No, Fiddler is not evil


Recently, a number of people have emailed me and indicated that their security software raised warnings or blocked their download of Fiddler from the official Fiddler website. Now, I’ve reached out to vendors to help them correct their false-positives, but there are many vendors of “security” software, and only one of me.

As an end-user, you can easily validate the integrity of the Fiddler download packages—they’re all digitally-signed with my certificate. You’ll see the certificate information presented by Windows before the installer runs:

Fiddler Installation showing Eric Lawrence's Certificate

If you want the full details, you can click the link provided to view all of the information in the signing certificate. For the super-detail oriented, you can even compare the signer's serial number against that of my certificate: 38 ce b3 26 90 c0 05 79 d1 c5 7d fb ea 88 80 c8.

If you’re not running IE8 yet, you should upgrade to take advantage of SmartScreen Filter, which helps protect you from socially-engineered malware, without the false-positives.  🙂

 

-Eric

Comments (2)

  1. Jason says:

    List of "security" software providers who issued a false positive: Sunbelt Software, Norton, TrendMicro, StopBadware.

    These companies’ "malware" divisions apparently just steal block URLs from one another, without talking to their respective AV divisions. None of the AV engines has a false-positive: http://www.virustotal.com/analisis/0e65d3fd0a41ef41deeb56b6895c6f71dd4d238be27d038b88c338992109f720-1273348753

  2. Note that Fiddler is now signed with a later certificate, but still in my name.

Skip to main content