Norton Firewall "Ardour 6 does not have a digital signature

Hi. I paid then downloaded Ardour 6 (64 Bit) for Windows 10 and installed it. But when opening Ardour 6, Norton warns of a Firewall security issue with Ardour 6 for Windows 10. Norton also displays a security warning message “Ardour 6 does not have a digital signature”. Norton asks me if I trust Ardour 6 “always”, or, “only this instance” or “block always”. I have had several firewall security issues in the past and therefore I am unwilling to use Ardour 6 until Ardour 6 developers digitally sign the program so that Norton accepts it. So I am going to reinstall Ardour 5.1 for now (which must have been digitally signed software because Norton has never been concerned about Ardour 5.1). My question is - Will this issue be addressed by Ardour developers and the program digitally signed in future updates of Ardour 6 ?? I would have thought it in Ardour developers interests to do so, so as to show that Ardour take security seriously and provide users with peace of mind

Thanks in advance

We do not and will not interact with anti-virus software companies. We do not register our software with Apple, and we will not register it with Norton, or Symantec or another similar company.

If there is a “digital signature” for an earlier version of Ardour, that simply demonstrates that someone at Norton (or another Norton customer) has not updated their information for 6.0.

Apple makes it easy for users to acknowledge the lack of digital signature and continue. If Norton does not, I would consider that a problem with Norton, and not our responsibility.

If you trust us to build software for you, then please trust us to … build software for you. Norton has nothing to offer you in our case.

3 Likes

If there is a “digital signature” for an earlier version of Ardour, that simply demonstrates that someone at Norton (or another Norton customer) has not updated their information for 6.0.

I think the post refers to a digital signature as in, “a digitally signed copy of the executable”, rather than an AV heuristic ‘signature’. I completely agree that it should not be the developer’s responsibility to register software with AV companies (and AV companies can be over-zealous sometimes - of particular concern to independent developers for example, is a new application being characterised to the user as ‘harmful’ based purely on the fact that it hasn’t been downloaded much yet… which is likely only to perpetuate that situation…)
Digitally signing code does however provide a valuable function - while the integrity of the ardour developers, and their build process / systems may be beyond reproach, the presence of a signature means that the user can be as sure as possible that they have the exact binary that the developers intended them to have. It is almost impossible for it to be tampered with by any third-party, without invalidating the signature, and (in theory) only the developers can sign with their signature.

Apple makes it easy for users to acknowledge the lack of digital signature and continue…

macOS seems to make this a less obvious / more awkward process with each new release - and as a developer you are now required not just to sign your code, but also to get it QA checked via their official notarization process too… which feels like another step towards an Appstore only model.

I appreciate your professional input mike@overtonedsp . You have understood well the intention of my post. Indeed I am refering to the “digitally signed copy of the exe file”. I agree that Norton and other security apps can be overly zelous at times. I have uninstalled Ardour 6, reinstalled Ardour 5.1, and my plan is to in a few weeks time I will attempt to reinstall Ardour 6 in hope that by then, Norton accepts Ardour 6 (a relatively recent program), and I am then able to install Ardour 6 with no Norton Firewall security warnings

I’ve been in your situation with other software and I’ll just say that having Norton (or any other anti-virus) “trust” Ardour shouldn’t end up being a problem at all. I’m sorry to hear of your previous security troubles but I’m assuming they were not due to simply trusting an app you knew to be trust-worthy? I do understand, however, that if you’ve experienced disruptions due to serious security breaches that you’d naturally be more cautious.

I would suggest that if you are worried about security in general that you might consider running your audio studio on a separate fully-offline machine? In any case, on Windows I was always in the habit of disabling anti-virus and internet before starting my DAW as the last thing I wanted was an unexpected anti-virus scan causing glitches during my perfect take :wink: