Jump to content
Light-O-Rama Forums

Recent False Positives with some Virus Scanners


Recommended Posts

Posted

False positives plague everyone in the software business, including us.  Recently we've seen multiple reports for both software and sequences from our sequence store causing false positive detections (looking at you, BitDefender).

Obviously no program or sequence from us is going to have a virus or be a virus.  I go to great lengths to ensure that our build and sequence generation machines are clean and STAY clean.  My personal computers have never been infected, and the procedures I follow for LOR computers is MUCH MORE strict.  I hope to never be infected and I certainly never want to hear the words "LOR sent out an infected program".

So if your AV program goes DING!  we can tell you that its a false positive and to simply whitelist the program, or to turn off your AV temporarily.

But how about if you want to be absolutely SURE that nothing has happened between the time I created the program/sequence installer and the time you download it?  That is going to be the most likely place a virus gets onto something we distribute.  That's where our digital signature comes into play.  

A true digital signature is impossible to forge (Wellllll...  a million years of straight computing with the worlds fastest computers to break our key could do it.  Close enough to impossible to be impossible).   It could be impersonated, but that is why we have certificates issued by trusted root certification authorities (in our case Entrust). 

In order to sign things with our key you need a PHYSICAL piece of hardware that only I have, and when it is not in use it is kept under lock and key in a safe.

Even if someone should break into the safe, disable Mojo Jojo, and steal my token they still need the password for it.  Should they steal the token, incapacitate Mojo, and someone gets the password, they still need our private key.  If they get all 3 (riiiiiight), these certification authorities can immediately revoke our certificate and Windows will complain.

image.png

Mojo Jojo protecting the LOR token

How did we get from False Positives to Digital Signatures?  Your Anti-Virus program creates a score for every executable file.  Once that score goes over a certain threshold, the file is flagged as bad.  One of the criteria an Anti Virus program uses to score programs is the signature.  A program that is signed gets a better score than one that is not.  A program that is signed by a certificate issued by a trusted authority gets a much better score.  

So having a signed file most of the time will get an anti virus program to leave us alone.  Sometimes (grrr BitDefender) that's not enough and it still flags the program.

But how do you KNOW it's a false positive?  How can you trust what you got from us is GOOD?  Maybe our website was hacked and someone attached a virus to the installer.  Maybe you got the installer from your friend (bad idea) and he/she is infected.  Maybe some bad actor posted a link on some Facebook thing that looks like it downloads the software from our website, but actually downloads something from somewhere else that is bad.

That is where that Digital Signature comes into play.  Before you just blindly allow the program through your AV program, double check that signature is still there and is authentic.    How?  Funny you should ask!   I just created a forum post about that.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...