cnpack / cnwizards

CnPack IDE Wizards
http://www.cnpack.org
578 stars 140 forks source link

Downloads / Nightly Builds do not have a code sign cert - "Unknown Publisher" #159

Open MartinSedgewick opened 2 years ago

MartinSedgewick commented 2 years ago

Due to the security on my computer I can no longer install CNWizards due to their not being a publisher in the installer.

Windows Safe Scan prevents it from running. This may be a problem on corporate machines and prevent users from using it.

Any reason why the certificate is no longer used? Is it a cost issue?

shanzhashu commented 2 years ago

In fact, we never do the installer signature before due to time and cost issue.

Seems windows enhances its security policy, so comes the prevention.

We'll do some research about it.

TommiPrami commented 2 years ago

For Win11 M$ will soon release some security tool, whose name I do not recall, that will be even stricted of checking signatures etc.

Don't know how wide adoption will be at the start, as apparently the tool mandates win11 reinstall. Apparently it goes deep into the system if it needs to be reinstalled.

Ah, it is called 'Smart App Control' :

“Smart App Control is a major enhancement to the Windows 11 security model that prevents users from running malicious applications on Windows devices that default blocks untrusted or unsigned applications,” Microsoft vice president David Weston explains. “It goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud. Model inference occurs 24 hours a day on the latest threat intelligence that provides trillions of signals.”

Smart App Control is interesting because it will be enabled by default on new Windows PCs in the future. But if you upgrade to whatever version of Windows 11 that enables this feature on an existing install, you will have to use Reset this PC to reset Windows 11 and clean install it. That is, I believe, unprecedented.

-Tee-

On Mon, Apr 11, 2022 at 3:41 AM Liu Xiao @.***> wrote:

In fact, we never do the installer signature before due to time and cost issue.

Seems windows enhances its security policy, so comes the prevention.

We'll do some research about it.

— Reply to this email directly, view it on GitHub https://github.com/cnpack/cnwizards/issues/159#issuecomment-1094428526, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7E2H6END6HC6AQM72XKSTVENYKFANCNFSM5TBPTY6Q . You are receiving this because you are subscribed to this thread.Message ID: @.***>