Anti-malware False Positives, Code Signing, and Safety of Inedo Products

KB#1113: Last Updated Aug 03, 2016

Malware protection is meant to ensure that our systems and sensitive information aren't compromised. Occasionally, this protection doesn't quite work as intended and flags a secure download; this is known as a false positive.

If it's Signed by Inedo, It's Guaranteed Safe

Rest assured that if the package is signed by Inedo, you can be certain that no "viruses," malware, Trojans, or other malicious code were injected into our installers.

All certificates are issued to Inedo by Comodo and may be viewed from the installer:

Inedo Certificate

Why Code Signing Guarantees Safety

Digital signatures ensure authenticity and integrity, just as a manufacturer's brand name does on packaged software. However, unlike a brand name alone, these cannot be counterfeited.

Code Signing uses a digital signature to assure users of the origin and reliability of software. In a digital signature, the private key generates the signature, and the corresponding public key validates it. To save time, digital signature protocols use a cryptographic digest, which is a one-way hash of the document.

Signed Code Diagram

How Can I Really be sure?

Many enterprises trust code signing certificates including our existing users. There is also a manual install process that can be configured to run with low security. If you want, you can even request our source code for inspection.

Please Report the False Positive!

Please let your malware protection provider know about the false positive; the more people who do, the greater the chance they won't flag these in the future.