Excellent info. Thanks very much!
--- In amibroker@yahoogroups.com, Tomasz Janeczko <gro...@...> wrote:
>
> Hello,
>
> With regards to integrity, official setup files such as this:
> http://www.amibroker.com/bin/AmiBroker520.exe
>
> are digitally signed / certified with Microsoft authenticode, that
> guarantees the
> source (AmiBroker.com) and integrity of the file and its contents.
> When you click with RIGHT mouse button over setup file and choose
> "Properties" you will see "Digital Signature" tab.
> See: http://msdn.microsoft.com/en-us/library/ms537364(VS.85).aspx
>
> We do not sign individual files inside setup because
> a) when full setup is signed, it means that all files inside are genuine
> too and integrity is maintained
> b) signing each file makes it slower to load
>
> It is not possible to modify digitally signed file without invalidating
> the signature.
>
> With regards to emailer.exe it is program that sends e-mail alerts that
> you define (via AlertIf function).
>
> BTW: I have notified Kaspersky about their false positive and I received
> the reply
> "Sorry, it was a false detection."
> How ridiculous is that ? I really think that AV companies producing
> false positives
> should be made financially/legally responsible for creating such a mess.
>
> Best regards,
> Tomasz Janeczko
> amibroker.com
>
> On 2010-03-21 13:57, progster01 wrote:
> > The many testimonies at the link to the Nirsoft blog surely indicate a
> > widespread problem with false positive reports, in general. I think it's a
> > good link to read, and the AV companies should be doing a better job here,
> > no question.
> >
> > In specific though, how are we as users supposed to know that emailer.exe
> > (in this case) is not infected/corrupted/tampered-with?
> >
> > What does this file do? (I don't know)
> > What is it's correct size and checksum? (I don't know)
> > What about it causes it to be flagged as dangerous? (etc.)
> >
> > The fact of malicious attacks against AmiBroker.com has been mentioned
> > before on this list. How is a user supposed to know that an attack has not
> > taken place, and resulted in a corrupted distro?
> >
> > I know at least one other TA platform vendor that provides MD5 checksums
> > for their distro files. When the distro matches the checksum, this makes
> > me feel much more secure that it has not been tampered with.
> >
> > Could even that assurance be rendered false by a sufficiently determined
> > criminal? Probably, but if both the file and the checksum were tampered
> > with, it should at least be possible to compare with completely offline
> > records maintained by the developer to determine that this had taken place.
> >
> > Could a file be corrupted and made to have the same size and checksum?
> > I'll leave that question to those more expert than I. Even if so though,
> > it's surely a much higher bar to clear.
> >
> > As a thought experiment - assume that a criminal organization has targeted
> > and corrupted an AB distro to make it into malware (of some sort). Assume
> > further that that corrupted file is on the AB server(s) and being
> > downloaded by customers.
> >
> > How are we supposed to know it? What should make us suspicious? If
> > suspicion is raised, how is corruption to be confirmed or refuted?
> >
> > These are questions I personally do not have a good answer for. I only
> > know that AV programs are an important line of defense. They make me aware
> > of things (rightly or wrongly) that I do not have the particular psychic
> > ability to be otherwise aware of.
> >
> > Being simply told to ignore them, with no further explanation or evidence,
> > is not very reassuring.
> >
> >
> > --- In amibroker@yahoogroups.com, Tomasz Janeczko<groups@> wrote:
> >
> >> Hello,
> >>
> >> That is FALSE positive. You should report it to anti-virus vendor that
> >> they have bug in their program.
> >>
> >> You should probably read this:
> >> http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
> >>
> >>
> >> Best regards,
> >> Tomasz Janeczko
> >> amibroker.com
> >>
> >> On 2010-03-20 21:53, gsmservplus wrote:
> >>
> >>> emailer.exe file in AB directory.Kaspersky found backdoor.win32.RAdmin.bp
> >>> trojan, criticality High
> >>> ??????????????????????????????????????????????
> >>>
> >>> is it fake or it`s realy something wrong?
> >>>
> >>>
> >>>
> >>> ------------------------------------
> >>>
> >>> **** IMPORTANT PLEASE READ ****
> >>> This group is for the discussion between users only.
> >>> This is *NOT* technical support channel.
> >>>
> >>> TO GET TECHNICAL SUPPORT send an e-mail directly to
> >>> SUPPORT {at} amibroker.com
> >>>
> >>> TO SUBMIT SUGGESTIONS please use FEEDBACK CENTER at
> >>> http://www.amibroker.com/feedback/
> >>> (submissions sent via other channels won't be considered)
> >>>
> >>> For NEW RELEASE ANNOUNCEMENTS and other news always check DEVLOG:
> >>> http://www.amibroker.com/devlog/
> >>>
> >>> Yahoo! Groups Links
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
> > ------------------------------------
> >
> > **** IMPORTANT PLEASE READ ****
> > This group is for the discussion between users only.
> > This is *NOT* technical support channel.
> >
> > TO GET TECHNICAL SUPPORT send an e-mail directly to
> > SUPPORT {at} amibroker.com
> >
> > TO SUBMIT SUGGESTIONS please use FEEDBACK CENTER at
> > http://www.amibroker.com/feedback/
> > (submissions sent via other channels won't be considered)
> >
> > For NEW RELEASE ANNOUNCEMENTS and other news always check DEVLOG:
> > http://www.amibroker.com/devlog/
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
>