Code Signing Anyone?

Joe Lewis Wilkins pepetoo at cox.net
Tue May 22 10:02:17 EDT 2007 

So, right this minute, without a "cert", if I distribute an  
application for Windows on a CD or download from a website, what is  
the user's experience? Seems like just another one of M$'s ploys to  
make money on everything that goes into a Window's computer; but many  
times over. Rather astute strategy I should think. Just one more  
reason to dislike the Window's platform.

Joe Wilkins

On May 22, 2007, at 5:11 AM, Scott Kane wrote:

> Hi Bill, Jacqui and all,
>
>> That's neither possible nor desirable.
>
> Indeed.  It would be grounds for a cert to be pulled by the  
> authenticator.
>
>> It's not possible because the code signing takes into account a  
>> checksum for the whole .exe (along with other factors) and that is  
>> different with every application created, even though the embedded  
>> engine is the same.
>
> Yep.  That's exactly right.  If it were even possible then every  
> IDE developer on the planet would be issueing their programmer  
> customers with cert's and that would make the cert's useless.  The  
> whole point is to make each application unique, identifiable and  
> trackable (a cert can be pulled by Microsoft or their authorized  
> issuer which brings up an even nastier dialog box).  Each cert'  
> applicant is verified manually (by a human) with human readable  
> documentation.
>
>> It's not desirable because then any miscreant could download a  
>> trial copy of Rev, write the next great trojan horse virus malware  
>> spybot and it would appear to have been "signed" by Runtime Rev.
>
> Which is the whole point of the cert' as Bill rightly says.
>
>> In Windows XP, unsigned applications aren't so bad. But the end  
>> user experience gets much worse under Windows Vista, especially  
>> with limited accounts and UAC active. Signing applications is  
>> something anyone who distributes on Windows should know about. I  
>> hope Scott writes up the article.
>
> Judging by the reaction I'd say writing it is a go and I'm going to  
> enquire about getting a special price for RR customers but I can't  
> guarantee that so don't hold me to it as it will probably depend on  
> the number of potential customers.   I'll get onto it this week and  
> submit it to Heather etc and hopefully they'll publish it in the  
> near future.  :-)
>
> Scott Kane
> "When a distinguished but elderly scientist states that something  
> is possible, he is almost certainly right. When he states that  
> something is impossible, he is very probably wrong."
> Arthur C Clarke
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution

More information about the use-livecode mailing list