Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On 26/07/2018 8:27 PM, Vladimir Panteleev wrote: On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: On 25/07/2018 8:27 PM, Rel wrote: I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end. Does anti-virus software exempt signed executables? It really depends upon the AV engine as to what extent it is beneficial. But they can do white listing[0] and a few other things which would be very good on our end. [0] https://forum.avast.com/index.php?topic=202088.0
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On 26/07/2018 8:39 PM, Suliman wrote: On Thursday, 26 July 2018 at 08:27:33 UTC, Vladimir Panteleev wrote: On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: On 25/07/2018 8:27 PM, Rel wrote: I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end. Does anti-virus software exempt signed executables? I really think that it's problem of Kaspersky than D. They should fix they crap, not we. Yes, but it'll be a lot easier to convince them that we are ok, if they can check for a cert.
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Thursday, 26 July 2018 at 08:27:33 UTC, Vladimir Panteleev wrote: On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: On 25/07/2018 8:27 PM, Rel wrote: I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end. Does anti-virus software exempt signed executables? I really think that it's problem of Kaspersky than D. They should fix they crap, not we.
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: On 25/07/2018 8:27 PM, Rel wrote: I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end. Does anti-virus software exempt signed executables?
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote: On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote: To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something. It's been reported at https://issues.dlang.org/show_bug.cgi?id=18786 For some reason it's not being taken seriously. It's embarrassing to say the least. Mike See https://forum.dlang.org/post/reccnvpdbboenpome...@forum.dlang.org - I also forwarded a few internal mails to you.
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Thursday, 26 July 2018 at 07:25:24 UTC, Seb wrote: On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote: On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: [...] It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap. Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this. It's not about paying for the certificate, if that would be all, we would have done this long ago! The problem is to integrate it in our release process and that no one involved has much experience with Windows. It doesn't make things easier that we run Windows via VirtualBox for the release building and the snake oil industry requires a hardware 2FA process when signing binaries with their certificate. Let me quote Martin (our release tzar) from one of the many internal mails: [...] I can figure this all out, it's again a small but lower-priority issue cutting the line though. After my vacation I'm currently finalizing the highly-available code.dlang.org migration. Next will be migrating ci.dlang.io to Buildkite, then beginning the research for use-after-free/alias tracking. --- Would be great if someone with actual interest in this would take care of it completely. Win binary builds to sign .exe and .dll: https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268 Win installer build: https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322 Setup script for Win box in case we need to install tools: https://gist.github.com/MartinNowak/8270666 --- <<< It is important to have that certificate, as you can see from this https://forum.dlang.org/post/siugqkvkngnzdgqul...@forum.dlang.org signing the installer is not a big deal. `osslsigncode` runs on Linux so I think it should be fairly straight forward to add it as a step in the build script. The example command from the link I gave is used in production somewhere and it works. So, buy a certificate :)
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 09:49:54 UTC, Radu wrote: On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: On 25/07/2018 8:27 PM, Rel wrote: To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end. It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap. Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this. It's not about paying for the certificate, if that would be all, we would have done this long ago! The problem is to integrate it in our release process and that no one involved has much experience with Windows. It doesn't make things easier that we run Windows via VirtualBox for the release building and the snake oil industry requires a hardware 2FA process when signing binaries with their certificate. Let me quote Martin (our release tzar) from one of the many internal mails: I can figure this all out, it's again a small but lower-priority issue cutting the line though. After my vacation I'm currently finalizing the highly-available code.dlang.org migration. Next will be migrating ci.dlang.io to Buildkite, then beginning the research for use-after-free/alias tracking. --- Would be great if someone with actual interest in this would take care of it completely. Win binary builds to sign .exe and .dll: https://github.com/dlang/installer/blob/master/create_dmd_release/create_dmd_release.d#L267-L268 Win installer build: https://github.com/dlang/installer/blob/e780ad79a1b2721f3c1a3c841bd46a4bd39b37dc/create_dmd_release/build_all.d#L313-L322 Setup script for Win box in case we need to install tools: https://gist.github.com/MartinNowak/8270666 --- <<<
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 14:30:57 UTC, FeepingCreature wrote: On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote: On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote: Possibly because anything that says "pay money or we'll flag your binary and scare our users about it!" sounds like a scam. Also, nowadays virus scanners arguably cause more problems than they prevent - viruses have already exploited vulns in virus scanners, which usually run as root. And if somebody breaks into Github or dlang.org and replaces the binary with a backdoored one, they won't use a backdoor that'll be detected by common scanners because why would they? To add to this, I've had issues with kaspersky tagging any 50 line program I wrote as a virus, as long as it had a do{} while() loop in main. Very annoying. At some point people need to realize that anti-viruses are not simply never going to improve computer security.
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 09:13:27 UTC, Mike Franklin wrote: On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote: To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something. It's been reported at https://issues.dlang.org/show_bug.cgi?id=18786 For some reason it's not being taken seriously. It's embarrassing to say the least. Mike Possibly because anything that says "pay money or we'll flag your binary and scare our users about it!" sounds like a scam. Also, nowadays virus scanners arguably cause more problems than they prevent - viruses have already exploited vulns in virus scanners, which usually run as root. And if somebody breaks into Github or dlang.org and replaces the binary with a backdoored one, they won't use a backdoor that'll be detected by common scanners because why would they?
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 08:31:05 UTC, rikki cattermole wrote: On 25/07/2018 8:27 PM, Rel wrote: To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end. It is a very simple thing to do. But the foundation hasn't bothered buying a code signing certificate, even though it is cheap. Would be nice to hear why they haven't done this yet, considering that just the recurring open collective donations could cover expenses like this.
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On Wednesday, 25 July 2018 at 08:27:25 UTC, Rel wrote: To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something. It's been reported at https://issues.dlang.org/show_bug.cgi?id=18786 For some reason it's not being taken seriously. It's embarrassing to say the least. Mike
Re: Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
On 25/07/2018 8:27 PM, Rel wrote: To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something. This is a pretty regular problem for Windows. Until we start signing the executables, it will never end.
Kaspersky Endpoint Security 10 flags the DMD installer as malicious!
To be exact as a "HEUR:Trojan-Downloader.Win32.Agent.gen". Few other AV software does the same: https://www.virustotal.com/#/file/0aa364c5cb90630a5757aacc0c3c05a2273f5fdb88e14e2b80d4c19ee5b16d10/detection I think, we should do something about it, at very least report for false-positive to Kaspersky or something.