Welcome Guest.   Make a donation to an author on the site April 24, 2014, 04:03:12 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the Practical Guide to DonationCoder.com Forum Search Features
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: FARR not a commonly downloaded program?  (Read 7077 times)
dantheman
Charter Member
***
Posts: 457


Be good if you can!

View Profile Give some DonationCredits to this forum member
« on: October 15, 2011, 06:46:10 AM »

This is a good one!

After doing a fresh install of my good ol' Windows 7 Home,
i took IE out for a stroll to download one of my top 5 favorite programs (FARR).
After waiting a while for it to finish downloading,
IE tells me that it could be a dangerous program for it is not commonly downloaded?!
I couldn't install it straight from IE but did manager to find the Download folder and install it.
Of course, this happened prior to installing my AV program but still! What a... shinanigan!

Long live Firefox!  Thmbsup
Logged
Ath
Supporting Member
**
Posts: 2,134



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: October 15, 2011, 09:46:37 AM »

Long live Firefox!  Thmbsup
+1, that's a good reason to avoid IE like the plague
Logged

mouser
First Author
Administrator
*****
Posts: 32,699



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: October 15, 2011, 10:09:48 AM »

this means war! 
Logged
dantheman
Charter Member
***
Posts: 457


Be good if you can!

View Profile Give some DonationCredits to this forum member
« Reply #3 on: October 15, 2011, 10:17:53 AM »

Oh! oh!   Cry

IE9 must be getting oversensitive these days.
I should have taken a snapshot but i was still in the process of installation.
Nevertheless, i did see with my own eyes words in a long phrase with "dangerous" and "not commonly downloaded" in it.

Sheeshhh!
Logged
dantheman
Charter Member
***
Posts: 457


Be good if you can!

View Profile Give some DonationCredits to this forum member
« Reply #4 on: October 15, 2011, 10:41:16 AM »

Here it is:


Uploaded with ImageShack.us

Word "dangerous" wasn't there (sorry!)
Logged
mouser
First Author
Administrator
*****
Posts: 32,699



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: October 15, 2011, 10:50:55 AM »

And then the dialog practically begs the user to delete the dangerous file.

Here we go again.

This is an absolutely outrageous unacceptable message, just as bad if not worse than the false positive fiasco in the antivirus world.

You cannot go telling people that you think a download could harm their computer without any basis for doing so.

If you want to tell people that "Hey i've never seen this program so i'm not going to vouch for it's safety" that's fine.

But you just cannot tell people downloading a file "this could harm your computer" just because the program hasn't passed some mystery f*cking qualification.

This is how these big guys play this game -- they know they don't have to worry about their software being marked as harmful so they don't give a damn if they scare people away from independent developer stuff.

IE should be avoided like the plague until they fix this.  Absolutely outrageous.



Please complain loudly and share this information widely -- these companies cannot be allowed to keep playing this game of scaring the life out of users every time they find a file that hasn't made it to some "approved" software list that the big companies control.

PROTEST LOUDLY -- this is not ok.

Once again Microsoft seems absolutely hell bent on destroying their reputation and running their company into the dirt.
« Last Edit: October 15, 2011, 10:58:01 AM by mouser » Logged
rgdot
Supporting Member
**
Posts: 1,516


View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: October 15, 2011, 11:07:18 AM »

I mentioned @IE on twitter

https://twitter.com/dohRG...status/125241144182456320
Logged
wraith808
Supporting Member
**
Posts: 5,815



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: October 15, 2011, 11:58:59 AM »

Some more information:

This is from SmartScreen Filter.  They talk about how to submit a site as safe on that page, but not a download.

For further reference, what follows is my experience downloading FARR.

The initial download...


The alarmist warning...


The dialog if you select other options.  Note that the option to ignore is hidden!


Finally, the option to ignore...

Oh, and one last point to add insult to injury... the link (at least on my computer) to what is SmartScreen Filter at the bottom of the dialog is broken!

And as an FYI - how to disable this feature.


Logged

40hz
Supporting Member
**
Posts: 9,871



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: October 15, 2011, 02:01:54 PM »

Once again Microsoft seems absolutely hell bent on destroying their reputation and running their company into the dirt.

Isn't it more like they're hell bent on destroying your reputation and running your 'company' into the dirt?


Apple, Microsoft, Oracle, Google, Canonical, Novell, Symantec, McAfee...I think I'm beginning to seriously hate any company that employs more than 50 people these days. Angry
Logged

Don't you see? It's turtles all the way down!
tomos
Charter Member
***
Posts: 8,067



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: October 15, 2011, 02:48:29 PM »

Wouldn't this be a good one to add to the falsepositivereport forum
(as discussed here on dc - The False Positive and Improperly Rated Site Epidemic)
??

Maybe under False Positives / Microsoft
Logged

Tom
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: October 15, 2011, 05:54:19 PM »

There is no mystery. Sign your software. This is not 1999 anymore. What Microsoft has been trying for years to do is strongly encourage software vendors to obtain digital code signing certificates (authenticode). The preference would be for all software to be digitally signed by a cert issued via a trusted CA. I already explained to mouser the benefits of having a cert, there are many.

Quote
PROTEST LOUDLY -- this is not ok.

Try if you want, but sooner or later you will be forced to get a digital certificate ;p. One year of a digital cert costs less than one month of your hosting costs... So, what is the hold up? You do have proper documentation on DC, I assume? Registered as a business?
« Last Edit: October 15, 2011, 06:53:50 PM by db90h » Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: October 15, 2011, 05:59:14 PM »

Wouldn't this be a good one to add to the falsepositivereport forum
(as discussed here on dc - The False Positive and Improperly Rated Site Epidemic)
??

Maybe under False Positives / Microsoft

No, sorry ;o. Not this time. This is not a false positive. It is a different sort of problem, and I'm not saying it isn't a problem.

Bottom line is that we are moving (slowly) to an age where all software is digitally signed. This has become the only way to deal with the malware epidemic. That way certs can earn 'trust' based on the software they've signed in the past.

They are NOT that expensive these days, though still not cheap. They used to cost many times more, so at least they have gone down in price. They are also a PITA to get, but not that bad if you have your documentation in order and they can verify it.
« Last Edit: October 15, 2011, 06:54:23 PM by db90h » Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: October 15, 2011, 06:15:10 PM »

Also, if mouser were to obtain a cert, he could sign other author's freeware with it ... Just FYI ... In fact, THAT may be one of the best ways in which DC grows, allowing freeware authors a way to have their software signed and authenticated as 'good', without having to buy a cert of their own.
Logged
wraith808
Supporting Member
**
Posts: 5,815



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: October 15, 2011, 07:31:21 PM »

How much is the cert?   Maybe we can hold a special DC fundraiser to cover the cost?
Logged

db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: October 15, 2011, 07:32:49 PM »

How much is the cert?   Maybe we can hold a special DC fundraiser to cover the cost?

Like $79-$100 a YEAR (approx).. there is no reason for anyone not to have one. And no reason to need a fund raiser to get one since this is only 1/4 of the supposed monthly operational costs of DC. But, whatever works for you guys.

Yes, you could go find more expensive certs to buy, but I already told mouser last month where to buy cheap certs.
« Last Edit: October 15, 2011, 07:52:22 PM by db90h » Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: October 15, 2011, 07:55:40 PM »

And sorry to be so blunt, but I DID tell mouser he needed a cert before this occurred.. and, well, everyone should already know these things happen without certs. Now that you know how cheap they are, surely you see -- there is no excuse not to have one. It is the cost of doing business. The malware guys forced that upon us. Now, I would like to see more competition in the trusted CA list, so prices further go down, BUT they are plenty low enough for DC.
Logged
mouser
First Author
Administrator
*****
Posts: 32,699



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: October 15, 2011, 08:00:42 PM »

I actually already have one.  Got it cheap through StartSSL which I reviewed for their great services here.

I tried using it on one of my programs and it was very annoying to do, and it didn't seem to have any real benefit so i stopped using it.

But i could start again i suppose.
Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: October 15, 2011, 08:06:33 PM »

I actually already have one.  Got it cheap through StartSSL which I reviewed for their great services here.

I tried using it on one of my programs and it was very annoying to do, and it didn't seem to have any real benefit so i stopped using it.

But i could start again i suppose.

Great, use it.. though not sure if they are a trusted CA when it comes to code signing under Windows or not, you will have to check.

Of course, if you bought it in Dec 2010 for 1 yr, then you've only got a month left.

Remember, although abrasive, because I am under a lot of pressure, I am trying to be helpful.

You can automate your signing process, so its done as you build your stuff. Very easy.
Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: October 15, 2011, 08:08:44 PM »

I also removed some of my more abrasive comments... I'm just under a lot of pressure. DC is a great service, trying to help.

IF you offered free signing to your freeware authors, MAN that would be a great way to drive new freeware authors here...
Logged
wraith808
Supporting Member
**
Posts: 5,815



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: October 15, 2011, 10:04:54 PM »

How much is the cert?   Maybe we can hold a special DC fundraiser to cover the cost?

Like $79-$100 a YEAR (approx).. there is no reason for anyone not to have one. And no reason to need a fund raiser to get one since this is only 1/4 of the supposed monthly operational costs of DC. But, whatever works for you guys.

Yes, you could go find more expensive certs to buy, but I already told mouser last month where to buy cheap certs.

It *is* still an expense on something that makes minimal, if any money, so there is a reason for people not to have one IMO.  If people would donate even a bit that might be a valid argument, but with the way the economy is and everyone watching money, to put this kind of burden on people giving away things for free is not just an "oh well, that's the way it has to be."
Logged

40hz
Supporting Member
**
Posts: 9,871



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #20 on: October 16, 2011, 01:01:23 AM »

Great, use it.. though not sure if they are a trusted CA when it comes to code signing under Windows or not, you will have to check.

FYI:
Start Commercial (StartCom) Ltd
. is listed as a CA on Microsoft's Root Certificate member page:

http://social.technet.mic...ntents/articles/2592.aspx

So they're a trusted CA.

But you may need to do additional steps or sign a supplemental agreement of some sort before a code signing EKU gets applied to your root certificate. I'm not too up on the mechanics of obtaining certificates, but I recall a client of mine ran into something similar with Microsoft once and had to do something extra before the "code signing" part got ok'd. And IIRC, it cost considerably more than a standard SSL/TLS/MIME certificate. Something like $400-500 annually?

« Last Edit: October 16, 2011, 01:20:06 AM by 40hz » Logged

Don't you see? It's turtles all the way down!
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: October 16, 2011, 02:03:05 AM »

I would like to further elaborate that AS trust becomes a commodity on the internet, the ability for small freeware authors to 'just author' without going through h*ll is lessened, and thus DonationCoder, by offering signing of donationware for donationware authors, could represent a substantially more compelling business model than it does today. You have the inherent trust, earned certificate trust, plus community exposure, as enticements. It would be a great platform from which new donationware could be launched.
Logged
wraith808
Supporting Member
**
Posts: 5,815



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #22 on: October 16, 2011, 08:03:49 AM »

I would like to further elaborate that AS trust becomes a commodity on the internet, the ability for small freeware authors to 'just author' without going through h*ll is lessened, and thus DonationCoder, by offering signing of donationware for donationware authors, could represent a substantially more compelling business model than it does today. You have the inherent trust, earned certificate trust, plus community exposure, as enticements. It would be a great platform from which new donationware could be launched.

Wouldn't that also put an onus on DC to vet these software programs?  I don't think there is an official policy regarding that in place now, but it would seem that this would have to change.

UPDATE: I downloaded software from my site (and I'm sure that I don't get as much traffic as even FARR, let alone the other software from DC), and I didn't get that message.  It could be as simple as the fact that my programs don't have installers (just executables in zip files), but I wouldn't think that they'd not scan zips, would they?
« Last Edit: October 16, 2011, 08:12:52 AM by wraith808 » Logged

rxantos
Supporting Member
**
Posts: 98


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #23 on: October 16, 2011, 12:15:52 PM »

== Begin Rant ==

Thus the solution is to bend over and allow Microsoft to make false accusations on software from authors that did not pay them homage.

I guess we live in a world that people have gotten use to that.

I thought there was something called libel and slander. After all, what proof do they have that the software could harm your computer?

I guess we live in a world where justice and pride is something reserve for the rich (since is far cheaper to bend over than to get justice).

== End Rant ==
Logged
JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,514



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #24 on: October 16, 2011, 12:32:22 PM »

I wonder if certificate signing really is the solution, do we have any definitive knowledge that it is? If so, I understand the intention, but really don't agree with the methodology. As the recent rash of compromised CAs has shown, this is hardly an effective security measure. What good is "trust" when the trusted parties don't care enough to implement proper security on their trust-granting systems?!

The idea of offering certification assistance to freeware authors who host their stuff here is interesting and worth further consideration I think.

Btw wraith, I do think they flag exes specifically with this, so your downloads probably weren't triggered precisely because they're zips. This is not an antivirus scan being run by IE, it's pattern matching, with exe as a likely component that increases risk assessment. Scanning inside ZIPs probably isn't done. That job is really up to your antivirus.

Edit: Ran some tests, interesting results. A download of one of Skwire's programs from here in ZIP format did not show the same message. A download of Terragen in MSI (installable) form from planetside.co.uk also did *not* trigger the message. To the best of my knowledge the Terragen installer is not signed, but it's also not an EXE. It may also be more popular than FARR, though that's debatable.

- Oshyan
« Last Edit: October 16, 2011, 12:37:32 PM by JavaJones » Logged

The New Adventures of Oshyan Greene - A life in pictures...
Pages: [1] 2 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.048s | Server load: 0.74 ]