6 replies to this topic

[Grey Hat]

Hey Everyone,

 

I'm in the process of selling a compiled bot to the general consumer market and as I'm going over the last minute nuts and bolts I've come across the option of code signing my bots when they install. I read about the benefits here.

 

From Symantec:

 

 

 

Code signing does two things: it confirms who the author of the software is and proves that the code has not been altered or tampered with after it was signed. Both are extremely important for building trust from customers and safely distributing your software.

 

So here's two questions I'm hoping UBotters will consider weighing in on:

 

1) By digitally signing your compiled bots (the application itself and the installer) would that mean there would be LESS issues with Norton Anti-Virus and Windows 10 security for customers?

2) Is this overkill or does it really build that extra level of trust?

 

Curious what you all think.  

 

Cheers!

 

 

[mithcd]

Code signing is just like https/certificate of a website so I think this would build trust to techy customers. 

 

From Comodo:

Most browsers will not accept action commands from downloaded code unless the code is signed by a certificate from a trusted Certificate Authority, such as Comodo. 

[kev123]

You cant do this with ubot compiled exe.

 

several people have tried

 

thanks

kev123

[Grey Hat]

You cant do this with ubot compiled exe.

 

several people have tried

 

thanks

kev123

 

Hi Kev123,

 

I should've been more clear in my opening comment on this thread.   

 

I'm using Inno 5 to do my UBot compiling which gives me tons of options outside of what UBot Compile Exe currently offers. Inno 5 Includes offering Code Signing into your UBot app so I thought I'd see where the community stood on the value of spending that extra $$$ for the code signing cert.

 

MitchCd mentions above:

 

 

From Comodo:

Most browsers will not accept action commands from downloaded code unless the code is signed by a certificate from a trusted Certificate Authority, such as Comodo. 

 

So I can see value in that but I was hoping there also might be feedback from other members that Code Signing reduces the occasional Norton Anti-Virus scare messages to customers.

 

Thanks!

[kev123]

ok if your talking about code signing installers then yes this has its advantages but doesn't stop AV's completely ands only half the fight so to speak.

 

This is because it still wont stop any issues when you launch the actual ubot exe as this can't be signed even by inno 5 or any 3rd party software.

The ubot exe launching is where your more likely to see issues with AVs.

 

for a upcoming .net project i'm working on i'll be code signing the installer and program as it does reduce support calls for daft stuff like windows 8 trusted and some av trust.

 

thanks

kev123

[Grey Hat]

 

"for a upcoming .net project i'm working on i'll be code signing the installer and program as it does reduce support calls for daft stuff like windows 8 trusted and some av trust."

 

thanks

kev123

 

That's awesome Kev123! Are you planning on selling this method/code to other Ubotters?

 

The AV thing is a bit out of hand and they keep adding more things to throw warnings and block. Trying to get a head of it....(as I'm sure there are others as well)

 

Thanks!

[kev123]

No method/code the c# .net project is an application/bot, code signing in .net is very simple. I wasn't talking about a solution for ubot signing this like I said isn't possible.

 

Av's get worse every year, Norton recently updated and a lot of peoples setting blocked outbound http traffic not started by the user. This was a pain as it suddenly blocked license checks without even telling the end user is was doing so!

 

 

thanks

kev123