incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Signing DLLs EXEs and Copyright Notices (was RE: Symantec WS.Reputation.1 Errors: What we can do)
Date Sun, 04 Mar 2012 23:03:00 GMT
On Sun, Mar 4, 2012 at 5:50 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> Gee Rob, my e-mail client shows a different, appropriate subject to the present thread.
>
> The branch had to do with understanding the difference between "reputational" warnings
and actual malware detections (and false positives), and the variety of ways these things
occur.  It makes need for clarification of the specific situation rather important.  The
signed EXE case comes up in regard to warnings on attempt to execute using the Windows OS.
 I suspect that the non-Windows developers might want to appreciate that.
>

OK.  If it clarifies things for you, then great.  I, probably
erroneously, assumed the distinction would be obvious to everyone.
It is pretty standard these days for install instructions to tell the
user to ignore these Windows warnings. We can add it to the install
instructions.  If there are special warnings that show up in less used
browsers like I.E. 9, we can add mention of those as well. But I'm
more interested in AV or OS behavior that is more severe, that would
-- perhaps in a managed desktop environment -- prevent someone from
installing AOO at all.

-Rob

>  - Dennis
>
> -----Original Message-----
> From: Rob Weir [mailto:robweir@apache.org]
> Sent: Sunday, March 04, 2012 14:19
> To: ooo-dev@incubator.apache.org
> Subject: Re: Signing DLLs EXEs and Copyright Notices (was RE: Symantec WS.Reputation.1
Errors: What we can do)
>
> On Sun, Mar 4, 2012 at 4:18 PM, Dennis E. Hamilton
> <dennis.hamilton@acm.org> wrote:
>> Just to be clear, further, the reputation warning on my Windows configuration is
neither from the Windows Installer nor the AV that I have installed.  It is the file downloader
that is part of Internet Explorer 9.  Later, there is a Windows OS warning on attempted execution
of the download.  That is based on detection that the file to be executed is from an unknown
source (not signed) and has been downloaded from the Internet.  Neither of these are AV or
installer behaviors, although the IE9 downloader does provide a "security scan" of downloads.
 I've never seen anything from it other than a reputation warning, though.
>>
>
> That's fine, Dennis.  No one ever said your AV was an issue.  The only
> thing I've been talking about in the Symantec errors that some testers
> were reporting.  That problem does exist, for the reasons I've stated
> and with the solutions I've already given.  I have no idea why you've
> hijacked the thread to give elaborate details about how you are *not*
> having a similar problem with an entirely different AV product.  It is
> irrelevant.  Let's all save time and list traffic by only reporting
> issues that exist, not ones that don't exist.
>
> -Rob
>

Mime
View raw message