mersenneforum.org

mersenneforum.org (https://www.mersenneforum.org/index.php)
-   GPU to 72 (https://www.mersenneforum.org/forumdisplay.php?f=95)
-   -   Windows help... (https://www.mersenneforum.org/showthread.php?t=25580)

chalsall 2020-05-31 22:01

Windows help...
 
So, I didn't quite know where to put this...

I'm wondering if there's someone out there who can help me with something Windows related...

I have an installer for a project I'm working on. The client runs on Windows 10, and does stuff. I was about to start Alpha testing with some friends and their families and employees. Everything was looking great -- installed and ran fine in my development environment.

However, I've discovered that when the package is downloaded from a website (https, of course) Windows throws many warnings telling the user that the package is probably malware, and that they shouldn't install it.

Until I pay the $ $ $ for my own Code Signing Cert, does anyone have such a cert they would be willing to sign my installer package with?

I wouldn't need (nor want) your key itself. Instead, I would provide the EXE to sign. And this would only be for one or two alpha packages. By then I'll have my own key.

I understand the reasoning behind this. But it's annoying that the entire development code-chain used is all Open Source, but I still can't deploy the code without forking out a GPU's worth of $ $ $ for a bit of math...

retina 2020-06-01 22:17

If you downloaded the exe using a browser then the file will have an alternate stream that marks its source as external. Just delete the alternate stream.

chalsall 2020-06-01 22:26

[QUOTE=retina;546968]Just delete the alternate stream.[/QUOTE]

Not exactly "user friendly"...

The plan in to have a dozen or so alpha testers. I don't want them scared away by warnings.

retina 2020-06-01 22:37

[QUOTE=chalsall;546972]Not exactly "user friendly"...

The plan in to have a dozen or so alpha testers. I don't want them scared away by warnings.[/QUOTE]Delete the alternate stream [i]before[/i] you run the exe. Then you won't see warnings. It is the alternate stream that causes Windows to show warnings.

chalsall 2020-06-01 22:54

[QUOTE=retina;546975]Delete the alternate stream [i]before[/i] you run the exe. Then you won't see warnings. It is the alternate stream that causes Windows to show warnings.[/QUOTE]

It's entirely possible I'm being profoundly stupid (or, at least, ignorant) here, but...

I produced my installer at the command line (using NSIS). Tested it in my development environment. No warnings.

SSH'ed it up to a server. Downloaded it by way of a browser (Chrome; HTTPS). At least three warnings, saying basically "This is likely malware; DON'T RUN THIS".

Is there anyway *I*, as the developer, can do something such that the *user* doesn't experience this? Advise welcomed.

a1call 2020-06-01 23:25

[url]https://www.theregister.com/2020/02/07/google_chrome_blocking/[/url]

so https should be warning free

dleclair 2020-06-01 23:57

I've been though this. You're going to need an EV code signing certificate otherwise Windows will continue to present dire warnings to everyone who downloads your app. There's no way around it. At first glance they're expensive but you can get discounts. PM me for details if you want.

retina 2020-06-02 03:01

Make it a zip file. Then the zip file gets the alternate stream identifying the Internet origin.

So now the user can extract the exe locally and run it without any warnings.

[size=1]BTW: I love that MS is extorting everyone into paying for a cert.[/size] :tu:

chalsall 2020-06-15 22:41

[QUOTE=retina;546990]Make it a zip file. Then the zip file gets the alternate stream identifying the Internet origin. So now the user can extract the exe locally and run it without any warnings.[/QUOTE]

Thanks for this suggestion, and for the counsel given by dleclair via PM.

[QUOTE=retina;546990][size=1]BTW: I love that MS is extorting everyone into paying for a cert.[/size] :tu:[/QUOTE]

Yeah, it's frustrating how expensive a bit of math can be. Again, I understand the reasoning, but come on! How much does it really cost to do a background check, anyway?

Just to share, I had forgotten what a pain-in-the-ass string parsing is in C. What was trivial to do in the Perl prototype is convoluted (to be polite) to implement in C...


All times are UTC. The time now is 19:07.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.