As a software developer with a small business (a couple hundred customers using our software), we have made the effort to get a security certificate so we can digitally sign our software executables and installation files, assuring our customers (and potential customers who get a trial version) that our software is not malicious and that we are a legitimate company. Internet Explorer, for instance, recognizes the digital signature and bases its reputation calculation (to determine whether to warn a user that a file is “not commonly downloaded”) on all uses of the certificate, even if the specific file changes, so that when we release an update to the software, the new version is treated as recognized and doesn’t trigger extra security layers.
Avast’s Cybercapture does not seem to recognize such certificates, and so I’m constantly running into the “Hang on; this file may contain something bad” popup. The only solution I’ve found is to completely disable Cybercapture. It would be nice to have it operating for other executables that might find their way onto my system, but it’s a major nuisance both for me and for my customers to have the popup occurring every time I build a new version. The security certificate is specifically intended to eliminate the need for these extra security steps; it’s disappointing that Avast doesn’t recognize it.
Thank you for the information on getting my files/digital signature whitelisted. I will follow up on that. But I still think it would be beneficial for you to recognize digital signatures automatically for deciding whether or not Cybercapture should interrupt running an application in the first place. It’s tedious for me and other developers to have to contact every AV vendor separately to get whitelisted; the whole point of a digital signature is to have a single process that everyone can trust.
BTW, having to enter anti-spam verification letters on every post is really annoying, since the verification letters are extremely hard to read. I don’t think I’ve ever gotten them right the first time. Is it really plausible that someone who’s signed in and responding to a message in a thread they’ve previously posted to is going to be a spambot?
having a file digitally signed does not say if the file is clean or PUP or malware.
Well, Cybercapture is not intended (as I understand it) to block a PUP, since there’s no way to know if a previously unknown application is a PUP; it’s only intended to block malware. And while a digital signature doesn’t in itself protect against malware, it provides a direct, verified link to the source, so it’s highly unlikely intentional malware would be signed. But a previously unknown digital signature wouldn’t get a pass; it needs to have its reputation verified first, just like a new application does. The point is that the owner of a digital signature that’s been verified as providing valid software is highly unlikely to then use it for malware (and if they do, it’ll be traceable and subject to law enforcement).
There’s always a balancing act between security and usability. When security is too tight, people start circumventing it and make themselves more vulnerable than if the security were more realistic (like sticky notes with passwords when people are required to change their passwords too often or have too many different passwords).