WinXP SP2 and Digitallly Signing your .exe

Discussion in 'Game Development (Technical)' started by Fost, Aug 28, 2004.

  1. Fost

    Indie Author

    Joined:
    Jul 31, 2004
    Messages:
    524
    Likes Received:
    0
    With Windows XP service Pack 2, if you download an exe file, then run it, you get an authenticode message. screenshot

    Looks like they are taking digital code signing up to the next level. So, my question is: does anyone have any reccomendations on where to obtain a digital id? Prices seem to vary wildy, some are based on a year's subscription, whereas others don't even say (Verisign comes in at a hefty $400).
     

    Attached Files:

    #1 Fost, Aug 28, 2004
    Last edited: Sep 2, 2004
  2. Jack Norton

    Indie Author

    Joined:
    Jul 28, 2004
    Messages:
    5,130
    Likes Received:
    0
    it looks to me that they're just trying to get more money from us developers :D
    anyway that's bad, many potential buyers could be scared by that message and never try the games... bah it's crap! :(
     
  3. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
    Wait so according to that, the only software that's safe to install is the one you buy at a store? Who the hell has the authority to decide this for the customer??? Not only that, the uselessness of their certificates makes this even worse. Even if you DO have one of those things, instead of seeing a warning about an unsigned EXE, the user is asked if they want to run a program published by "So and So" still not saying that it's safe to run it. They make the user decide if they "trust" that company.

    I think it's time for another anti-trust suit (no pun intended). :)
     
    #3 Valen, Aug 28, 2004
    Last edited: Aug 28, 2004
  4. Linusson

    Indie Author

    Joined:
    Jul 26, 2004
    Messages:
    65
    Likes Received:
    0
    Hopefully people will get so used to this question that they just click it away and say something stupid about a certain company.
     
  5. DavidRM

    Indie Author

    Joined:
    Jul 26, 2004
    Messages:
    156
    Likes Received:
    0
    I doubt it will matter much.

    When was the last time you ever noticed, or had a user ask about, this message that comes up when you click on a download link:

    Or have you *ever* read it? ;)

    -David
     
  6. bantamcitygames

    Administrator Original Member Indie Author Greenlit

    Joined:
    Jul 27, 2004
    Messages:
    1,731
    Likes Received:
    78
    I think this is only one of the problems we are going to see in SP2. Alot of companies are treating SP2 as an entirely new OS because of the many differences. I read an article recently that said Microsoft admitted that there would be many programs that would no longer run, but I believe they were talking about legacy type stuff. I haven't yet upgraded the computers at work because we run alot of older software and I'm affraid of the repercussions.
     
  7. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
    This is when you run the program though, not download it. There's also a difference between "some files might harm your computer" and "this file will probably harm your computer." :) But yeah looking at it again, it does seem like another one of those things that will just end up being ignored by users after they get used to it. Now that I think about it, wasn't this originally part of XP? Did they just leave it off by default at first and now turned it on by default?
     
  8. cliffski

    Moderator Original Member

    Joined:
    Jul 27, 2004
    Messages:
    3,897
    Likes Received:
    0
    well if it wasnt for the script kiddie morons writing their lame viruses we wouldn't have to put up with this crap. bah!
    To be honest, do you think many home users are going to bother upgrading to SP2? I know I won't because:
    1) my PC works fine as it is, and an OS upgrade can be a dodgy prospect
    2) I have antivirus and a firewall. why should i bother?
    3) I have better things to do.
    I think this isn't going to be a big issue.
     
  9. Mark Fassett

    Moderator Indie Author

    Joined:
    Jul 26, 2004
    Messages:
    541
    Likes Received:
    0
    I think many home users will do it, not knowing what they are doing. They changed windows update, and made it real difficult to not install sp2.
     
  10. Hamumu

    Indie Author

    Joined:
    Jul 26, 2004
    Messages:
    557
    Likes Received:
    0
    Yes, I have to decline to install it everytime I boot my computer... it's gonna spread a lot faster than any script kiddie's virus!
     
  11. Sillysoft

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    831
    Likes Received:
    0
    I think that Thawte has digital signatures significantly less than verisign. I don't think that I will bother though. If non-signed apps ever become the minority then I will look into getting one.
     
  12. Peter Wayne

    Original Member

    Joined:
    Aug 27, 2004
    Messages:
    17
    Likes Received:
    0
    #12 Peter Wayne, Aug 29, 2004
    Last edited: Aug 29, 2004
  13. Dingo Games

    Indie Author

    Joined:
    Jul 26, 2004
    Messages:
    143
    Likes Received:
    0
    Firewall too

    I just read that eweek.com article. Apparently there is now a windows firewall that is enabled by default. That could be a pain if you program "phones home". Or even when your program tries to get to your websites order page. I know that Zone Alarm often pops up when programs are trying to get their order page.. but I haven't installed SP2, so I don't know if it will do the same kind of thing.
     
  14. MiCo Games

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    38
    Likes Received:
    0
  15. GameStudioD

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    154
    Likes Received:
    0
    I installed SP2 on my laptop and I have had no problems. It just nags me everytime I boot the machine to turn on automatic updates.

    It does have a firewall. However, I read somewhere that a program can turn it off if it chooses to. So, if your game phones home, you can turn off windows firewall, and turn it back on again when you are done. Kinda makes the firewall useless.

    Having a message box for non-signed exes is just dumb. Users will just become numb to them and click the button that allows them to do what they want (run the program). Like the crash dialog in windows, I have seen that thing so many times. I never read it, I see 'Dont Send' and always click that.

    From the reviews I have read, SP2 really doesnt do much for security. Its more hype than security.
     
  16. MattInglot

    Moderator Original Member

    Joined:
    Jul 26, 2004
    Messages:
    170
    Likes Received:
    0
    I'm really glad that the firewall exists and it's one of the SP2 changes that I don't think is too drastic. Poeple have been using personal firewall products for years now so applications should already be taking this into account. I also don't see a reason to feel sorry for applications that no longer can use the internet without the user knowing.
     
  17. Andy

    Original Member

    Joined:
    Jul 29, 2004
    Messages:
    1,258
    Likes Received:
    0
    I suppose the theme of this thread is very important for all indies. Don't know why it appears in Game development than it probably should be in the Business section.

    Anyway, guys, look on your opinions. All of them are just guesses. Guesses from the developers. The question is how our prospects will react on that new alert dialogs. And that's really where I'd like to know more concrete data. How to collect them? - that's most important issue for us on current stage. And I don't see the future in such a rainbow colors like some of guys from here - SP2 would be installed everywhere, peoples will be reading that alerts - what would be their reaction (I don't install most ActiveX components when alerted - for example) and what to do?

    Thanks for reading,
    And thanks for your opinions,
     
  18. Nemesis

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    273
    Likes Received:
    0
    As mentioned earlier by David, the dialog is on the same lines as the "Some files could hard your computer...". Microsoft have gone one step further (for the sake of security) by integrating a software certificate service.

    As I see it, getting the certificate gives an indie the opportunity to bypass the distracting dialog or at least reassure the customer that the software is truly safe. Obviously we all know that no system is 100% safe and many developers will be loath to purchase certification.

    Anyway, this shows that you can never please everyone: more security == less convenience.

    I'd say don't bother too much with it. If you can afford certification, go get it and that's it. I like to think that most computer users have a working organ between their ears, called a brain, that will let them decide what is safe and what's not.
     
  19. Air

    Air
    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    90
    Likes Received:
    0
    For the record, a handful my computer-illiterate relatives & friends-relatives have called me numerous times to do just that-- ask me if it was ok to download/install some program/driver/etc. :) My dad gets it a lot with his job to (computer warranty repair). Amusingly the same people will readily adhere to the "instructions" to safe-guard their computers that they recieve via pop-ups and Windows Messaging (the thing in Win2k intended for business lans that was removed in XP). Sort of ironic eh?

    But on a side note, most of them (as I have mentioned before) are chronic game players and have spent perhaps a couple hunded a piece of game and other internet softwares. So when I look at them I see a very active customer base with high potential.

    - Air
     
  20. Fost

    Indie Author

    Joined:
    Jul 31, 2004
    Messages:
    524
    Likes Received:
    0
    So, back to my original question: does anyone have any recomendations for digital certificate vendors? Cheapest code signing cert I've found so far is £66 (UK pounds)
     

Share This Page

  • About Indie Gamer

    When the original Dexterity Forums closed in 2004, Indie Gamer was born and a diverse community has grown out of a passion for creating great games. Here you will find over 10 years of in-depth discussion on game design, the business of game development, and marketing/sales. Indie Gamer also provides a friendly place to meet up with other Developers, Artists, Composers and Writers.
  • Buy us a beer!

    Indie Gamer is delicately held together by a single poor bastard who thankfully gets help from various community volunteers. If you frequent this site or have found value in something you've learned here, help keep the site running by donating a few dollars (for beer of course)!

    Sure, I'll Buy You a Beer