search

xanasoft / MajorPrivacy

Advanced Privacy Tool for Windows
https://xanasoft.com
Other
75 stars 6 forks source link

Trojan Reported #1

Open enrique-henri opened 6 months ago

enrique-henri commented 6 months ago

In Windows 11 Pro, Windows reports the exe file as a Trojan.

DavidXanatos commented 6 months ago

Well the exe is unsigned so what did you expect? Modern anti malware fools flag anything as Trojan that is unknown to them and not signed. look at virus total, only one false positive: https://www.virustotal.com/gui/file/035cdc4e62d0aa9b447955f723acf74962ef99709a6dfabeb83b7972a13202bd and non for the agent: https://www.virustotal.com/gui/file/a3426645274a6b1f248352e8961ed6929564af76c0abcc0930fdbd53f650c190 that's actually surprisingly low for a unsigned exe.

enrique-henri commented 5 months ago

I expected a courteous reply. How should I know if the exe is signed or unsigned? If it is unsigned then why? Is there a problem with having it signed?

DavidXanatos commented 5 months ago

You can check the file properties in explorer to see if an exe is signed or not. Test and preview builds are not signed as its simply quicker this way. I work with an Austrian company that has a EV code signing cert (you cant get one as a private person), and I don't want to bother them with every test build, so only final builds get signed.

I expected a courteous reply.

Well the entire code signing scam is a huge sore spot, so sorry about not being the most courteous when this subject comes up. Now its fine I cen get thing signed when needed.

But its a terrible catch 22 situation for every open source developer, you cant get an EV cert if you are not a company, and many won't use your code and complain about false positives so you never get to the point where you could create a company or be high profile enough for en existing company to offer you some collaboration.

I was very lucky that this worked out for me in the end.

Code signing does not protect anyone from viruses, any well financed criminal can get any amount of code signing certificates creating an offshore company with a straw man director costs 5k$ to 10k$ and voila you can sign your malware and not be made responsible for the results.

The entire concept of delegating trust is simply deeply broken yet is being used to keep small developers small.

Frankly IMHO anti malware fools which through false positives should have to pay a fine for every false positive to the developer whom they just slandered.