antler Posted September 28, 2023 Share Posted September 28, 2023 19 minutes ago, mister_tea said: The MacOS one seems signed. The Windows installer is not signed at all? Peter, would you consider escalating to your developer team? There is a cost for a certificate but it is worth it for your users and probably for your company in reduced support costs; for example you get a smartscreen reputation boost with an EV cert. It's not signed at all and has never been so. I suspect it's because it's frowned upon but not disallowed on Windows. I mentioned it to Peter about a year ago and he said he'd raise it with the dev team. Ultimately, I suspect it's not the dev team that buys the certificates though. 1 Link to comment Share on other sites More sharing options...
Heath Row Posted September 28, 2023 Share Posted September 28, 2023 Link to comment Share on other sites More sharing options...
simon Posted September 29, 2023 Share Posted September 29, 2023 7 hours ago, Peter - IK Multimedia said: The file was submitted, it usually doesn't take long to get processed as a false positive. v1.07 is still showing as infected. What leads you to say it's a 'false positive' ? Looks like it's a file within the installer/manager - "availability.exe" that is now being flagged by 12 different malware scanners as malicious on virustotal. it would be good to get an update as it's likely many will have installed this version. Link to comment Share on other sites More sharing options...
Bruno de Souza Lino Posted September 29, 2023 Share Posted September 29, 2023 8 hours ago, simon said: v1.07 is still showing as infected. What leads you to say it's a 'false positive' ? Looks like it's a file within the installer/manager - "availability.exe" that is now being flagged by 12 different malware scanners as malicious on virustotal. it would be good to get an update as it's likely many will have installed this version. It's probably a tracker of sorts. Probably part of the endless losing battle every company with anti piracy measures has against software piracy. It probably phones home silently in the background even when you're not using IK software. And yeah. You can't just claim a piece of software giving warnings on multiple anti virus software as "false positives" without explaining why they're behaving in a way which can be seen as malicious by anti-viruses. If you looked at recent events regarding Linus Media Group and Unity, you know how badly people respond to reassuring type messages of the "trust me bro" variety. Link to comment Share on other sites More sharing options...
simon Posted September 29, 2023 Share Posted September 29, 2023 (edited) 1 hour ago, Bruno de Souza Lino said: It's probably a tracker of sorts. who knows ? but 12 scanners are currently showing the file as malicious and containing a specific trojan not just reporting 'random phone home' behaviour - which lots of software does. The scanners that are flagging it are some of the biggest and most reliable scanners too. If they have submitted the file for a 'false positive' assessment as @Peter - IK Multimedia says then we should see it come up as clean. This hasn't happened as yet. IKM are not immune to viruses - nobody is. There is zero reason to believe it's NOT been infected unless the files is cleared by a 'false positive' assessment or IKM give us more information. Personally, I would recommend anyone who installed it on Windows to remove it and to do a full system scan with their preferred virus scanner. I would also hold off on installing v1.08 until we know what happened. Obviously anyone is free to trust or install whatever they like. EDIT v1.08 is now showing as infected by multiple virus scanners - currently 7 positives but increasing...... Edited September 29, 2023 by simon 1 2 Link to comment Share on other sites More sharing options...
TheSteven Posted September 29, 2023 Share Posted September 29, 2023 (edited) False positives do happen but it is rare when they occur across more that one or two scanners. That it's triggered alerts on 12 scanners... ain't touching that until it gets an all clear. It's concerning that it failed to trigger any warnings on IKM dev machines. They should examine their own process chain to insure something like this does not happen again. Edited September 29, 2023 by TheSteven 1 Link to comment Share on other sites More sharing options...
chris.r Posted September 29, 2023 Share Posted September 29, 2023 2 hours ago, TheSteven said: That it's triggered alerts on 12 scanners... ain't touching that until it gets an all clear. Link to comment Share on other sites More sharing options...
Bruno de Souza Lino Posted September 29, 2023 Share Posted September 29, 2023 2 hours ago, TheSteven said: False positives do happen but it is rare when they occur across more that one or two scanners. That it's triggered alerts on 12 scanners... ain't touching that until it gets an all clear. It's concerning that it failed to trigger any warnings on IKM dev machines. They should examine their own process chain to insure something like this does not happen again. What concerns me more is their response to that. I don't know if this is a fad since Linus Media Group, but companies seem very eager to literally wave off user concerns and just say "trust me bro," as if they were buddies you can rely on rather than a business providing you a service you're paying for. 1 Link to comment Share on other sites More sharing options...
TheSteven Posted September 30, 2023 Share Posted September 30, 2023 @Bruno de Souza Lino chill dude. Trust me bro it's all going to be all right. Just forward your personal and banking info and I'll make it all go away. Tomorrow this will be that last thing that you'll be worrying about. 3 Link to comment Share on other sites More sharing options...
TheSteven Posted September 30, 2023 Share Posted September 30, 2023 2 hours ago, Bruno de Souza Lino said: What concerns me more is their response to that. I don't know if this is a fad since Linus Media Group, but companies seem very eager to literally wave off user concerns and just say "trust me bro," as if they were buddies you can rely on rather than a business providing you a service you're paying for. Yeah that attitude creeps me out too. 1 Link to comment Share on other sites More sharing options...
simon Posted September 30, 2023 Share Posted September 30, 2023 just to update no change - IKM claim to have submitted the files and had them verified as a 'false positive' - but the virus scanners still show as infected. 1 Link to comment Share on other sites More sharing options...
Bruno de Souza Lino Posted September 30, 2023 Share Posted September 30, 2023 Also, we've been through how many version of this and you still have to manually download and install the updates? If the manager doesn't even let you run it when it detected an update, why can't you make it update automatically? Link to comment Share on other sites More sharing options...
simon Posted September 30, 2023 Share Posted September 30, 2023 4 minutes ago, Bruno de Souza Lino said: why can't you make it update automatically? in this case I'm really glad they didn't Link to comment Share on other sites More sharing options...
Bruno de Souza Lino Posted September 30, 2023 Share Posted September 30, 2023 4 minutes ago, simon said: in this case I'm really glad they didn't Yeah, except the manager will not let you use it if you don't update in case there's an update available, which defeats the purpose. Link to comment Share on other sites More sharing options...
TracingArcs Posted September 30, 2023 Share Posted September 30, 2023 I'm confused by this pop-up when signing out on V1.0.8 . Sounds ominous. Will I loose my activated products? 1 Link to comment Share on other sites More sharing options...
User 905133 Posted September 30, 2023 Share Posted September 30, 2023 (edited) 20 minutes ago, TracingArcs said: If this just a poorly worded, "Downloads in progress. Are you sure you want to exit the IK Product Manager?" warning? Or, is it as ominous as it seems at first glance? Edited September 30, 2023 by User 905133 1 Link to comment Share on other sites More sharing options...
antler Posted September 30, 2023 Share Posted September 30, 2023 1 hour ago, TracingArcs said: I'm confused by this pop-up when signing out on V1.0.8 . Sounds ominous. Will I loose my activated products? I think it's probably fine. I suspect: Any ongoing downloads will be interrupted upon logout means any in-progress downloads will be stopped. It's unclear whether you'll have to start downloading from scratch the next time it starts up again, or if it will resume a partial download. Logging out will deactivate any active subscriptions and Ensure you reconnect within 72 hours. Failure to do so will render the product non-functional refer to the new piano subscriptions. In other words, you need IK Product Manager running in order to use the new pianos under their subscription plan. Just my guess though. 1 Link to comment Share on other sites More sharing options...
User 905133 Posted September 30, 2023 Share Posted September 30, 2023 17 minutes ago, antler said: I think it's probably fine. I suspect: Logging out will deactivate any active subscriptions and Ensure you reconnect within 72 hours. Failure to do so will render the product non-functional refer to the new piano subscriptions. In other words, you need IK Product Manager running in order to use the new pianos under their subscription plan. Just my guess though. [emphasis added] This makes sense if that is indeed what they were trying to say. Maybe they say that when people buy a subscription plan and the warning is just a reminder. I never would have thought that subscription licensees had to be logged in at least once every 72 hours otherwise the subscription gets cancelled. That can't be what they are saying, can it? Link to comment Share on other sites More sharing options...
simon Posted September 30, 2023 Share Posted September 30, 2023 1 minute ago, User 905133 said: That can't be what they are saying, can it? seems like it ! Link to comment Share on other sites More sharing options...
antler Posted September 30, 2023 Share Posted September 30, 2023 10 minutes ago, User 905133 said: I never would have thought that subscription licensees had to be logged in at least once every 72 hours otherwise the subscription gets cancelled. That can't be what they are saying, can it? My guess is that you can use the product offline for up to 72 hours before needing to reconnect, rather than the actual subscription being cancelled. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now