After poking around, it seems like KiCAD is a nice tool. As such, I thought I’d give it a go.
I’m running Windows 10 Home edition.
With the 4.0.1 and 4.0.0 installers, both 32 and 64 bit, I get a malware warning from Windows. I’d attach an image but as a new user I cannot.
In any event, I get an angry red dialog that reads in part:
==============
Malware Warning
Windows has identified this file as malware. Running this file might risk the safety of your PC and personal data.
App: kicad-product-4.0.1-x86_64.exe
Publisher: Open Source Developer, Marek Roszko
It then gives me the option to run anyway. I might be inclined to do this if I had a checksum to compare what I downloaded with what the official download checksum is, so maybe include checksums along with the executable downloads.
I had installed Kicad late last year and had no issue, but had to re-image my PC (Windows 10) today and when I went to re install I saw the same warning. I agree a signature would be good, but it doesn’t appear like there is a ssl certificate for the download site. At any rate I still had a backup of the old file I installed and it gets the same warning. So it seems to me likely that the MS screening software recently started flagging these files.
Microsoft’s Safe Screen is irrevocably broken. We added an code signing certificate from Certum to avoid the initial safe screen warnings, then by adding the certificate it upgraded it to even worse of a status.(Actually I can’t tell if its worse, the original purple level warning was more aggressive at hiding the Run anyway link, the red scary warning doesn’t hide it).
I tried it on my W10 PC, and I got a fairly bland warning about the app not being trusted, with the option to run anyway with admin password. (This behaviour can be configured in the Control Panel). You can also go into the file properties and check “unblock”.
The warning seems to be the equivalent of the “this file was downloaded from the net, are you sure” that used to pop up. I think if a file is definitely malware, Windows will not run it. I think the idea of Smartscreen is to make the user think twice about running stuff, and it seems to work given that people download all sorts of stuff from dodgy websites, so it is easy to fall victim to zero day exploits.
Apparently, the sure way to improve reputation is to pay some money to Microsoft…
Thanks for the reply. As I mentioned I had just re imaged my PC (windows 10), and I realized later that I had not activated it. I’m not sure if I had not installed all the updates, but after activating it, installing all the updates I get the normal “are you sure you want to install this” warning, not the “potential malware warning”. Perhaps that’s what happened to the other user.
My copy is activated under “digital entitlement” via the automatic upgrade from 7. At least that’s what it says here So this particular issue doesn’t seem tightly bound to Windows activation. I’m also on auto-updating and appear to be up to date in general from the OS side of things.
What? You have no clue how it works. Microsoft doesn’t charge anything. Its all based on code signing certificate level none of which they charge for themselves.
Clearly, if it was based on just the certificate, then Kicad wouldn’t get flagged.
Microsoft use a reputation score, the certificate is one element but not the only one, other elements include how many times an app is downloaded, the website the app was downloaded from. Another element of the score is whether the app has been certified with Microsoft as part of the Windows Logo program. I know Microsoft used to charge a fee for driver submissions, app submissions might be free, so I’ll withdraw that particular assertion.
I’ve seen reports on the web from people with apps that have a valid certificate being flagged by Smart Screen, but when they registered their app with the Windows Logo program, the warnings went away.
If the Windows Logo submission for apps is free, then it seems like a good idea for Kicad organisation to register Kicad app with Microsoft.
ETA2 Some more on SmartScreen and reputation https://blog.digicert.com/ms-smartscreen-application-reputation/ Not all certificates are considered equal, some give a better reputation. If a certificate is associated somehow with malware, it’s reputation is downgraded.
So there isn’t really a solution here? I just have to accept that Windows thinks this KiCAD is malware, and install it anyway? That is kind of unsatisfying.
I suppose I could just install it on my linux server and access it remotely but that also strikes me as less than satisfying.
This is almost certainly a false positive, 4.0.6 must have been downloaded many times.
I wonder if Trend is panicking at the archiving a project to zip file function