On Sun, Mar 4, 2012 at 5:50 PM, Dennis E. Hamilton <dennis.hamil...@acm.org> wrote: > Gee Rob, my e-mail client shows a different, appropriate subject to the > present thread. > > The branch had to do with understanding the difference between "reputational" > warnings and actual malware detections (and false positives), and the variety > of ways these things occur. It makes need for clarification of the specific > situation rather important. The signed EXE case comes up in regard to > warnings on attempt to execute using the Windows OS. I suspect that the > non-Windows developers might want to appreciate that. >
OK. If it clarifies things for you, then great. I, probably erroneously, assumed the distinction would be obvious to everyone. It is pretty standard these days for install instructions to tell the user to ignore these Windows warnings. We can add it to the install instructions. If there are special warnings that show up in less used browsers like I.E. 9, we can add mention of those as well. But I'm more interested in AV or OS behavior that is more severe, that would -- perhaps in a managed desktop environment -- prevent someone from installing AOO at all. -Rob > - Dennis > > -----Original Message----- > From: Rob Weir [mailto:robw...@apache.org] > Sent: Sunday, March 04, 2012 14:19 > To: ooo-dev@incubator.apache.org > Subject: Re: Signing DLLs EXEs and Copyright Notices (was RE: Symantec > WS.Reputation.1 Errors: What we can do) > > On Sun, Mar 4, 2012 at 4:18 PM, Dennis E. Hamilton > <dennis.hamil...@acm.org> wrote: >> Just to be clear, further, the reputation warning on my Windows >> configuration is neither from the Windows Installer nor the AV that I have >> installed. It is the file downloader that is part of Internet Explorer 9. >> Later, there is a Windows OS warning on attempted execution of the download. >> That is based on detection that the file to be executed is from an unknown >> source (not signed) and has been downloaded from the Internet. Neither of >> these are AV or installer behaviors, although the IE9 downloader does >> provide a "security scan" of downloads. I've never seen anything from it >> other than a reputation warning, though. >> > > That's fine, Dennis. No one ever said your AV was an issue. The only > thing I've been talking about in the Symantec errors that some testers > were reporting. That problem does exist, for the reasons I've stated > and with the solutions I've already given. I have no idea why you've > hijacked the thread to give elaborate details about how you are *not* > having a similar problem with an entirely different AV product. It is > irrelevant. Let's all save time and list traffic by only reporting > issues that exist, not ones that don't exist. > > -Rob >
