I want to use a programm, which lets me modify touchpad gestures. http://www.multiswipe.com/faq
But I need to add their certificate ( see in FAQ [ How to install MultiSwipe? ] ) to make it work.
Now I'm scared. Why would such a programm need this to work? Should I do it?
What bad could happen if I do it?
This is the Virus Total log for the .exe : https://www.virustotal.com/de/file/04bce76f119144042a2779bc8324f52abb5fa98f397f34d12f3da70e03d9e9ee/analysis/1427839638/
Because the software wants to intercept HTTPS communications without making your browser throw certificate errors.
There are some legitimate uses for this, like parental controls/web filtering software, anti-phishing protection (where some software compares the URLs you're visiting against known malicious websites), etc. For example, Avast antivirus provides such anti-phishing/anti-malware protection.
This works by having your browser's traffic redirected through a proxy running on the local machine which will do an MITM attack on the traffic - every time you visit a site, you're actually talking to the proxy, which in turn will talk to the real server. The problem is, even if you trust the proxy to not be malicious, it needs to correctly validate the certificates presented by the remote servers (a task normally done by your browser), and if that's not done correctly it may connect to an attacker presenting a fake certificate which exploits some flaw in the proxy so that it'll still be labelled as valid. Your browser won't see anything because the browser only gets the certificate of the proxy (which is trusted because it's been added to your trusted certificate authorities).
Some software generate the private key and its unique certificate on the fly when installing (that's the appropriate way to do it), some other crap software use a hardcoded private key identical across all installations. What that means is once someone extracts it, they can do malicious MITM attacks on you because you have added that certificate (which corresponds to the now compromised private key) in your trusted CAs, so your computer will trust their server. This is exactly what happened with Superfish, it's adware so I will obviously say it deserves to burn in hell, but even then it wasn't intended to be that malicious, but unfortunately because of the incompetence of its developers it opened a massive security breach in lots of Lenovo PCs (as this garbage was installed by default on them).
I personally wouldn't trust any software that wants to intercept my HTTPS traffic, not even the antimalware ones (like Avast and possibly others), it's just too much of a risk if they happen to screw up certificate validation (and not being able to see the "real" certificate of the website in my browser is also a problem).
In your case, this software is malware, the low quality site is a dead giveaway, looks like someone just rushed this because they wanted to see their über-l33t HTTPS-intercepting malware in action. And they use some FUD to coerce you into installing their cert :
MultiSwipe is a simple utility but in order for it to work correctly it needs to be able to control some of the users UI, so in order to install MultiSwipe you will need to first add the certificate that is located in the MultiSwipe directory of your download
The UI has absolutely nothing to do with certificates.
TLDR: don't install this software at all (even if you don't install a cert, it can still compromise your entire user account and possibly your machine if you run it as administrator - it's actually pretty lazy on their part to ask you to install the cert whereas they can do it themselves if you run it as admin).
I'm the developer of MultiSwipe and the reason why you need to install the certificate is because all application controlling UI, which means performing alt-tab type commands and the like, such as MultiSwipe need to be digitally signed.
Apparently the other answer writer spoke without knowledge on the topic, which means we need a trusted certificate in your system. Here is an article from Microsoft confirming it article.
Also, MultiSwipe doesn't access the Internet, so everything that the other answer said is not true. You can check your firewall or task manager and you will see MultiSwipe does not access the Internet. There is a contact section at our website that you can address any concerns if you want to, or here as well.
