Atlas Informatics

Software Certificate

 

Atlas Informatik signs all its produced software (*.exe) with a Software Certificate

Windows will warn you every time you install a program. After we released a new update of our applications, Windows 10 and up has the habit to say "This program is not commonly downloaded and could harm your device". This just means "We as Microsoft have no feedback whether it is safe up to now". This warning should not appear anymore after several people installed it but from our experience it still happens after years.

Currently, we still have False Positives from Microsoft Defender all the time, even though we have been sending our software to Microsoft for analysis before quite some time. What's more, some products of other companies were also regularly reported as false positive, for example the Tor browser [see here] and even some of Microsoft itself [see here].

New in 2024: We have to warn you not to use the 'Microsoft Malware Removal Tool' because it uses the same False Positives and even worse, suddenly it started to remove Atlas Software without even a) giving the user a choice nor b) giving a possibility to undo the removal (no quarantine folder). We think that no software should be set up this way and even consider it dangerous. If you no longer have the installer of a software and it was removed based on these false assumptions, you may never be able to reinstall it. Not to mention the time we have lost reinstalling our honest software on our computers. There are also other people who have been harmed by this.

If you want to make sure that the file was not attacked by a virus, you can look at the file's fingerprint. To do this, right-click on an Exe file, select Properties, switch to the Digital Signatures tab, select Andres Rohr, click on the Details button and see if there is a certificate from Andres Rohr. If so, you can also press the View Certificate button, and the result should look approximately like this:

Then switch to the Details tab, scroll down the list, and compare the fingerprint. The box should contain one of these, depending on the year when it was produced:

  • Starting from May 6 2024: 2094b4e832d6379c7076a3b3c90eab1c536d3c4b
  • Starting from the year 2021: bc 9f 5b 78 17 98 bb a0 ec b2 34 d8 fe 4c 01 48 45 5a b5 bb
  • Starting from the year 2018: c9 5b 73 1e 9c 60 e4 06 b3 83 59 f9 b3 d7 12 a2 ab 62 98 68
  • Until the year 2018: 8b 02 af 1f ae 60 af a2 51 a1 6a eb c7 28 a7 30 89 b9 dd ae

If one of these matches, you can be absolutely certain that the Exe is in its original state and therefor safe. This is due to the fact that digital certificates are only issued after a very complex procedure involving the submission of personal documents (Picture, passport, proof of residence, proof of telephone number). In other words, the manufacturer of a digitally certified software is 100% known and can be held responsible in case of a criminal act.

A second option you have is to scan the Exe with the VirusTotal online virus scanner. This delegates the scanning to about 70 different virus scanner products. If there are still a few red messages, you can read the chapter "False alarms" below. If you find both a digital certificate and only a few such messages, you can be 100% sure that it is virus-free.

After you did your checks you can right click the download and select "Run anyway". A box will appear that says "Windows protected your PC". Click on the link "More info" and press the button "Run anyway". If the installed app doesn't appear after the installation, please read below in the chapter "If blocked...".

7-Zip archives

There are antivirus software or server settings that completely prevent the downloading and / or installation of exe files. For this case, there is always a 7-Zip archive (same name ending in .7z) with the exe inside each exe. To unpack that you have to first install the free program 7-Zip. This is an open source community solution and therefore safe. Since it can also process zip and rar by the way, in our opinion it's the best compression tool currently available.

False alarms in antivirus programs

If an Atlas program is still new, it may be reported as infected by a few antivirus programs. You should always be aware that virus scanners work with heuristics. Because this is a kind of guessing False Positives may occur. At the moment we have just such single false positive cases, e.g. one with Microsoft Defender when it scans our product Mighty Desktop (more about that here). After some time, these false positives are usually removed by the virus scanner companies and they all report our products as virus-free.

If you get a virus warning from an antivirus program installed on your local computer, it helps to update its virus definitions or otherwise update the program.

If you still get false alarms, you should know the following: Atlas Informatik applications are generally post-processed and protected by so-called Obfuscation. This prevents third parties from easily decompiling the application. This actively prevents theft by copying and also the manipulation of our work intensively produced programs. Additionally, it also protects the installed application from virus attack and the data entered in the application from being read out. Unfortunately, malicious programs also use obfuscation to avoid detection. Some antivirus programs are now a bit all too reluctant and simply issue an alert in advance when they detect obfuscation. This is of course not the right way, because honest programs that are obfuscated are made to look bad. The correct approach would be to reverse the obfuscation and then program a precise test. Therefore it's important for you as a consumer to be able to judge such alarms correctly.

Known False Positives so far are:

  • Win32/ClipBanker: In Mighty Desktop probably because of the system calls that the Clipboard Recorder uses
  • HEUR/AGEN.Nnnnnn: "HEUR" means heuristic, which means it's only a guess, based on the detected obfuscation
  • Packed-FQV!Nnnnnn: probably appears because Atlas software is compressed resp. packed, a part of the Obfuscation process
  • PWS:MSIL/CryptInjector!MTB: Also a complicated way to say that Obfuscation was detected.
  • Trojan:Win32/Wacatac.B!ml: One more false alarm. The checking must have been programmed much too unprecise. Check this discussion here.
  • Trojan.Generic@AI.88 (RDML:OYxDWEVgyjLkz…): Seen from Rising Free Antivirus, a chinese company from Beijing, where neither the company nor a secure https website can be found. Be always careful with free antivirus programs, they get full access to your system and data. From our experience a lot of work has to be put into cultivating and updating virus signatures daily. It's not profitable for any company on this planet to produce an antivirus program free of costs that is providing this service except they finance that for another purpose (;-).
  • Trojan.DBadur.w: Originating from the chinese company Jangmin, based in Beijing (Peking). At least they have https. We did not find a form where you could report false positives. Very strange for a company that sells antivirus software. You would expect any such company to offer this form. We have emailed the company about the false positive. Very good service: After only half a day, they wrote back that they had added our program to the whitelist. VirusTotal now has to get this update first. Let's see how long it takes them. [Address and phone number of this company]
  • Trojan.Generic.35915811: Reported by VIPRE. We have contacted VIPRE and they say it's because our app whitelists itself in Microsoft Defender, not because it has malicious code inside. We have informed them that we are forced to whitelist our apps because Microsoft is falsely pretending that our software is malicious and it intimidates our users. Even that VIPRE is an antivirus product that replaces/deactivates Defender itself when installed, and thus would also classify as as trojan horse (;-). So, why is the whitelisting of our app in the antivirus program of another company that produces False Positives even relevant to VIPRE? Why, if they replace Defender, is not only their own analysis relevant? The discussion ended at that point by VIPRE stating they do not change anything. No answer was given to several of my arguments. I recommended VIPRE to at least adding a web page explaining that simply the whitelisting is the reason for Trojan.Generic.35915811 (which would not fulfill the term "Trojan", as explained below). You can google for yourself and check whether at least this recommendation was realized. At the time of the production of this text is was not.

It is particularly astonishing that many antivirus companies do not fully understand the term “Trojan”. According to the Story of Troy, two things must be fulfilled:

  1. Software must sneak into a system undetected (in the story soldiers were placed inside a wooden horse and got into the city of Troy)
  2. The software must cause damage inside the city (the soldiers opened the gates of Troy and more soldiers poured in and attacked).

Microsoft, on the other hand, knows exactly what these criteria are and lists them in this text. Quote: “After installation, Trojans perform various malicious activities...”. Since Atlas Software does not contain any malware, point 2 can never be fulfilled. Nevertheless, we see a number of claims about Trojans in the above list. Funnily enough, it's the same as with all the religions: If each religion claims a different combination of gods, the whole construct must logically be a contradiction. But none of the antivirus manufacturers seem to notice the contradiction when they report different things than all the other companies. The basic bread-and-butter of science: A theory that contradicts all others must be wrong.

It is also always interesting for us software vendors that antivirus labs do not bother to explain on their websites what is actually meant by these short strings. And to add to this, sometimes unsubstantiated allegations like "This software steals passwords" or similar are displayed. This way the customer has a hard time to decide whether s/he can safely use the software and honest software producers are discredited as criminals. Not nice and also damaging to our business. At some point we might hand over this case to a lawyer and get rich (;-). Funnily enough, it sometimes happens to Microsoft with their own products as well, see here and here.

If you want to be on the safe side, you can scan the Setup.exe with the online virus scanner VirusTotal. This scans with approx. 70 different virus scanner products. If the Altas software has not been infected by a virus, only a handful of messages will appear, all stating that our software is obfuscated and compressed. Unfortunately, there are usually no links to explanations of the abbreviations. If you take a closer look, it shows that probably their automated reverse-engineering has failed. And for Atlas Informatics that's a good message, because this means also hackers have no chance and that's exactly what protects our intellectual property from being analyzed, copied or cracked.

By the way, Atlas Software has itself a built in anti-modification test. If our software reacts to all buttons normally, it is in its pristine state. Please read the Attack Protection chapter below for more info.

For an even more detailed discussion of all this we can recommend this video of the author Britec09.

If the download is blocked in the download list

  1. In the download list, click on the three dots next to the entry and select “Keep”
  2. In the query field with the title “This app is unsafe”, click on “Show more”, and then on “Keep anyway”.
  3. If the app is still blocked, continue as described in the section “If blocked by the current antivirus program” below.

If blocked by Google Chrome

Google Chrome can pretend that our software is dangerous or contains a virus. First you should always download directly from our website, and never from a third party. Files from the Atlas website are virus checked and 100% free of malware, we can guarantee that. What triggers Chrome's alarms is that our software is especially hardened by Obfuscation (see above chapter). You can unblock the download in Chrome like that:

  1. Open Chrome, click the three-dot button and choose Settings
  2. Scroll down to locate the Privacy and security section, and then click Security.
  3. Under the Safe Browsing section, you can see three browsing protection options. To unblock downloads, you can choose the Standard protection option.

If blocked by the current antivirus program, eg Microsoft Defender, Windows Defender and so on.

In order to run our Atlas software you sometimes need to add it to the so-called white list (resp. "Ok list", "Exclusion list") of the antivirus program. Otherwise, it may simply not start. Bad antivirus programs do not even display any information in this case. If you use Windows Defender (or Microsoft Defender) as your antivirus program, you can add our app as an exception to the list as follows:

  1. Make sure that the setup has completely finished (push the "Close" button at the end).
  2. Type "Virus & Threat Protection" in the search box at the bottom left corner
  3. Click the blue link "Protection History", or in older Windows "Threat History"
  4. If there is a blue link "Allowed threats" click it
  5. If there is a blue link "View full history" link
  6. Now there should be an entry "Threat blocked" or similar and we can see that the app has been falsely classified as a virus, trojan or unwanted app.
  7. Click the down arrow on the right side. A new "Action" dropdown appears.
  8. Click on the "Actions" or "Severe" button and select "Allow". In the following "User Account Control" window, click "Yes".
  9. Start now the Atlas application (not the setup). It should start normally. Please be patient, at first time it can take some time.

Another option is to add our app as an exclusion to the exclusion list:

  1. Right click on the shortcut to our app and open the properties.
  2. Copy the content of the "Target:" box to the clipboard
  3. Type "Virus & Threat Protection" in the search box at the bottom left corner
  4. Click on the blue link "Manage settings"
  5. In the "Exclusions" section, click Add or remove exclusions. Confirm the following box.
  6. Click on "+ Add exclusion", then "Process"
  7. Paste the clipboard content into the box and click Add.

One more option you have is to install a third party antivirus program. There are some that have better detection rates than Microsoft Defender and are also free of charge. We used Avast and Avira for years and are very happy with them.

Attack Protection

Atlas Software contains a self-checking mechanism that fends off attacks by viruses and hackers. If an Atlas program detects a modification to the code, it will stop executing functions. It will partially deactivate itself. The point is that a hacker can never be sure whether he can release the hacked software on the internet. It may suddenly malfunction again, which will damage his/her reputation. The hacker can also hardly find all these checkpoints, because they are widespread throughout the application. He would have to make a huge effort, which makes it unattractive for him. Conversely: If the application works perfectly, you can be sure that the program code is 100% unchanged on your computer and has certainly not been infected by a virus.

 
Go to Homepage