WinXP SP2 and Digitallly Signing your .exe

Discussion in 'Game Development (Technical)' started by Fost, Aug 28, 2004.

  1. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
    Why would anyone want to use checks instead of a credit card?? Maybe it's just me, but if I could pay for everything with a credit card, I would. I pay half my bills with my credit card. I would pay them all if I could. It's a lot easier to just *click* and transfer the money from your checking account to the CC issuing bank, rather than write 100 checks. There's also more liability protection for you not just the vendor. I think eventually there won't be any paper money, and everything will be paid for using something resembling a credit card. I just hope I live to see that day. :)
     
  2. Mickey Crocker

    Mickey Crocker New Member

    Joined:
    Aug 2, 2004
    Messages:
    72
    Likes Received:
    0
    I think people are giving into this SP2 thing too easily and I don't see it as big of a concern as most people here seem to. After all we're Indies, no need to act as if this change is going to effect us by the millions just yet.

    I believe (like some have already noted) that the general public will become numb to these little download warnings and begin to ignore them. I also believe instead of jumping on the bandwagon of forking over money to these corporate companies (like they want us to do), so they can tell our customers that we are trustworthy, why don't we show our customers ourselves?

    Why not begin your own “Trusted Downloadâ€￾ plan for your company? The rough idea I have come up with is to add "Trusted Download" image (icon) on your download page and have another page documenting your safe and secure company. This could give facts in point form that declare that the selected download does not contain any spyware, viruses, and has never been handled by a third-party. It may not seem like much, but it's a step in fighting back. You could have a standard "Trusted Download" image designed for your company. Place this image by the downloads of all of your software and when consumers click the image, you could have a list of why you can be trusted, why your download is trustworthy. Make your customers feel safe with your company, and they will be sure to make the download, and ignore Microsoft's little warning.

    Just my two cents...
     
  3. Mark Sheeky

    Indie Author

    Joined:
    Aug 7, 2004
    Messages:
    448
    Likes Received:
    0
    I think you're right. I've been told that the warning only appears on the highest security setting in which case it's reasonable because if you want a high level of security then an 'are you sure' warning is understandable.

    Mark
     
  4. Mike Boeh

    Administrator Original Member

    Joined:
    Jul 26, 2004
    Messages:
    949
    Likes Received:
    0
    Here is what the user will see if the download is unsigned:
    http://www.retro64.com/bf2222/warning.png

    Here is what the user will see if it's signed:
    http://www.retro64.com/bf2222/signed.png

    MS isn't out there trying to make money with this- to my knowledge, they do not own any of the certificate providers. Effective or not, they are trying to make their OS safer for consumers. At 90$/year from comodo (2 years purchase), I think it's within any indie's reach to pay for it.
     
  5. Mike Boeh

    Administrator Original Member

    Joined:
    Jul 26, 2004
    Messages:
    949
    Likes Received:
    0
    As a side note, if you do not have a phone number in the name of your business, thawte requires a notarized letter sent to them on your behalf.... Comodo doesn't have this requirement, and the user experience is identical. And Comodo is by far the least expensive. So if you do decide to code sign your executables, it kind of makes it an easy decision :)
     
  6. tentons

    Indie Author

    Joined:
    Mar 1, 2004
    Messages:
    664
    Likes Received:
    0
    It's only a security issue if you over-simplify it and choose not to look at the big picture--just what they hope you'll do. All of these changes are in the name of wealth under the guise of security. The problem is that this doesn't mean it will be used scrupulously or it will be limited to the initial intent. It's almost guaranteed to become abused.

    The problem is that little by little we're being manipulated into being controlled by some very powerful entities that do not have the best interests of "the whole" on their minds. "It's just one little change." But then it's another, and another, and another, and another. "Group X in that industry has been doing it for years." And now this industry. And next that industry. And then all industries.

    This is unprecedented in history, and it's not just a security issue. It could easily affect all of our businesses, and that will definitely impact our lives. I for one do not want to hand over my profits just because some gigantic corporation is selling a security feature that they claim will protect me from myself. It's been agreed that signing an exe proves nothing about the content of the exe other than that someone paid money to have it signed. What it does is of no concern to the "certifying authority" who took that money.

    I personally like the idea of paying with plastic for convenience (I use a bank card a lot), but there are some very grisly risks that are neither "paranoid" nor "science fiction" anymore. Caveat emptor, indeed.
     
    #66 tentons, Sep 6, 2004
    Last edited: Sep 6, 2004
  7. tentons

    Indie Author

    Joined:
    Mar 1, 2004
    Messages:
    664
    Likes Received:
    0
    I don't subscribe to any religion, but this isn't something to brush off as novelty or conspiracy.

    It starts with pets, then it's kids. Those kids' kids won't think twice about a chip. At that point, it's the whole population.

    All in the name of what? Say it with me: Security! "My kid is safe because I can always find him if he's kidnapped." Yeah, and who else can always find him when he's just playing in his room? Don't count on these technologies being used in limited ways.

    Similarly, signed exe's is just a beginning for software.
     
  8. Aldacron

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    116
    Likes Received:
    0
    * some people don't own a credit card (for whatever reason)
    * some people don't want to pay interest on everything they purchase
    * some people don't charge beyond an arbitrary minimum per month
    * some people still don't trust in the security of online transactions
    * I could probably think of more if I try

    I do not own a credit card. My circumstances make it very difficult to get one without jumping through hoops (long story short: I'm a US citizen working for a Korean company in Korea, non-US resident, no record of income for the past several years). My wife had six credit cards when we first got married five years ago. I'm still paying those off. Korean card companies have no minimum payments. You are expected to pay the full amount each month (though you can prorate a charge over several months at the time of purchase - but several of those together really adds up). Failure to pay the full amount each month causes interest to be added, and interest is rather steep. It's insane. And the Koreans are wondering why so many card companies are having financial troubles.

    I can only shop online at shops which accept cashier's checks (since there's no such thing as a checking account in Korea). I can't enter any free trials for any sort of online subscription, since they all require a credit card. There have been several instances where I was ready to buy something, but a credit card was required. In most cases, I see it as a lost sale for the store and don't think twice about. But when it's something I'm really keen on having, then my blood boils and I send off a scathing email to remind the business that not everyone in the world owns a credit card. To no avail of course.

    And even if I could easily get a card, I'm not sure if I would. I don't like paying extra for the convenience of having it.
     
  9. Rainer Deyke

    Indie Author

    Joined:
    Jul 28, 2004
    Messages:
    380
    Likes Received:
    0
    Er, why would would anybody not pay the full amount on their credit card each month? To me, that's just stupid. If I can't afford to pay for something, I can't afford to buy it.

    Here in the US it's actually cheaper to pay with credit card than it is to pay with cash. Credit cards are usually free, sometimes give you cashback, and always allow you pay one month after your actual purchase, which means your money can accumulate interest on your savings account longer.
     
  10. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
    To be fair, the certificate does prove one useful thing -- that the EXE hasn't been tampered with. It basically says "this EXE was made by Someone's Company Inc. and has not been messed with by anyone else. You can feel safe running it if you trust Someone's Company Inc." Though I do agree that this doesn't automatically make the software itself safe, it does at least gaurantee that the EXE won't have a trojan or virus attached to it if the certificate holder is trustworthy. Assuming that the user knows who Someone's Company Inc. is (most of the time it should be the site they downloaded it from), they should be able to decide if it's safe to run. Of course, if the EXE came right from the company's site it should be safe anyway, so I think this system is of limited usefulness. Considering that you can get a certificate for $100 a year though, it's not the end of the world.

    I apologize for making such a broad reaching statement. My opinion is based purely on the way credit cards are handled in the US. Based on what you're saying, things are very different in Korea. Here in the US there's no charge for having a credit card (except for American Express which has a yearly fee). There's also no minimum amount you have to buy per month, you can have a $0 balance. You don't have to pay the full balance every month, but in the 5 years that I've had a credit card I've always paid it in full. Interest rates on credit cards here are probably not much lower than what you have in Korea though, they can range from 15% to 25%. I can see why it wouldn't be convenient for you, but for those people living in the US I don't see any good reasons not to use them.
     
    #70 Valen, Sep 6, 2004
    Last edited: Sep 6, 2004
  11. Nutter2000

    Original Member Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    993
    Likes Received:
    3
    To be quite honest with you mate, if you don't think that our governments don't already have that power and have already used it many times in the past then I think you must have seriously had your head in the sand.

    The point I'm trying to make is that this an attempt by Microsoft to improve security over the internet. They have a vested interest making their product as user-friendly and above all SAFE for the average user, who I'm afraid to say, don't particularly know sh!t about computers.

    We've all see pirated software, even some of our own games, and it annoys the hell out us because we can't do anything about it, we see spyware and trojan/virus embedded applications on the internet trying to catch the unwary, this is a good solution to the problem of content on the internet.

    Our governments, certainly the UK and US, have finally woken up to the fact that there's a lot of dangerous stuff on the net that affects the average "voter" but, like most dinosaurs-like official bodies, once they're threatened they're liable to go on a rampage, the last thing any of us want is state content controlled internet like they have in China and I've certainly seen that suggested by various UK MPs/US Senators in the past!

    This is a reasonable solution to a tricky problem, yes it could ultimately be abused by various entities in power but so can pretty much every law ever passed.
    In my opinion, what we should do is become involved as best we can so that we have a recognised voice should the powers that be try and abuse the system.
    Even better why don't we all band together and come up with a system, like that Trusted Download Plan idea, which is regulated by us as a community, if we can get it recognised as being trustworthy than those who feel MS approved certificates are a bad thing have an alternative.

    If we fight against this then what perception are our customers going to have? They'll mentally put us in the same group as virus writers, spyware makers, etc, and that we don't want.[/RANT]

    I'm on medium level and it's automatically set on mine.
    Either way to be honest, SP2 sets it to warn as default so it's something that general populus won't realise they can't turn off.
     
  12. princec

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    4,873
    Likes Received:
    0
    I just contacted them; the certs work for Java too. So I'll be signing my stuff today.

    Cas :)
     
  13. EpicBoy

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    624
    Likes Received:
    0
    What about the crazy and totally unrealistic situation where you have to buy something like a plane ticket for something as ludicrous as say, a family emergency? You can't afford that ticket, but you have to buy it.
     
  14. Raptisoft

    Indie Author

    Joined:
    Jul 29, 2004
    Messages:
    804
    Likes Received:
    0
    Here's an advantage:

    Hacker cracks your program.
    Hacker posts it on the net.
    WinSP2 says "Whoa there! This is an unsigned executable, it could contain trojans or viruses!"

    That oughta be good to scare off a couple hundred thieves a year.

    Certs are fairly cheap, but I think it *would* be good to set up Indie starter certificates. ASP or otherwise could probably set up a program. Until you make $5000, you can use the indie cert, after that you gotta buy your own, hm?

    If we all get signed, eventually people will stop taking cracks and hacks because they're unsigned.
     
  15. Fost

    Indie Author

    Joined:
    Jul 31, 2004
    Messages:
    524
    Likes Received:
    0
    Do you have a link to where you can purchase their code signing certificates? I can only seem to find SSL certs on their site...

    EDIT - scratch that, instantSSL who I already mentioned myself are resellers for Comodo at that price (missed the /year bit :rolleyes: )
     
    #75 Fost, Sep 6, 2004
    Last edited: Sep 6, 2004
  16. Valen

    Indie Author

    Joined:
    Jul 27, 2004
    Messages:
    133
    Likes Received:
    0
  17. Mike Boeh

    Administrator Original Member

    Joined:
    Jul 26, 2004
    Messages:
    949
    Likes Received:
    0
    I believe instantssl isn't a comodo reseller, but rather is comodo itself...

    I signed all our games, but I am unable to find a timestamp url for comodo- which isn't a big deal, but it would be nice to have. They mention timestamping in their faq, has anyone found that url?
     
  18. Adrian Lopez

    Original Member

    Joined:
    Sep 7, 2004
    Messages:
    489
    Likes Received:
    0
    This thread has inspired me to write about SP2's code-verification features. I'm just getting started, but here are the key points I'd like to discuss:

    • The digital signature infrastructure is controlled by the few corporations with the power to hand out valid code-signing certificates. This means a small group of companies have final say over certificate granting, renewal and revocation policies. The potential for abuse is significant, as it gives them indirect control over software distribution policies.
    • Digital signatures are expensive (as in yearly subscription fees), making Indie and Open-Source development more difficult (if you care about signatures).
    • Signatures do not provide security (trusted != trustworthy), they only provide for proof of identity and proof that the code wasn't tampered with after the publisher signed it (if the publisher doesn't know the code is infected with a virus he'll release an infected program with a perfectly valid signature). Signatures may also provide for some added degree of accountability by forcing publishers to identify themselves.
    • Requiring digital signatures may seem like a reasonable compromise for code which executes automatically, but it's better to have a platform that is truly secure in the first place. A platform is only secure if a program, once it's running, cannot do a whole lot of damage without the user taking steps to allow it. In this regard UNIX is a secure platform by design, but Windows is not. Likewise, Java is secure by design, but ActiveX is not.
    • Code verification in SP2 applies only to code downloaded from the internet. Code shared through CD-R's may be tampered with or infected with viruses, but Windows won't warn about that.
    • For code that is manually executed, the benefits are rather questionable:
      • The publisher's identity is usually known by the context of the download (assuming you're downloading from a well-known, trusted site).
      • In-transit tampering is rare.
      • Local tampering (a common vector for virus attacks) can be remedied through the use of unix-like permissions.
      • Social engineering attacks are still possible with SP2. The hacker may tell you to run the program from a floppy, or else he may tell you to run it through the command line interface. Neither of these methods will produce a warning in SP2.

    Agree or disagree? Any ideas?

    PS - Fost: May I use your screenshot of SP2's warning dialog in my article? I don't have SP2 so I need to use somebody else's screenshot.
     
    #78 Adrian Lopez, Sep 7, 2004
    Last edited: Sep 7, 2004
  19. Fost

    Indie Author

    Joined:
    Jul 31, 2004
    Messages:
    524
    Likes Received:
    0
    That all sounds very 'big brother', and we aren't anywhere near that right now. Future Windows Os's might start to ramp this up to the point where all code has to be signed (to prove it's origin). It sounds awful, and fundamentally, I don't want people telling me what I can and can't run on my computer, but it's hard to think of legitimate cases where that would be a problem, except with legacy code that is unsigned.

    This is a good point, and in fact this is the point of digitally signing an app - to prove who you are. I don't think most end users understand a thing a bout them though (in fact, let's face it, most of us developers don't!), and just see it as some seal of approval, or trust.
    Yeah, but:fundamentally it's better to have a platform on which people are prepared to pay for your games in large quantities. That platform is not Linux (currently). It's easy to forget that your average user doesn't actually know what linux even is (and hasn't heard of Slashdot)
    Specifically in the case of shareware, many of the downloads come from shareware download sites. They may end up being downloaded directly from the publishers site still, but the initial download link is offsite and so could be to anywhere.
    Of course!
     
  20. tentons

    Indie Author

    Joined:
    Mar 1, 2004
    Messages:
    664
    Likes Received:
    0
    I won't get started on that rant, but my concern is that it just leads to more control. I'm not saying signing is bad or that in and of itself gives anybody too much control. But maybe it's paving the way for something more.

    They told us that cameras on the highway were just for traffic, but now they want to use them with face recognition to look for terrorists and other criminals. What's next?
     

Share This Page

  • About Indie Gamer

    When the original Dexterity Forums closed in 2004, Indie Gamer was born and a diverse community has grown out of a passion for creating great games. Here you will find over 10 years of in-depth discussion on game design, the business of game development, and marketing/sales. Indie Gamer also provides a friendly place to meet up with other Developers, Artists, Composers and Writers.
  • Buy us a beer!

    Indie Gamer is delicately held together by a single poor bastard who thankfully gets help from various community volunteers. If you frequent this site or have found value in something you've learned here, help keep the site running by donating a few dollars (for beer of course)!

    Sure, I'll Buy You a Beer