CoolSoft software signature: my attempt to limit antivirus false positives

Please let our ADS show!

This sites offers only FREE software and it's supported by a few advertisement boxes (no intrusive popups).
Please:

  • disable your AdBlocker by adding CoolSoft website to whitelist
  • give the proper cookie consent
  • enable JavaScript for this website

This seconds wait is to let you update your browser configuration...

Ok, I've done the required changes... now show me your content!
!!! Please enable JavaScript !!!
Posts: 1816
Joined: March 25, 2012 - 01:19
CoolSoft software signature: my attempt to limit antivirus false positives

This thread is a follow-up to my blog post about antivirus false positives.

As I already said there, I can't afford the task to report cleanness of my software to all of the AV producers out there (VirusTotal reports more then 60 AV products).

Someone suggested me to buy a Digital Certificate, and use it to sign my binaries.
This could be a good solution, but it costs a lot of money: software signing certificates are different from the well-known HTTPS certificates, which could be obtained almost for free (thanks Let's Encrypt guys 😉). Since my software is free and I don't earn money from it (except for donations), I don't want to spend a buck for it, sorry.

My solution:

Since my products are somehow "randomly" detected as dangerous, and I don't want to pass for a bad-guy, I'm going to sign them digitally to let people mark them as safe (or better, mark the whole CoolSoft production as such) and avoid antivirus false positive detection.

In simple words: it means that if you tell your antivirus to trust my certification, from now on it will consider my software as safe (or at least it will consider it safer than before, just because it's signed by someone you trust...).

But... I've used a self-signed certificate.
This allows me to save a lot of money for an unneeded "certificated certificate" and use them for something better (like improving my development machine, buy a bigger monitor, eat pizza, ...).

If you want to trust me, you could pre-install my self-signed certificate (see the attached archive).
Doing so, anytime you run any of my (newer) setups, you'll be prompted with a safer blue-background confirmation dialog showing my name, instead of the actual yellow one 😉.

To install it:

  • extract archive content on desktop
  • open the included PDF file and follow the simple steps to get the certificate installed

Please share your thoughts about my choice below...

Attachments (Only registered users)
coolsoft-self-signed-certificate.zip