pia_openvpn_client not code signed.

On a Mac running PIA VPN client I get this warning from Little Snitch. "pia_openvpn_client wants to connect to 172.98.67.28. The process has no code signature. The executable can be maliciously modified without being detected."

While other parts of the PIA VPN client are code signed (nwjs) this executable is not. Why? Why not sign it?

Tagged:

Comments

  • Posts: 7
    Same issue on PIA client v. 65 / Mac OS 10.11.6.
  • Posts: 1
    my little snitch is doing the same with V.66 on Mac OS 10.11.6
  • Posts: 18
    Here is a more detailed description from Little Snitch:

    pia_openvpn_client wants to connect to 104.200.153.97

    The process has no code signature. The executable can be maliciously modified without being detected. The matching rule is therefore not being applied.

    A matching rule exists that requires a valid code signature by an unknown developer, but the process has no valid code signature. This could mean that the application was possibly maliciously modified. The matching rule is therefore not being applied.

    To allow connections by this process anyway, all existing rules for “pia_openvpn_client” can be modified to ignore any code signature. This makes these rules less secure, though.

    Allowing "no code signature" returns:

    ! This will modify all existing rules for "pia_openvpn_client" to not require any code signature anymore. (buttons: Cancel - Modify Existing Rules)

    Is the company ignoring this?

  • edited August 27 Posts: 62
    I asked support about this once. The answer I got was : Its never been signed and can't be because its open-source and the license doesn't permit PIA's rendition and use of it to be signed.
    Post edited by jbis on
  • Posts: 198
    Hi all,

    We're definitely not ignoring this! We're currently working to get our drivers signed, but it's a lengthy process that involves coordination with quite a few third parties. In the meantime, you can ensure that your application is genuine by verifying the checksums, which are posted here on our downloads page
Sign In or Register to comment.