Malware warning with windows installer


#1

After poking around, it seems like KiCAD is a nice tool. As such, I thought I’d give it a go.

I’m running Windows 10 Home edition.

With the 4.0.1 and 4.0.0 installers, both 32 and 64 bit, I get a malware warning from Windows. I’d attach an image but as a new user I cannot.

In any event, I get an angry red dialog that reads in part:

==============
Malware Warning
Windows has identified this file as malware. Running this file might risk the safety of your PC and personal data.

App: kicad-product-4.0.1-x86_64.exe
Publisher: Open Source Developer, Marek Roszko

It then gives me the option to run anyway. I might be inclined to do this if I had a checksum to compare what I downloaded with what the official download checksum is, so maybe include checksums along with the executable downloads.

Any thoughts?


Virus found in Python (KiCAD env)
#2

I had installed Kicad late last year and had no issue, but had to re-image my PC (Windows 10) today and when I went to re install I saw the same warning. I agree a signature would be good, but it doesn’t appear like there is a ssl certificate for the download site. At any rate I still had a backup of the old file I installed and it gets the same warning. So it seems to me likely that the MS screening software recently started flagging these files.


#3

Microsoft’s Safe Screen is irrevocably broken. We added an code signing certificate from Certum to avoid the initial safe screen warnings, then by adding the certificate it upgraded it to even worse of a status.(Actually I can’t tell if its worse, the original purple level warning was more aggressive at hiding the Run anyway link, the red scary warning doesn’t hide it).

So much for code signing from a trusted CA.


#4

I tried it on my W10 PC, and I got a fairly bland warning about the app not being trusted, with the option to run anyway with admin password. (This behaviour can be configured in the Control Panel). You can also go into the file properties and check “unblock”.

The warning seems to be the equivalent of the “this file was downloaded from the net, are you sure” that used to pop up. I think if a file is definitely malware, Windows will not run it. I think the idea of Smartscreen is to make the user think twice about running stuff, and it seems to work given that people download all sorts of stuff from dodgy websites, so it is easy to fall victim to zero day exploits.

Apparently, the sure way to improve reputation is to pay some money to Microsoft…


#5

Thanks for the reply. As I mentioned I had just re imaged my PC (windows 10), and I realized later that I had not activated it. I’m not sure if I had not installed all the updates, but after activating it, installing all the updates I get the normal “are you sure you want to install this” warning, not the “potential malware warning”. Perhaps that’s what happened to the other user.


#6

My copy is activated under “digital entitlement” via the automatic upgrade from 7. At least that’s what it says here :slight_smile: So this particular issue doesn’t seem tightly bound to Windows activation. I’m also on auto-updating and appear to be up to date in general from the OS side of things.


#7

What? You have no clue how it works. Microsoft doesn’t charge anything. Its all based on code signing certificate level none of which they charge for themselves.


#8

Clearly, if it was based on just the certificate, then Kicad wouldn’t get flagged.

Microsoft use a reputation score, the certificate is one element but not the only one, other elements include how many times an app is downloaded, the website the app was downloaded from. Another element of the score is whether the app has been certified with Microsoft as part of the Windows Logo program. I know Microsoft used to charge a fee for driver submissions, app submissions might be free, so I’ll withdraw that particular assertion.

I’ve seen reports on the web from people with apps that have a valid certificate being flagged by Smart Screen, but when they registered their app with the Windows Logo program, the warnings went away.

If the Windows Logo submission for apps is free, then it seems like a good idea for Kicad organisation to register Kicad app with Microsoft.

ETA Bit of an old post, but this explains it https://blogs.msdn.microsoft.com/ie/2010/10/13/stranger-danger-introducing-smartscreen-application-reputation/ Unless changed since 2010, the Windows Logo for apps is free of charge and helps the application’s reputation.

ETA2 Some more on SmartScreen and reputation https://blog.digicert.com/ms-smartscreen-application-reputation/ Not all certificates are considered equal, some give a better reputation. If a certificate is associated somehow with malware, it’s reputation is downgraded.

ETA3 corrected information about driver fees.


#9

Nope, you don’t have to pay for driver submissions anymore.


#10

Thank you for that important nitpick, I have amended my post accordingly.

Have I pissed you off about something, or do you normally behave like a dick?


#11

So there isn’t really a solution here? I just have to accept that Windows thinks this KiCAD is malware, and install it anyway? That is kind of unsatisfying.

I suppose I could just install it on my linux server and access it remotely but that also strikes me as less than satisfying.


#12

For whatever reason, Windows 7 and its built-in malware/antivirus does not have a problem with my installation of Kicad 4.0.1.


#13

Sorry for digging up this old thread, but it suits so well.

Anyway, just FYI: Trend micro OfficeScan (pattern version 13.335.00 updated 12.4.2017) flagged kicad-4.0.6-x86_64.exe (downloaded from http://kicad-pcb.org/ today 12.4.2017) as a virus. Threat description: Unauthorized File Encryption.

Anyone else noticed similar? This is a company PC with W7 and probably all security is dialed to 11. I haven’t had these kind of a problems earlier.


#14

This is almost certainly a false positive, 4.0.6 must have been downloaded many times.
I wonder if Trend is panicking at the archiving a project to zip file function


#15

There’s a rather simple solution…

Kick Micso$oft to the curb and install a flavor of Linux.
Most issues like these will be immediately done away with as well as many more.

Just my thoughts… :wink:


#16

Same problem here with pattern version 13.337.00 Threat description: Unauthorized File Encryption.

Can’t wait for the phone to ring…