SQRL Signing Update


Status
Not open for further replies.

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Everyone...

In preparation for today's podcast I just fired up a Win10 machine that hadn't been used in a week. The instance of SQRL installed on that machine noticed that there was a new version and suggested that I update. I first updated the Windows Defender data.

When I attempted to use SQRL to auto-update itself I received the expected Error 8 since it didn't trust the new release either!

So then I attempted to download the newer SQRL from https://www.grc.com/dev/sqrl.exe using Edge... and it was blocked by SmartScreen. The good news is, it's possible to bypass that and force the download.

Then I held my breath and run the new SQRL.exe... and everything worked. Windows Defender was AOK with the newer sqrl.exe.

"EV Signing" was introduced by Microsoft seven years ago in 2012 SPECIFICALLY as a means of automatically bypassing Windows SmartScreen. The "EV"ness of the cert =does= have a strong beneficial effect upon Windows' initial trust of unknown software. But it appears that this is still SECONDARY to the certificate's reputation. Because, again, anyone could obtain a EV cert. So no new cert can simply be blanket trusted.

So... once SmartScreen gets happy we should be okay. :)
 

alt3rn1ty

Well-known member
Feb 2, 2019
89
4
So... once SmartScreen gets happy we should be okay. :)
More reports to Microsoft may help :
  1. Download the SQRL.exe with Microsoft Edge (See link in Steve's post above).
  2. If you get a notification “Windows Defender SmartScreen reported SQRL.exe as unsafe.”
  3. Click "View Downloads".
  4. Right-click on the downloaded file, and choose "Report that this download is safe".
  5. Fill in the form.
I just submitted one (gave it a thorough looking at with all Anti-malware I trust locally first and found no issues) :)

Edit : If anyone tries the above and Smartscreen does not complain .. I guess MS will have done whatever was necessary.
 
Last edited:

chris.jasztrab

New member
Jun 18, 2018
1
0
Hey all, I run Trend Officescan XG here at work and it's flagging the URL where SQL is downloaded from as malicious. I was able to get around the web filter by using IE to download the client which i was then able to install. When you plug Steve's dev site into the Trend 'is is safe' site it says that the latest tests show that the URL contains malicious software. I'm not sure if they are using signals from VirusTotal to make this decision or some other metrics.
 
Status
Not open for further replies.