Author Topic: digitally sign all avast executables  (Read 6499 times)

0 Members and 1 Guest are viewing this topic.

brantgurga

  • Guest
digitally sign all avast executables
« on: March 29, 2007, 09:44:09 PM »
Since the 64-bit drivers need to be signed to run in Vista so you already have a code signing certificate, it seems like it would make sense to sign all of the avast! executables with it which is not currently the case.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: digitally sign all avast executables
« Reply #1 on: March 30, 2007, 02:39:43 PM »
All avast exe files are digitally signed. What makes you think they're not?
If at first you don't succeed, then skydiving's not for you.

brantgurga

  • Guest
Re: digitally sign all avast executables
« Reply #2 on: March 30, 2007, 04:11:27 PM »
You seem to be right on the alwil-supplied executables. There are a few that aren't that may be from library providers. The alwil-supplied DLLs aren't digitally signed and DLLs are signable.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: digitally sign all avast executables
« Reply #3 on: March 30, 2007, 04:22:58 PM »
I know, avast DLLs are not currently signed. The original plan was to sign all files but this turned out very impractical for our daily builds as the bloody signing tools actually take VERY long, making the whole build process much slower (the problem is related with the Verisign time server - which is probably overwhelmed with requests and its response times are sometimes ridiculously long).

We may revisit this strategy for the new version (especially for "release" builds). For the time being, I'd say EXE file signing is much more important - and that's what we're doing a.t.m.


Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

brantgurga

  • Guest
Re: digitally sign all avast executables
« Reply #4 on: March 30, 2007, 04:29:11 PM »
The release files are the only ones for which signing is important. Even on Vista x64, you can sign the drivers with a testing certificate (that wouldn't need Verisign's timestamping server) and boot Vista into driver testing mode.

I've not done code signing in native world, but the strong naming of .Net assemblies supports a concept of delayed signing where it is kind-of-signed at build time but the full signature process isn't done till release time. There might be an Authenticode parallel to that.

Thanks for letting me know that it is on your mind though.

kubecj

  • Guest
Re: digitally sign all avast executables
« Reply #5 on: April 02, 2007, 11:06:38 AM »
On the side note: avast checks itself anyway. So from the 'integrity' point of view, avast sufficiently protects itself.

mouniernetwork

  • Guest
Re: digitally sign all avast executables
« Reply #6 on: April 02, 2007, 09:55:37 PM »
If the Verisign time server than perhaps you should change ?
Comodo is Also a a digital signer  authority and plus you would be helping them develop their firewall  ;)
All the funds from their payed product goes to the developement of free products.

Al968

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11859
    • AVAST Software
Re: digitally sign all avast executables
« Reply #7 on: April 02, 2007, 10:46:46 PM »
I'm not sure if it would be acceptable for Vista driver signing (but I don't really know much about it).

mouniernetwork

  • Guest
Re: digitally sign all avast executables
« Reply #8 on: April 03, 2007, 02:37:37 AM »
Maybe that could investigated as it doesn't require much but would be really useful  ;)

Thanks

Al968

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: digitally sign all avast executables
« Reply #9 on: April 03, 2007, 03:00:45 AM »
Comodo is Also a a digital signer  authority and plus you would be helping them develop their firewall  ;)
All the funds from their payed product goes to the developement of free products.

One of those free products being an anti-virus program, so I somehow can't see avast contributing funds to develop another AV ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mouniernetwork

  • Guest
Re: digitally sign all avast executables
« Reply #10 on: April 03, 2007, 03:42:31 AM »
Well Comodo is not a major player in the market for antiviruses right now and if it becomes I am confident that Alwil will outsmart them  ;D
But even if Alwil and Comodo were to become the two top leaders and rivals a lot of good would come out of it, in competition good comes out for the users mostly, just look an Intel and AMD.

Al968

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: digitally sign all avast executables
« Reply #11 on: April 03, 2007, 04:52:21 AM »
Alwil and Comodo were to become the two top leaders
I wish Alwil team does not give up on a firewall project... 8)
The best things in life are free.