Intro Download and install Frequently Asked Questions Tips and tricks

Homepage







© J.C. Kessels 2009
MyDefrag Forum
May 23, 2013, 02:44:12 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: include self-signed Security Certificate  (Read 3020 times)
ArShui
Newbie
*
Posts: 2


View Profile
« on: February 19, 2010, 06:12:42 am »
This is a good ideal for mydefrag to create a self-signed Security Certificate and use it to digital sign the installer and program, so that when we run the installer and program, the UAC in Vista/Seven will say this have a verified publisher instead of unkown publisher (when the self-signed security certificated was installed properly on our computers).

As a result, we will be more comfortable when the installer / program was not modified by other (assume the developer keeps the key in a safe place)
Logged
jeroen
Administrator
JkDefrag Hero
*****
Posts: 7155



View Profile WWW
« Reply #1 on: February 19, 2010, 09:21:17 pm »
Thanks for sharing your idea, I appreciate it. I am considering it, but MyDefrag is free software. A security certificate for signing software costs 180 dollars per year (Comodo code signing certificate). Perhaps somebody knows a cheaper certificate outlet?
Logged
quanthero
JkDefrag Hero
*****
Posts: 234



View Profile
« Reply #2 on: February 19, 2010, 11:25:16 pm »
Quote from: jeroen on February 19, 2010, 09:21:17 pm
Thanks for sharing your idea, I appreciate it. I am considering it, but MyDefrag is free software. A security certificate for signing software costs 180 dollars per year (Comodo code signing certificate). Perhaps somebody knows a cheaper certificate outlet?
Isn't signing free if you use self-signed certificate?
Logged
jeroen
Administrator
JkDefrag Hero
*****
Posts: 7155



View Profile WWW
« Reply #3 on: February 20, 2010, 08:07:11 am »
Quote from: quanthero on February 19, 2010, 11:25:16 pm
Isn't signing free if you use self-signed certificate?
Yes, it's free. But not recognized by Windows, it will popup the same nasty "unkown publisher" warning.
Logged
amk
JkDefrag Hero
*****
Posts: 101



View Profile
« Reply #4 on: February 20, 2010, 08:19:54 am »
To register signer of certificate it must by certified using another already registered.
Logged
ArShui
Newbie
*
Posts: 2


View Profile
« Reply #5 on: February 23, 2010, 03:12:42 pm »
Quote from: jeroen on February 20, 2010, 08:07:11 am
Quote from: quanthero on February 19, 2010, 11:25:16 pm
Isn't signing free if you use self-signed certificate?
Yes, it's free. But not recognized by Windows, it will popup the same nasty "unkown publisher" warning.

Of course, window will pop up a unknown publisher warning but user can install this security certificate (this mechanism was used by ext2fsd).
Doing so allow the user to know the program was not modified by other except the developer (which is the benefit when installing this self-sign certificate).
Logged
jeroen
Administrator
JkDefrag Hero
*****
Posts: 7155



View Profile WWW
« Reply #6 on: February 24, 2010, 01:32:19 pm »
Quote from: ArShui on February 23, 2010, 03:12:42 pm
Doing so allow the user to know the program was not modified by other except the developer
Are you thinking about viruses? They usually wrap themselves around a program, so running the program will first run the virus. And then the original program, which will show the original certificate. People will think that MyDefrag is the virus....

A certificate is useful for commercial programs, which are protected by a serial number or something similar. The owner of the program does not want a hacker to remove that protection. A certificate will help there. This of course does not apply to MyDefrag.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC Valid XHTML 1.0! Valid CSS!