2

After creating my exe file from my jar using Launch4j, I noticed this message:

WARNING: Sign the executable to minimize antivirus false positives or use launching instead of wrapping.

So I started digging into how to sign it, and finally got that to work as well. But now I was wondering, do I now not have any false positives?

I uploaded the signed exe file to VirusTotal and got a score of 2/64 (Cylance marked it as Unsafe, and SecureAge APEX marked it as Malicious) Granted I have never heard of either of them, so I wasn't making a big deal out of it.

But I wondered what the score would be of the original (unsigned) exe at this point, so I uploaded that and got a score of 0/66 (including Cylance and SecureAge APEX)

Is there any other reason you would like to sign your jar file? At this point I am more tempted to distribute the non-signed one as it provided a greater/perfect score on VirusTotal opposed to the signed one, incase one of the users actually wanted to check it out at some point this would reflect much better on my program, even if it was only a 2/64 from a relatively unknown provider.

Alex
  • 144
  • 16
  • 1
    You might want to sign your software anyway regardless what the virus test say. Signatures ensures that the distributed software can only come from you and not from someone else since only you can generate the correct signature (assuming the users know how to check the signature correctly). – Progman Mar 15 '22 at 22:15
  • Fair point, although for my use case I don't think the end user will do that. I was hoping signing it would remove the "Windows SmartScreen / Unknown publisher" warning but that did not seem the case – Alex Mar 15 '22 at 22:28
  • 1
    btw you know it's no longer necessary to use the likes of Launch4j? https://technojeeves.com/index.php/aliasjava1/111-making-native-installable-apps-with-java-9 – g00se Mar 15 '22 at 22:44
  • @g00se No this is completely new information to me lol, if I understand correctly the executable also contains a java interpreter, so no java version would have to be installed to execute it? – Alex Mar 15 '22 at 22:55
  • 1
    Correct. So that's all good. Personally I bemoan the demise of Web Start (in its wide distribution) as that's actually even more useful – g00se Mar 15 '22 at 23:26

0 Answers0