.com/en/file/96fafa1eb476d4fa8c77dbe68ac42c80896e9b014ee6ddd54d3732c2a2003d0f/analysis/
EDIT:
I just turned on optimization LOL it made into 2/56
X64 release is 0/56 https://www.virustotal.com/en/file/ebb354dfe45558b405de606af868e197bc94f41d00424f0cbfb584a70304a45c/analysis/1482970190/
from hotcorner.
Optimization is enabled by default in the Makefile, but I can see in those links that you've added a whole bunch of imports from VCRUNTIME140.DLL and others.
I think you must be using the GUI, and enabling some checkboxes in the build options?
I suspect that because you're just adding a dependency on the Visual C++ Redistributable but not including it, the antivirus emulators aren't working. If the binary has missing dependencies it can't be emulated, but obviously it won't work when users try to run it either...
(Note that I rather like having absolutely minimal dependencies!)
from hotcorner.
my bad Thanks for explaining
from hotcorner.
I guess I have no option other than to buy a code signing certificate.
Note that all the big CAs (Comodo, Symantec, etc) are also antivirus vendors, it's like a protection racket 👎
I'm not really thrilled about sending them a copy of my ID, but I'll do it when I get a chance.
from hotcorner.
Maybe you can get one directly from Microsoft? It's not great, but at least they're not primarily in the infographic and snake oil antivirus business.
from hotcorner.
Thanks Scott, I'll look into it.
I noticed that adding VERSIONINFO seems to reduce detections, maybe that will do for now.
https://github.com/taviso/hotcorner/blob/master/version.rc
from hotcorner.
@paragonie-scott I don't believe Microsoft has code signing certs available to the general public. They will always defer to their CA partners, even for things like driver and LSA signing.
@taviso Interesting on the version info. It might be possible (but I am not in a position to check myself) that adding an app.manifest with supportedOS
elements may improve it further. For what it's worth, if you still decide a signing cert may be beneficial, I have used DigiCert without any trouble. To my knowledge they do not sell AV software, white label or otherwise. They are the CA that I used to sign it in my earlier comment.
from hotcorner.
Thanks, I'll give it a shot. The problem with the authenticode solution is (apart from getting a certificate) is that it doesn't help anyone who wants to build their own modified version - I'm told BitDefender won't even let you compile the code (?!).
I'm crossing my fingers that it doesn't care about the intermediate object files, so adding the VERSIONINFO is enough to make it shut up?
from hotcorner.
I'm told BitDefender won't even let you compile the code (?!).
A long time ago we ran in to a similar situation when working on automation software. We had to get IT to configure our AV (TrendMicro, I think it was) to ignore our source code directories and their bin directories because it quarantined every binary the compiler produced. Glad to see nothing's changed since 2008.
so adding the VERSIONINFO is enough to make it shut up
I hope so.
from hotcorner.
Related Issues (19)
- Multiple Screens HOT 7
- Option to disable hotcorner in fullscreen programs HOT 1
- Extraction of Malicious Binaries HOT 1
- Binary uninstall and startup item HOT 2
- Thinkpad trackpoint doesn't trigger hotcorner HOT 1
- :REQUEST: add a option to close? HOT 1
- Nothing happens at all HOT 6
- LRU
- your tiny tool is too big :) HOT 2
- Getting this in the Windows App Store HOT 4
- No Such File or Directory: "%USERPROFILE%\Start Menu\Programs\Startup" HOT 2
- It doesn't work when task-manager is active window. HOT 2
- Corner action - Lock PC HOT 1
- Works when apps are full sceen. e.g. games HOT 1
- Questions for the community
- Investigate if RegisterHotKey() should be used for hot keys HOT 1
- Coordinate changes HOT 10
- False Positives? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hotcorner.