WinXP SP2 and Digitallly Signing your .exe

Discussion in 'Game Development (Technical)' started by Fost, Aug 28, 2004.

  1. Hamumu

    Indie Author

    Joined:
    Jul 26, 2004
    Messages:
    557
    Likes Received:
    0
    Wow, it's like a cross between the digital mafia demanding protection money, and John Ashcroft selling off your freedoms for supposed security and a nice colorful chart. Only with Microsoft shoved in there somewhere to crank the evil quotient up about 90%. I'm getting so tired of being in a business that is intimately intertwined with the biggest corporations on Earth. But I have no energy to fight matters like this when there's so much else going on. I'm pretty sure that was a large part of the plan. Hmm.
     
  2. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
    That's highly unlikely, and even if it happens it'll be something you can turn off as Cas said. Personally, I'm still using Windows 2000 because I can't think of any good reasons to install XP (I actually have an XP CD lying around). A few years ago I told a friend that the next OS I'll be upgrading to will probably be a flavor of Linux. With the way things are going, I will probably end up with Linux as my main OS and Windows for compiling, testing, and playing some games. :) A lot of the programs I use right now are Linux based anyway (Mozilla, Open Office, Gaim). Still, I don't see Windows 2000 becoming obsolete for many years as far as software compatibility goes.
     
  3. GameStudioD

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    154
    Likes Received:
    0
    Will digital signatures kill freeware and open source development projects? A freeware author wont want to spend 100-400 $ on a digital sig. Its just not worth it. And if the sigs were to come down in price, they would become meaningless.

    This really means, people will find work arounds to render this system useless.
     
  4. Mark Sheeky

    Indie Author

    Joined:
    Aug 7, 2004
    Messages:
    448
    Likes Received:
    0
    More importantly, how long before sig's are hacked and viruses look perfectly friendly and good software looks viral. Give it a week? or just a few hours? The clock is ticking... I'm sure some hacker in some dark corner somewhere is working on a sig-crack right this minute.

    How does Verisign distinguish between a hacker and a genuine user, or a geniune user that eventually becomes a hacker? What if the signature tool or whatever it is gets stolen or something? Perhaps I don't understand the process but if it's possible to sign genuine software then it's possible to sign software that causes damage, right?

    Anyone got a Microsoft email address we can bombard/lobby until they remove this feature?

    Mark
     
    #44 Mark Sheeky, Sep 2, 2004
    Last edited: Sep 2, 2004
  5. Andy

    Original Member

    Joined:
    Jul 29, 2004
    Messages:
    1,258
    Likes Received:
    0
    Sure... They are in a partnership with Microsoft in this business really. :mad:
    ... to grab our money... (was so :mad: - forgot to finish the message)
     
  6. EpicBoy

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    624
    Likes Received:
    0
    I'm confused as to how Linux would be your main OS then. :)
     
  7. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
    Since the only thing that scares the shit out of Microsoft is open source and free software, it's quite plausible that this is another attempt by MS to destroy them.

    Well the only things I'd need Windows for would be to compile my game and test it, and to play games. I can do all the development in Linux because I use SDL, and other than that I only use cross platform LGPL libraries. I also use PHP and MySQL for web development. Microsoft hates people like me. :) Other than games, there's nothing I'd need for which an alternative doesn't exist in the Linux world. For now though I'm fine with Win2K.
     
  8. EpicBoy

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    624
    Likes Received:
    0
    Not really. You DO have a copy of Windows. Heh...
     
  9. Fost

    Indie Author

    Joined:
    Jul 31, 2004
    Messages:
    524
    Likes Received:
    0
    It is obviously a worry in many respects because of the potential power that could be wielded. You can already elect not to run any unsigned activex and .net downloads in XP SP2 and I suspect exes will be next, but it is not the default setting.

    I'm sure certificates will come down in price, but this does not undervalue them - at least no more than they already are. Some people seem to think that having a certificate is a way to validate that you a trustworthy company - it isn't. A certificate is there to validate who you are, and that the download you are providing has not been tampered with by any third party.

    Remember, people like the GATOR corporation already have a certificate (how many times have you been to a website and a popup has asked if you want to trust the GATOR corporation? - that's certificates in action.) - all it does is let you know that the download has come from them and that no one else has tampered with it. The fact that it will install spyware all over your machine is irrelevant.

    I agree that it's stupid; only because 99% of users don't have a clue what any of it is or how it can help them, how should they know whether to trust Moonpod or GATOR? We'll just have to live with it though.
     
  10. Raptisoft

    Indie Author

    Joined:
    Jul 29, 2004
    Messages:
    804
    Likes Received:
    0
    Well, now that everyone *has* to have a certificate, I think you'll find that a lot of certificate startups will come out. There's money to be made there, which means competiton, which is good.

    Look forward to $25 certificates in the next couple years. :)

    The only reason Verisign etc can charge so much is that not many people want them.
     
  11. Valkilos

    Original Member

    Joined:
    Aug 13, 2004
    Messages:
    24
    Likes Received:
    0
    Blaaargabrble!!!!

    I was originally going to make an absurdly long-winded post about how much I hate this. Instead, I'll summarize:

    BLAAARGABRBLE!!!!

    Windows Pop-up: "This program was written by someone who has not given us money. It will therefore devour your soul, physically remove any reproductive organs you may have, and then proceed to destroy everything and everyone you hold dear. Have a nice day."

    I mean, I understand that there will be barriers to entry in any given field when you're trying to start up a business - it's to be expected. But as it stands right now, they're essentially making it difficult for anyone to write commercially available software for their OS without giving them money (well, without giving money to someone who gives them money, anyway). Add in the fact that this could theoretically give them the power to deny authentication to companies for whatever reason and... I mean, really, if I wanted to put up with this, I'd have been developing for consoles.

    To re-iterate: BLAAARGABRBLE!!!!
     
  12. oNyx

    Original Member

    Joined:
    Jul 26, 2004
    Messages:
    1,212
    Likes Received:
    0
    >Look forward to $25 certificates in the next couple years. :)

    Once upon a time there were $20 certs. They were good enough for signing applets for example.

    However, they don't exist anymore. They ceased to exist about 4-5 years ago, because everyone and his dog just used the cheap certs... :rolleyes:
     
  13. Nutter2000

    Original Member Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    993
    Likes Received:
    3
    Indeed

    I thought most of that was in the standard Microsoft EULA? :D

    I suspect, not so much in my infinite wisdom but in my general experience of human nature, that it won't be too long before there is an acceptable, or at least half-finished ;), open source initiative as a good alternative. There's already PGP for mail security.

    Plus if Microsoft tried to set itself up as judge and jury on acceptable programs using the certificates then they will be playing straight into the hands of the governments trying to break their monopoly, so I suspect they won't go that route, but I do agree it has reaching implications and it appears to give power over our software to Microsoft.

    Personally, I'm not too bothered about it, people are already paranoid enough about downloading things off the Net and paying a small fee to digitally sign your app to ease their fears is well worth it in my opinion. That is so long the system remains secure and Microsoft don't abuse their position.

    4 exclamation marks! surely the sign of an insane mind :p
     
  14. tentons

    Indie Author

    Joined:
    Mar 1, 2004
    Messages:
    664
    Likes Received:
    0
    Way more than that.

    It will give power to governments over how your software behaves--and the way you use your software. Maybe I'm paranoid, but if you don't see how this eventually could lead to control over how you behave, it's right there just on the edge of the shadows staring back at you.
     
  15. Air

    Air
    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    90
    Likes Received:
    0
    Here's an analogy I don't think anyone has mentioned yet:

    Maybe it'll just fly over about the same as that whole "digital signing" for your video&soundcard drivers, introduced in Windows 2000. A quick check of my system reveals that none of the drivers I'm using have an official digital signature. In fact I can hardly think of an driver I've ever installed that didn't give me a digital signature warning, outside the drivers that came with my Win2k CD. I've never used WinXP though-- is the digital sig warning when installing/updating drivers as visible and intrusive as it is in Win2k? If so, how many people have become completely jaded to even paying one bit of attention to that warning, computer literate and illiterate alike? And has it given power to Microsoft over what drivers people do and do not use?

    There's other examples of this sort of behavior all over corporate america too, and not just in computers. That ADA label on the bottom side of your toothpaste-- you think Crest gets to stick that little label there for free? :)

    The real shame of it is that desktop computers are becomming such a corporate device all-around. Eventually we'll all forget the neat hobbiest freedoms we once enjoyed, and the entire industry will be muddled in legalities, fees, and half-dozen other things that most of the end-users will be completely unaware of, because none of it serves any purpose other than to transfer sums of money from one person/place to another, and back again. The end user will pay a gretuitous sum of money for the product, at which point most of the money is transferred to a dozen "invested parties" who's only jobs are to ensure that people think they're important somehow-- and about 4% will go to the actual programmers and hardware manufacturers (who will all live in India).

    Ah the consequences of progress.
     
  16. Mithril Studios

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    94
    Likes Received:
    0
    Like being able to buy and sell anything?

    Like what this company is making?

    Like what Revelation 13:16-18 describes would happen?


    Anthony
     
  17. Greg Squire

    Original Member

    Joined:
    Aug 5, 2004
    Messages:
    848
    Likes Received:
    0
    Yep, it sounds beastly. :D

    [begin rant]
    In a limited fashion this is happening with credit cards. Ever been in a store that wouldn't take checks? I have; they only accepted cash and credit cards. Also, some online businesses only accept credit cards as payment.

    Again, our lives are increasingly being controlled by hands of a few. A trend that I don't care for, and wish would stop. Our freedoms are being slowly stripped away, all in the name of "security". Boy that makes me feel “secureâ€￾. [end rant]
     
  18. EpicBoy

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    624
    Likes Received:
    0
    Not accepting checks has more to do with "not getting screwed" than "controlling customers".
     
  19. Greg Squire

    Original Member

    Joined:
    Aug 5, 2004
    Messages:
    848
    Likes Received:
    0
    I agree. Again, it's a security issue. The retailer feels safer (and maybe is safer), by not accepting checks at all.
     
  20. Bluecat

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    330
    Likes Received:
    0
    You Americans! :p Ever been in a store that doesn't accept cheques... I doubt if many stores in Australia accept cheques any more. It's all credit or cash. You can pay most of your bills electronically. As I understand it Australians are using cheques less and less, and from what I understand, don't particularly care.

    cheers
     

Share This Page

  • About Indie Gamer

    When the original Dexterity Forums closed in 2004, Indie Gamer was born and a diverse community has grown out of a passion for creating great games. Here you will find over 10 years of in-depth discussion on game design, the business of game development, and marketing/sales. Indie Gamer also provides a friendly place to meet up with other Developers, Artists, Composers and Writers.
  • Buy us a beer!

    Indie Gamer is delicately held together by a single poor bastard who thankfully gets help from various community volunteers. If you frequent this site or have found value in something you've learned here, help keep the site running by donating a few dollars (for beer of course)!

    Sure, I'll Buy You a Beer