Monday, 25 April 2011

NIS 2010 SONAR raised when running executables compiled with Delphi 2010

Going on with my previous post (Signing your Delphi applications with Microsoft Signtool) in this post I'll explain different solutions to avoid false positives by the Antivirus. I've recently got an alert from my NIS 2010 (Norton Internet Security) SONAR indicating that my application contains a HackTool and it has been processed and eliminated by SONAR (I'm trying to run one of my applications and now is a high-risk program and should be deleted every time I try to run it):

Even though it socks, you need to go through the NIS and configure it using the instructions from here.


1.   Executable files created by compilers etc on development machines are deleted

We have identified the issue and are making incremental changes to fix the problem. Please ensure that you have the latest NIS patch installed 17.1.0.19 as that should minimize the occurrence of the issue.

In addition to this, developers should exclude dev directories from security scans using the following steps:

  • On the main UI panel, under Computer click Settings. This will bring up the Settings dialog box.
  • Under Scan Exclusions click Configure. This will display the Scan Exclusions dialogue box.
  • Under the lower-half of the screen under Auto-Protect Exclusions click the Add button. This will bring up a dialogue to add a new item.
  • Add the folder you want to exclude from SONAR.



If you are certain that SONAR has incorrectly quarantined a file, you may restore this file to its original location by selecting the appropriate entry in the Quarantine Log and clicking Options. This will display the Security Risk Details dialog:

Click Restore this file. This will show the Quarantine Restore dialog. Ensure that the Exclude this risk from future scans is checked. The file will be restored to its original location and will no longer be detected by SONAR. According to Symantec this is unfortunately a known problem and they are working on a fix for it. From now on the best thing you can do is to set the scan exclusions in the settings, with this, those folders will not be scanned and the files will not be false-detected.


It's important to update the Antivirus to the latest version because most of these issues are already solved and there is no need on doing this.

Other important thing is to bear in mind the digital signature for our applications. If our executables are digitally signed you won't have the false positive problem with the AV because the application is trusted. Please, go on with the related links section to dig more with this issue and do not hesitate to comment if you have any doubt.

NIS version: 17.8.0.5

Related links:

Saturday, 23 April 2011

Signing your Delphi applications with Microsoft Signtool

Today I'm coming with an interesting post about signing your Delphi applications (win32) with Microsoft Signtool. The SignTool tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. The tool is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path. SignTool is available as part of the Windows SDK, which you can download from here.
With few steps I'll show you how to create PKCS#12 certificate with OpenSSL for windows and how to import this certificate into your applications. In most occasions we should use the certificate as a means of identifying the author of an application and establishing trust relationships between applications.

Creating a PKCS#12 certificate with OpenSSL:
Once I have installed OpenSSL on your machine, we need to run the following commands to create the certificate. To create a PKCS#12 certificate, you’ll need a private key and a certificate, so first of all, let´s create the certificate and the private key:

# create a file containing key and self-signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem


Now we are ready to generate the .pfx file (.PFX file (Personal Information Exchange format) is the file containing both a public (.cer file) and a private (.pvk file) keys) with myCert.pem:

# export mycert.pem as PKCS#12 file, mycert.pfx
openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name "My Certificate"


You'll be asked to enter a password for your certificate.

Importing the certificate with Signtool:
Now copy the mycert.pfx file into the folder where your executable is placed and run the following command with Signtool:

Signtool sign /f mycert.pfx /p password thundaxballsdemo.exe


Now if we check our application it will be digitally signed with our certificate:

Then you can install this certificate into the "windows trusted certification store".

Related links:

Friday, 22 April 2011

Tuesday, 5 April 2011

Assertion failure ..\win32src\thread32.cpp at line 434

For the ones who are using Delphi 2009 under Windows 7 (64-bits), this error will show up during the debugging of your applications. This just happened to me today and I found a really interesting solution on Embarcadero's Forums. This just happened to me few days ago and I thought it was normal because of the OS, but then I realised that something was going wrong and every minute I got that annoying message leaving my applications non-functional and with the problem of restarting the Delphi IDE again.The solution provided is quite easy and I can guarantee you that it works!.
First of all, you need an hexadecimal editor. I used mh-nexus, an open source version that you can get from here. Then the steps for solving the issue are the following ones:

1. Close Delphi
2. Locate bordbk120N.dll (C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin)
3. Make a backup of the library (just in case).
4. Open bordbk120N.dll with mh-nexus and locate the hex values: “01 00 48 74 47 80 3D

5. Replace “74” with  “EB”and save the changes.

6. Restart Delphi and the error message should be gone.


Related links:

Sunday, 3 April 2011

Google's driverless car

Sebastian Thrun helped build Google's amazing driverless car, powered by a very personal quest to save lives and reduce traffic accidents. Jawdropping video shows the DARPA Challenge-winning car motoring through busy city traffic with no one behind the wheel, and dramatic test drive footage from TED2011 demonstrates how fast the thing can really go.
Source: TED



Google's car in action: