Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [platform-dev] Impact of Windows Defender and Eclipse startup
> Note: the exe file from plain SDK *is* signed

Correct, and so are the executables of the EPPs and the installer itself.

Tim, the original reporter of the issue, said:
"
0:05 - time to extract 354mb JEE 2019-06 RC1 zip
1:28 - time spent by Windows Defender before Eclipse workspace prompt
"
which indicates to me that he used an EPP. Tim, please object if that's not the case. I verified that package (eclipse-jee-2019-06-RC1-win32-x86_64.zip - size 354 MB) and also tried a random package from RC 2 (20190613-1013_eclipse-java-2019-06-RC2-win32.win32.x86_64.zip). Both are signed.

So, while the missing signing in the p2 repository is not good, it is not causing the Windows Defender issue as reported originally.

Tim, I suggest you file a bug report with steps to reproduce and all details like, which Java version, Windows version and Windows Defender version.

Some time ago https://bugs.eclipse.org/516795got reported regarding Windows Defender. Comments there indicate that it's a deeper issue with/in Windows Defender and not related to the eclipse.exe (issue happens after eclipse.exe is done).

Dani


 
From:        Andrey Loskutov <loskutov@xxxxxx>
To:        platform-dev@xxxxxxxxxxx
Date:        18.06.2019 17:22
Subject:        [EXTERNAL] Re: [platform-dev] Impact of Windows Defender and Eclipse startup
Sent by:        platform-dev-bounces@xxxxxxxxxxx



Whoever is interested in solving this problem, please create a p2 or
oomph bug for that.

I think missing signature on Windows is not OK, independently if this
helps or not with the Windows Defender performance. Note: the exe file
from plain SDK *is* signed.

On 18.06.2019 16:52, Ed Merks wrote:
> Rolf,
>
> Indeed if I look at the two executables in the following:
>
> https://download.eclipse.org/eclipse/updates/4.12/R-4.12-201906051800/binary/org.eclipse.platform.sdk.executable.win32.win32.x86_64_4.12.0.I20190605-1800
>
> They do not show signature properties when extracted, so p2 installing
> these (p2 director via the installer or via p2 update) would not produce
> something with a signature in would appear.
>
> I would have expected this file to contain two signed executables, but
> that appears, as you suggest, not to be the case. :-(
>
> I asked Dani just now, and he also expected these would be signed...
>
>
> On 18.06.2019 16:13, Rolf Theunissen wrote:
>>
>> First of all, the properties of the executable show it very clearly.
>>
>> Second, https://bugs.eclipse.org/bugs/show_bug.cgi?id=509799#c4this
>> comment.
>>
>> eclipse.exe properties from Eclipse IDE for Java Developers Package
>>
>> Eclipse properties for product installed via oomph.
>>
>> Op 6/18/2019 om 4:04 PM schreef Ed Merks:
>>>
>>> Rolf,
>>>
>>> I don't believe what you suggest is the case.  The eclipse.exe in the
>>> p2 repository, like all the artifacts in the repository, is
>>> signed.    Otherwise, if one did an update and the executable needed
>>> to be updated, it would be updated with an unsigned version, which
>>> would not be acceptable.  What makes you think/assume that these are
>>> not signed?
>>>
>>>
>>> On 18.06.2019 15:56, Rolf Theunissen wrote:
>>>>
>>>> Hi,
>>>>
>>>> I came across the bug below. What triggered me from the comments on
>>>> Bug 509799 is, that the 'eclipse.exe' is apparently signed as part
>>>> of the EPP build. As we are pushing Eclipse-Installer now, many
>>>> installations contain a 'eclipse.exe' that is not signed.
>>>>
>>>> So maybe the problem is not how to let Microsoft trust the Eclipse
>>>> Signature, but more how to *ensure that the 'eclipse.exe' is signed
>>>> on all installations*.
>>>>
>>>> *Bug 539954* <https://bugs.eclipse.org/bugs/show_bug.cgi?id=539954>
>>>> - eclipse installer "SimRel 2018‑09" from ibm cloud is reported as
>>>> virus infected
>>>> *Bug 509799* <https://bugs.eclipse.org/bugs/show_bug.cgi?id=509799>
>>>> - Symantec reports a Trojan SONAR.AM.C!g24 in eclipse
>>>> *Bug 485899* <https://bugs.eclipse.org/bugs/show_bug.cgi?id=485899>
>>>> - upgrading eclipse causes anti-virus to alert
>>>>
>>>> Rolf
--
Kind regards,
Andrey Loskutov

https://www.eclipse.org/user/aloskutov
---------------------------------------------
Спасение утопающих - дело рук самих утопающих
---------------------------------------------
_______________________________________________
platform-dev mailing list
platform-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/platform-dev


Back to the top