Hi all,
Well, Aaron has been answering my questions all day today as I try various things, and I’m sorry to say I need to correct some misunderstandings I may have helped cause: *You cannot use WESign to sign an app. * You cannot sign an app with a free self-cert certificate (which is the kind discussed in the KB article for WESign). · * If you want to sign your apps in such a way that it effects whether Windows will run your app or not (based on whether the user has chosen to indicate you are a “trusted publisher”), then you must purchase a commercial code signing certificate (which someone who has done a little investigating has found to be around $170). You could choose to generate a self-cert certificate, and sign your apps with it, if you think it gives your users a better sense of security;; however, it has no effect on whether it runs or not, and anyone else could also generate a self-cert certificate using the same name that you chose. My understanding is that the commercial certificates do investigate to see if you are who you claim to be. Therefore, WESign is useful for data which you wish to secure for your app’s use, and you can use the free self-cert certificate for this, but not (as far as I can tell) for improving your app’s security. If a user chose to set their app security to run “trusted apps only”, then they’ll have to set your app as trusted (and I am not sure if that has to be done for each update or only once per app). Hth, Chip From: Aaron Smith [mailto:[email protected]] Sent: Monday, January 19, 2015 3:35 PM To: [email protected] Subject: RE: I got A Greeting From Isamic and it says Greetings Actually, we have a KB article that talks about creating digitally signed content. You can access it at: http://gwmicro.com/KB2055 Thanks, Aaron -- Aaron Smith Web Development * App Development * Product Support Specialist Ai Squared * 725 Airport North Office Park, Fort Wayne, IN 46825 260-489-3671 * www.aisquared.com To insure that you receive proper support, please include all past correspondence (where applicable), and any relevant information pertinent to your situation when submitting a problem report to the Ai Squared Technical Support Team. From: Chip Orange [mailto:[email protected]] Sent: Monday, January 19, 2015 3:32 PM To: [email protected] Subject: RE: I got A Greeting From Isamic and it says Greetings You’re right Jonathan, and I apologize to you and rick for saying this discussion wasn’t helpful (just had a hard day was my only excuse). I will start signing all my apps from now on. It would be helpful if eventually, when things settle down, if support from GW/AI could publish instructions on the best way to do this. Perhaps they could even tie our certificates to our app developer accounts (have us upload them to our developer accounts)? Chip From: Jonathan C. Cohn [mailto:[email protected]] Sent: Saturday, January 17, 2015 3:55 PM To: [email protected] Subject: Re: I got A Greeting From Isamic and it says Greetings All vendor supply scripts are signed so if you enable trust only signed scripts in security settings than unless the intruders also obtained the security certificate windowsEyes would not run the code. Also, WE does not enable scripts when in admin type mode so the os is fairly safe. It does not hurt to questions about the new paths of vulnerability. But it is nt as easy to break modern operating systems as TV depicts, unless a breach was already there. so as app developers should we get signing certificates to help keep fraudulent apps. es Sent from my iPhone On Jan 17, 2015, at 1:47 PM, Chip Orange <[email protected]> wrote: There is no special reason to think any scripter’s account on the GW web site could be hacked? Why would you think that? It takes a login ID and a password; the exact same thing my online bank requires for me to login. Your posts aren’t helping prevent future incidents, so much as promoting “scare tactics” specificly against GW apps, and so I’d ask you to consider before you post any more. From: Rick Thomas [mailto:[email protected]] Sent: Saturday, January 17, 2015 5:49 AM To: [email protected] Subject: RE: I got A Greeting From Isamic and it says Greetings Think this is off list Bruce, if not ok. You are a scriptor. How easy would it be to create a vb script and then post some update to another persons script using phoney names and all that jazz? I am thinking it would be pretty easy but don’t know. The dude who hacked members machines like this could have deleted the hard drive or otherwise trashed peoples machines. It was lucky that person didn’t hack the Bible Peoples machines via an update to that script and trashed them. Since you have done some scripting I am wondering what safe guards are in place to ensure scripts come from the original author and if GW verifies this type of information. Rick USA From: LBX [mailto:[email protected]] Sent: Friday, January 16, 2015 7:53 AM To: [email protected] Subject: I got A Greeting From Isamic and it says Greetings OK, I know this is not the list but not on the app listing. I got a tool kit update this morning. Then discovered a message which states, "Greeting From The Islamic State" There is more to that, but it ended with, "Please Contact GW Micro" So, what is going on now? It is on my XP computer after doing the Tool Kit update a few minutes ago, Sincerely Bruce ----- Original Message ----- From: Aaron Smith <mailto:[email protected]> To: [email protected] Sent: Tuesday, January 13, 2015 2:57 PM Subject: RE: Window-Eyes 9.0 sdk Hi, Sean. It’s available now: http:// gwmicro.com/App_Central/Developers Thanks, Aaron -- Aaron Smith Web Development * App Development * Product Support Specialist Ai Squared * 725 Airport North Office Park, Fort Wayne, IN 46825 260-489-3671 * www.aisquared.com To insure that you receive proper support, please include all past correspondence (where applicable), and any relevant information pertinent to your situation when submitting a problem report to the Ai Squared Technical Support Team. From: Sean Farrow [mailto:[email protected]] Sent: Tuesday, January 13, 2015 1:50 PM To: '[email protected]' Subject: Window-Eyes 9.0 sdk Hi all, Does anyone know when the WE9 scripting sdk will be made available? Kind regards Sean. _____ <http://www.avast.com/> Image removed by sender. This email has been checked for viruses by Avast antivirus software. www.avast.com <http://www.avast.com/>
