mersenneforum.org Windows help...
 Register FAQ Search Today's Posts Mark Forums Read

 2020-05-31, 22:01 #1 chalsall If I May     "Chris Halsall" Sep 2002 Barbados 244616 Posts Windows help... So, I didn't quite know where to put this... I'm wondering if there's someone out there who can help me with something Windows related... I have an installer for a project I'm working on. The client runs on Windows 10, and does stuff. I was about to start Alpha testing with some friends and their families and employees. Everything was looking great -- installed and ran fine in my development environment. However, I've discovered that when the package is downloaded from a website (https, of course) Windows throws many warnings telling the user that the package is probably malware, and that they shouldn't install it. Until I pay the  $for my own Code Signing Cert, does anyone have such a cert they would be willing to sign my installer package with? I wouldn't need (nor want) your key itself. Instead, I would provide the EXE to sign. And this would only be for one or two alpha packages. By then I'll have my own key. I understand the reasoning behind this. But it's annoying that the entire development code-chain used is all Open Source, but I still can't deploy the code without forking out a GPU's worth of$  for a bit of math...
 2020-06-01, 22:17 #2 retina Undefined     "The unspeakable one" Jun 2006 My evil lair 132708 Posts If you downloaded the exe using a browser then the file will have an alternate stream that marks its source as external. Just delete the alternate stream.
2020-06-01, 22:26   #3
chalsall
If I May

"Chris Halsall"
Sep 2002

221068 Posts

Quote:
 Originally Posted by retina Just delete the alternate stream.
Not exactly "user friendly"...

The plan in to have a dozen or so alpha testers. I don't want them scared away by warnings.

2020-06-01, 22:37   #4
retina
Undefined

"The unspeakable one"
Jun 2006
My evil lair

23·727 Posts

Quote:
 Originally Posted by chalsall Not exactly "user friendly"... The plan in to have a dozen or so alpha testers. I don't want them scared away by warnings.
Delete the alternate stream before you run the exe. Then you won't see warnings. It is the alternate stream that causes Windows to show warnings.

2020-06-01, 22:54   #5
chalsall
If I May

"Chris Halsall"
Sep 2002

2×4,643 Posts

Quote:
 Originally Posted by retina Delete the alternate stream before you run the exe. Then you won't see warnings. It is the alternate stream that causes Windows to show warnings.
It's entirely possible I'm being profoundly stupid (or, at least, ignorant) here, but...

I produced my installer at the command line (using NSIS). Tested it in my development environment. No warnings.

SSH'ed it up to a server. Downloaded it by way of a browser (Chrome; HTTPS). At least three warnings, saying basically "This is likely malware; DON'T RUN THIS".

Is there anyway *I*, as the developer, can do something such that the *user* doesn't experience this? Advise welcomed.

 2020-06-01, 23:25 #6 a1call     "Rashid Naimi" Oct 2015 Remote to Here/There 3·643 Posts https://www.theregister.com/2020/02/...rome_blocking/ so https should be warning free Last fiddled with by a1call on 2020-06-01 at 23:29
 2020-06-01, 23:57 #7 dleclair     Mar 2003 1138 Posts I've been though this. You're going to need an EV code signing certificate otherwise Windows will continue to present dire warnings to everyone who downloads your app. There's no way around it. At first glance they're expensive but you can get discounts. PM me for details if you want.
 2020-06-02, 03:01 #8 retina Undefined     "The unspeakable one" Jun 2006 My evil lair 23·727 Posts Make it a zip file. Then the zip file gets the alternate stream identifying the Internet origin. So now the user can extract the exe locally and run it without any warnings. BTW: I love that MS is extorting everyone into paying for a cert. Last fiddled with by retina on 2020-06-02 at 03:01
2020-06-15, 22:41   #9
chalsall
If I May

"Chris Halsall"
Sep 2002

244616 Posts

Quote:
 Originally Posted by retina Make it a zip file. Then the zip file gets the alternate stream identifying the Internet origin. So now the user can extract the exe locally and run it without any warnings.
Thanks for this suggestion, and for the counsel given by dleclair via PM.

Quote:
 Originally Posted by retina BTW: I love that MS is extorting everyone into paying for a cert.
Yeah, it's frustrating how expensive a bit of math can be. Again, I understand the reasoning, but come on! How much does it really cost to do a background check, anyway?

Just to share, I had forgotten what a pain-in-the-ass string parsing is in C. What was trivial to do in the Perl prototype is convoluted (to be polite) to implement in C...

 Similar Threads Thread Thread Starter Forum Replies Last Post bbb120 GMP-ECM 9 2019-03-01 19:33 jasong jasong 0 2017-12-12 00:09 ixfd64 Lounge 23 2013-04-13 11:12 Unregistered Information & Answers 14 2010-04-10 21:47 Prime95 Software 9 2005-09-24 03:56

All times are UTC. The time now is 18:15.

Wed Oct 28 18:15:04 UTC 2020 up 48 days, 15:26, 2 users, load averages: 3.03, 2.82, 2.52