Security Software vs. Squish

Last edited on

Overview

Automating the GUI of other software or web pages, etc. typically requires using functionality provided by operating systems, web browsers, etc. which is much less commonly used by other software (such as office software, word processors, spreadsheets, paint programs, CAD, image editing software, etc.).

Security software on the other hand may decide to block and quarantine software based on the fact that it uses such "suspicious" functionality, which on the other hand is officially supported by, for example, the operating system.

Sparse Information Policy from Vendors

Unfortunately security software is typically sparse on communicating what in particular it finds offensive or suspicious. This means that if a security alert is raised and a component of Squish is quarantined or blocked, there is usually not much information available on why it gets blocked.

And even when reporting a "false positive" to vendors, one typically only gets a reply (if anything) to the extent of "thank you, we have whitelisted this file now".

What We (the vendor of Squish) Can Do

The only tool that is available to us is to digitally sign our binaries with a valid certificate, and this is what we are doing for most binaries in Squish packages (and especially for the tools which often get blocked, such as _startwinaut.exe, dllpreload.exe, startaut.exe.

However, when users report that Squish is being blocked or affected by security software, we also try to report the respective file(s) as "false positives" to the vendor of the security software.

What We (the vendor of Squish) Cannot Do

In theory we could report every new release and every new build of Squish (new builds of Squish are provided on a daily basis) to all existing security software vendors.

However, this is highly impractical for us, least but not least because of the large number of Squish packages built and provided on a regular basis.

What End Users of Security Software Can Do

If you have control over the configuration of the security software, you may be able to configure that it accepts properly, digital signing for automatic and full whitelisting.

You may also be able to whitelist the complete Squish installation folder, or to add an exception for it.

What Companies Using Security Software Can Do

The IT department of a company should double check the following:

Furthermore, companies should consider engaging the vendor of the security software...

...in a discussion on the support level, to ensure swift whitelisting of reported false positives, as well as

...in a discussion on the product management level, to ensure that their product management understands what acceptable behavior is and what is not. (Blocking properly signed binaries should generally be unacceptable.)