Everything roadmap

[mariamatcha]

Hi David. How are you doing? I hope you're doing well. It's good to start reading you again on the forum.

I don't know why there doesn't seem to be much community interest over this topic, but have you been able to get any updates on the Microsoft incident?

Is there anything we users can help with?

Is the Everything project still on?

I sincerely thank you for developing one of the best tools in modern computing.

Regards.

[anmac1789]

Hi David. How are you doing? I hope you're doing well. It's good to start reading you again on the forum.

I don't know why there doesn't seem to be much community interest over this topic, but have you been able to get any updates on the Microsoft incident?

Is there anything we users can help with?

Is the Everything project still on?

I sincerely thank you for developing one of the best tools in modern computing.

Regards.

I am wondering the same thing, seems like development has stalled due to Microsoft hindering progress

[void]

Thank you for your post and offer to help.

No answers from Microsoft yet.
I am still in the dark.

[mariamatcha]

At the risk of sounding desperate, have you tried contacting any large-scale digital media outlets with the intention of spreading the word about the case and generating buzz?
It is well known that many big companies only react in this way.

[anmac1789]

There's got to be be a way to force microsoft to answer

[AntonyD]

If I understood correctly, then we are talking about the fact that the 'voidtools' certificate with the Thumbprint:
4DA2AD938358643571084F75F21AFDDD15D4BAE9 used to sign the product was included in the M$ Vulnerable driver block list?
But despite the severity of this moment, we are not talking about the company in general, but about a specific one certificate.
Which, by the way, has been overdue for 10 days (Valid To: 18.03.2025 2:59:59).
And it had to be re-released to sign new builds of the product being developed.
But you can't do this procedure now? Because of being included in this list?

And by the way, haven't you tried to use this link?:
https://www.microsoft.com/en-us/wdsi/filesubmission
And choose "Software developer | Software providers wanting to validate detection of their products"?

P.S.
It seems that this list of driver blocks contains entries about drivers that have known security vulnerabilities or
are signed with certificates used to sign malware, or that bypass the Windows Security model.
In other words, it is suspected that this already outdated certificate was used somewhere else without your knowledge.
To sign a malicious program. That is, it is not specifically your fault, or the program itself, but simply third-party use.

P.P.S.
I would like to clarify once again - only one of your (already outdated today) certificates has been added to the blocking list.
And since you need to release a new one anyway, this new one will not automatically be included in this list.
And you can continue developing this wonderful software right now.

[anmac1789]

alright so what can be done like ...how long can we wait

[AntonyD]

I think I've already written above - I see no reason to WAIT for something.
Only ONE &old certificate was added to the untrusted list, possibly used illegitimately somewhere.
BUT it's alone, and it's basically stopped working - its validation period has passed. (Valid To: 18.03.2025 2:59:59)
The Author just need to issue a new certificate - as it was clearly planned - and release a new version of the product with it.
And most likely, it is DEFINITELY becoming necessary to release a real RELEASE. Not a new beta/alpha/RC/./././...
EVEN if suddenly there is something left unfulfilled from what is expected to be implemented according to the internal roadmap.

[void]

I am in the process of getting a new EV code signing certificate.

[AntonyD]

God bless you and your work and your efforts

[mariamatcha]

I think I've already written above - I see no reason to WAIT for something.

First, chill out, there's no need to yell.
I think the main problem is that we're both just "guessing" about why this is happening. David already mentioned he doesn't know either.
Even if he decided to buy a new certificate, since M$ doesn't explain why the previous one was flagged, it's pretty sensible to be cautious about this new approach. The new certificate might also get flagged, maybe M$ considers Everything a threat to its business model, or they are just being negligent...and as far as we know, they don't provide any actual explanation for it. And FYI, those certificates aren’t cheap.

So no, the answer isn't as simple as you think.

David, I'm glad you reached a conclusion and are about to continue with development.

[anmac1789]

This code signing certificate that's really necessary ?

[void]

A code signing certificate helps with user trust.

voidtools cannot exist without a code signing certificate.



I am not seeing any evidence of drivers or malware being signed by voidtools.
Please let me know if you have seen any drivers signed by voidtools.
Please let me know if you have seen any malware signed by voidtools.

[AntonyD]

First, chill out, there's no need to yell.

Actually, it's a simple semantic logical emphasis on the word, not a "scream")))
If we were speaking face to face - you would just hear how I would emphasize this word
with my voice from the whole sentence... BUT in the text, it's just not that easy to do.
And the only suitable option would be to write it in CAPs.

You can logically make a sound pause on such a word, both when reading inside yourself
and when comprehending what is written.

[AntonyD]

I am not seeing any evidence of drivers or malware being signed by voidtools.

Just like the rest of us. BUT it's just likely that it was/is a 0-day threat, then
the reaction should be faster than we might expect.

[anmac1789]

any news yet ?

[tuska]

any news yet ?

2anmac1789

You won't be able to speed up the process,
even if you give your opinion every few days or ask if there's any news on the topic.

[anmac1789]

any news yet ?

2anmac1789

You won't be able to speed up the process,
even if you give your opinion every few days or ask if there's any news on the topic.

Influence is greater than you think, the universe thrives on influence and thought

[mariamatcha]

It seems that @void has vanished again

[anmac1789]

It seems that @void has vanished again

There's a problem with microsoft and security certificate that's stalling everything

[mariamatcha]

@void any news on this topic?

[void]

I am still trying to get answers from Microsoft.

Digicert has ghosted me.

In the meantime, I am rewriting Everything with security in mind.
I assume the issue is with the Everything Service allowing any user to index all filenames.

[anmac1789]

I am still trying to get answers from Microsoft.

Digicert has ghosted me.

In the meantime, I am rewriting Everything with security in mind.
I assume the issue is with the Everything Service allowing any user to index all filenames.

Who is digicert ? Can you elaborate with security in mind ? does it mean that there will be some upcoming changes ?

[void]

Digicert supply code signing certificates.
My old code signing certificate was with Digicert.

I was in the process of getting a new EV certificate with Digicert.
They were going to call me and haven't.
They haven't responded to my last few emails.

I will try them again when I have a new build ready..

Can you elaborate with security in mind ?

I assume Microsoft is blocking all my software because the Everything Service can access all filenames.
I assume Microsoft see this as bypassing security.

I am rewriting the Everything Service to address this.
I have a prototype working where the Everything Service will only index and maintain filenames the logged in user can see.
Running Everything as admin or running the indexing process as admin will still allow access to all filenames.

does it mean that there will be some upcoming changes ?

I am working on an update.
I still have a lot of work to do on the new Everything Service.

[void]

=> A certificate was explicitly revoked by its issuer

[warduweram]

Shouldn't be too hard to figure out by now that we're headed for complete digital tyranny. Everyone and everything (no pun intended ) that doesn't go through all ridiculous measures TPTSB ask for and smile while taking it in sans lube will be ousted. So we'll have to either bow deeper or stop caring about certificates, I can't see any other routes, so pick your poison, I certainly know which I prefer. My last Windows update is from 2023, it's working flawlessly. Until we have a unified, hardware-enforced login to everything which is only a question of time.

[Jette]

@void, are you keeping the rewrite in (presumably) C?
found my way here after unable to locate your project on Github - wanted to check some docs and look into contributing as I've used your tool for a few years now (thanks by the way), but I see now why I could not find it. (which is fine of course, your software, your choice)
Well, if you're keeping it in C (if that is what its written in) - then godspeed to you sir!
I call C using `extern "C" int` cause I'm a coward... and need package management lol

[void]

Thanks for your feedback Jette,

The rewrite was completed and scraped as it wasn't the reason for the certificate revoke.

Everything source will be available on Github soon.