search

hotsapi / Hotsapi.Uploader

Uploads Heroes of the Storm replays to hotsapi.net
MIT License
26 stars 11 forks source link

Code signing #4

Open poma opened 6 years ago

poma commented 6 years ago

Uploader needs to be signed to prevent some nasty warning screens in browsers/antiviruses. I wasn't able to find any free certs for open source. The cheapest one found to date if from signum €28. Leaving this issue for later when we will have enough funds.

ekzor commented 6 years ago

Note the €28 figure from signum is if you have the "I have my own reader and and cryptographic card (Activation code)" option selected. I have no idea what this means, but when you turn it off the price jumps to €86.

mikec83 commented 6 years ago

Kaspersky thinks it is malware too:

04.09.2017 17.08.03 Malicious program deleted PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: e:\downloads\hotsapiuploadersetup.exe Time: 9/4/2017 5:08 PM 04.09.2017 17.08.03 Malicious program deleted PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: c:\users\mike\appdata\local\hotsapi\app-1.3.0\hotsapi.uploader.exe Time: 9/4/2017 5:08 PM 04.09.2017 17.07.55 Malicious program terminated PDM:Trojan.Win32.Generic Application name: Hotsapi.Uploader.Windows Application path: C:\Users\mike\AppData\Local\Hotsapi\app-1.3.0\Hotsapi.Uploader.exe Time: 9/4/2017 5:07 PM 04.09.2017 17.07.55 Malicious program detected PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: e:\downloads\hotsapiuploadersetup.exe Time: 9/4/2017 5:07 PM 04.09.2017 17.07.55 Malicious program detected PDM:Trojan.Win32.Generic Application name: Uploads Heroes of the Storm replay Application path: c:\users\mike\appdata\local\hotsapi\app-1.3.0\hotsapi.uploader.exe Time: 9/4/2017 5:07 PM

smeckl commented 6 years ago

Both Norton AV and Windows Defender flag it as "Untrusted". Norton AV's SONAR sandboxing system flagged it as "suspicious". Code signing will solve this, but are expensive.

poma commented 6 years ago

Do you use latest AV update? because on VirusTotal both Symantec and Kaspersky show up as Clean

smeckl commented 6 years ago

It's not flagged as malware, just as "suspicious". SONAR uses heuristic behavior-based detection, not signatures. VirusTotal only uses the signature-based detection engine.

You can get it to run under Norton AV, but you have to ignore a couple of warnings first.

ekzor commented 6 years ago

do you think this is all because of the 'start with windows' checkbox? if so, maybe there's a other way to get it to start with windows like using the user's start menu Startup directory or something.

a lot of apps have a start with windows option.... do they all get flagged like this too?

poma commented 6 years ago

I think for registry based startup code signing is a big deal. Although now that windows 10 shows all startup items in task manager there shouldn't be much difference, so just historical reasons I guess.

I've started implementing shortcuts in link-based-startup branch some time ago but didn't release it because Squirrel.Windows doesn't return shortcut paths. I can hardcode them instead if it helps with AV.

poma commented 4 years ago

UPDATE: I failed to get a code signing cert because of how complex this process is in Russia. None of the notaries I've asked even had a clue how this verification process works, and it was hard to get some required documents because I don't have most of them, and the also needed to be translated to English and officially verified.

So yeah I've requested a refund for certificate purchase.