back to article Brown pants moment for BlueJeans: Dozens of AV tools scream its vid chat code is malware

Programmers at videoconferencing software house BlueJeans have been living through a developer's nightmare the past month or so – antivirus packages falsely labeling their code as malware. A Register reader, who works in corporate IT administration, tipped us off over the weekend that the software had triggered virus alerts on …

  1. Anonymous Coward
    Anonymous Coward

    VirusTotal=unsigned code

    Some time ago I downloaded VirusTotals Windows based tool for uploading samples for scanning (vtuploader).

    Out of curiosity I uploaded the the tool back to VirusTotal for scanning and several of VirusTotal's online AV scanners flagged vtuploader as being suspect.

    I reached out to the folks at VirusTotal regarding their own tool getting flagged and they responded by saying that it was probably being flagged because it had not been signed.

    Only one AV scanner on VirusTotal's site still flags the vtuploader tool today (Baidu).

    (I don't know if VirusTotal ended up eventually signing their code or if the AV companies have just now whitelisted the vtuploader tool so it no longer gets flagged.)

  2. T. F. M. Reader Silver badge

    Trust, not security

    This only highlights the fact that the whole sham of "signing" has nothing to do with security, but only with an "Ah, don't worry, this rascal of a program comes from a good family (that we don't know at all, they have actually just moved into town)" certificate. Those AV tools look for the cert and that's their only decision point.

    Some time ago we got a Windows executable signed to avoid exactly this kind of problem. The only check that was ever done was running the executable with a specific configuration file that we provided, if that. Certainly no one checked whether a different set of configuration parameters launches ICBMs or whatever. Basically, no one except us, the vendor, is any wiser about what it does after signing (it's benign, I assure you, it's actually a part of a security product, and our customers trust us, anyway). But it's signed, so there.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019