Hello. Just received a call from a customer. She had one of my apps installed on her Surface. The device crashed and she needed to have it repaired. She received an email from Microsoft or whoever cleaned up her device saying they identified the culprit and named my app as containing malware. What?!?
- How could something like this happen?
- How can this be fixed/prevented? I did a quick search in the forum and found this post (https://forum.xojo.com/14164-unknow-editor-windows/0#p114498), which is suggesting code signing by way of http://codesigning.ksoftware.net/
If code signing can help alleviate this issue for the future, is the certificate signing on codesigning the way to go? Then if so, how is this incorporated into Xojo apps?
In the 10+ years of selling this app, this is the first encounter I’ve had with a claim of malware associated.
it could be someone puts your app on a download server with an installer which also installs malware.
That can happen sadly.
Thanks Christian. I distribute the software via download through e-junkie. There would be no other online method of customers obtaining the apps. Do you think the codesigning could help in this case?
The number of units I distribute via download far outweighs the number of physical disks or flash drives sent out as distribution methods. Customers seem to enjoy getting software immediately after purchase
You could publish SHA1 hash and tell people how to verify it.
If they download from your website only, it should not be changed by someone. Code signing also helps.
So they can check if the signature is valid and has your name.
And there is the possibility your app (or a dll used) has the signature matching one of the know virus/malware.
My AES plugin part years ago was detected as false positive to have a virus. The virus simply used the same AES encryption code and got the same bytes there. I changed my code a bit and got the dll being not detected.
There’s also the distinct possibility that the support rep is talking BS.
[quote=251900:@Christian Schmitz]And there is the possibility your app (or a dll used) has the signature matching one of the know virus/malware.
My AES plugin part years ago was detected as false positive to have a virus. The virus simply used the same AES encryption code and got the same bytes there. I changed my code a bit and got the dll being not detected.[/quote]
Is the suggestion here to just make some modification to the app and republish it? Is that all that’s required to change the dll?
In order to remedy this customer’s issue, is it “safer” to distribute to her a flash drive with the software to install, so she’s essentially not downloading it from the net?
That is my hope. This was a scary phone call to receive
I changed my plugin DLL years ago to no longer be detected by one scanner as infected.
Keep an eye on it. One user can have a virus which just infected randomly exe files on the PC.
Regardless of the outcome of this instance, in the future you should sign all of your apps, both Mac and PC, which you release. Other than about $100/year for each, its a fairly painless operation.
You might do a google search just to check that… Could be a “cracked” version or even a malware just using the same name as your app to look legit. If you could get a copy of the exe in question, you could get more info…
Thank you for the responses all. I will be looking into the code signing for Windows for apps going forward
Also will be doing more research to see if there are any “cracked” versions of the software that may be contributing to this funk
Be careful how you distribute your apps. When I had mine available for download directly on my website they were harvested by brothersoft, softpedia and other such “freeware” sites where they were repackaged in installers that included adware and malware. I took all of my apps off of my site and now sell the Windows apps through Fastspring and the Mac apps through the Mac App Store. Also make sure you code sign your apps and installers, as others have suggested. You can get a Comodo cert from ksoftware.net for $99 and they also have a free code signing utility that’s easy to use and that also works with Inno Setup.