From: Mark Andrews on
I understand this is not really an Access issue but when I started to search
about this issue I kept seeing Access MVPs
so here goes. I have an Access2007 runtime application that I use Sagekey
to build an EXE file. The app runs fine when installed.

I just want to code sign the EXE to get rid of that IE message. Some users
are afraid to run the EXE install program because of this message.

I have not gone down the road to buy a cert and attach it to an EXE, any
tips are appreciated on the best steps to approach this.

I was looking at:
http://www.globalsign.com/code-signing/

Thought it made sense to get some advice from others before I jump in and
buy a cert and figure out how to use it.
I didn't see attaching the cert as part of SageKey product, and having
trouble getting a response from SageKey.
Apologize ahead of time if this is pretty easy (guessing you buy it and run
a command line on something to attach it and done).

---------------------------------------
On a separate note I have another client that uses an Access2007 app that he
wants to install manually (without an install package) and needs to have the
best level of security money can buy. What types of code signing/protection
can I do for this application (other than setting a trusted location)?


Thanks in advance,
Mark

From: Tony Toews [MVP] on
"Mark Andrews" <mandrews___NOSPAM___(a)rptsoftware.com> wrote:

>I understand this is not really an Access issue but when I started to search
>about this issue I kept seeing Access MVPs
>so here goes. I have an Access2007 runtime application that I use Sagekey
>to build an EXE file. The app runs fine when installed.
>
>I just want to code sign the EXE to get rid of that IE message. Some users
>are afraid to run the EXE install program because of this message.

The problem is that code signing won't necessarily get rid of all the
messages. (I've code signed my VB6 Auto FE Updater exe) This also
depends on whether they're running the exe from a file server or
downloaded from a website.

If the user has downloaded it from a website they still get the
warning message but now it has your biz name on there. So that's
reasonable enough.

However if they are running your exe from a file server they still get
the screen that warns them about running an exe from a file server.
However this screen is very slightly different/milder from the message
they get when they run an unsigned exe from the file server. In my
not so humble opinion MS should've made this particular screen
significantly "softer" then the non signed exe message.

Hmm, I should really have both on my website. I've been meaning to do
that and haven't quite got there.

>I was looking at:
>http://www.globalsign.com/code-signing/

I used
https://secure.ksoftware.net/code_signing.html who is a resellers for
Hohoho and was the cheapest source. Ahhh, now they have a five year
code signing celt. Sweet.

I only bought a year because I wanted to see how it would work. I
think that code signing has given my utility a small amount of
credibility with folks using it. Especially the fascist IT
departments. But who knows....

Yikes, Global sign is very expensive. Three times as much.

Now a Verisign code signing cert might also be quite useful because
then you might be able to register and use the MS Verified for Windows
7 logo on your website. Trouble is Verisign are also very expensive.
The good news though is that somewhere on the MS website I found a
Verisign coupon/discount code that dropped the price of the Verisign
code cert to much more reasonable price. Trouble is I forgot to copy
down the URL of that page.

If you poke about on the Windows website and find it please post the
URL. <smile>

>Thought it made sense to get some advice from others before I jump in and
>buy a cert and figure out how to use it.
>I didn't see attaching the cert as part of SageKey product, and having
>trouble getting a response from SageKey.

As far as I know you can digitally sign any exe or msi file and a few
others. But I'm not an expert here.

>Apologize ahead of time if this is pretty easy

No, figuring all this out is *not* easy. I spent about five or seven
hours mucking about various web sites to figure out which was the most
recent method of code signing, etc, etc.

>(guessing you buy it and run
>a command line on something to attach it and done).

Basically yes. Here's my complete cmd file I use. Ignore the extra
del and copy lines as those are for testing purposes with Virtual PC
sessions, etc.

del startmdb.exe
del "X:\9 archive\_ Auto Fe Updater\startmdb.exe"
del "_startmdb.exe"
"C:\Program Files\Microsoft Visual Studio\VB98\vb6.exe" /make startmdb
"C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\signtool.exe" sign
/t http://timestamp.comodoca.com/authenticode /v startmdb.exe
copy startmdb.exe "X:\9 archive\_ Auto Fe Updater\startmdb.exe"
copy startmdb.exe "_startmdb.exe"

pause

>On a separate note I have another client that uses an Access2007 app that he
>wants to install manually (without an install package) and needs to have the
>best level of security money can buy. What types of code signing/protection
>can I do for this application (other than setting a trusted location)?

I'd strongly suggest you start a new thread with an appropriate
subject.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/
From: Tony Toews [MVP] on
"Tony Toews [MVP]" <ttoews(a)telusplanet.net> wrote:

>Now a Verisign code signing cert might also be quite useful because
>then you might be able to register and use the MS Verified for Windows
>7 logo on your website. Trouble is Verisign are also very expensive.
>The good news though is that somewhere on the MS website I found a
>Verisign coupon/discount code that dropped the price of the Verisign
>code cert to much more reasonable price. Trouble is I forgot to copy
>down the URL of that page.
>
>If you poke about on the Windows website and find it please post the
>URL. <smile>

Ahh, found it. https://winqual.microsoft.com/SignUp/

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/
From: Tony Toews [MVP] on
"Tony Toews [MVP]" <ttoews(a)telusplanet.net> wrote:

Also note the following question I posted to Stack Overflow

Code signing didn�t complain when I changed an exe file?
http://stackoverflow.com/questions/1801565/code-signing-didnt-complain-when-i-changed-an-exe-file

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/
From: Mark Andrews on
Tony,

Thank you for all the useful information! I knew I did the right thing
asking the question here first before I dived in.

Thanks,
Mark

"Tony Toews [MVP]" <ttoews(a)telusplanet.net> wrote in message
news:4ekgv558quglr6fn8sd3qgfo45dlq5h5og(a)4ax.com...
> "Tony Toews [MVP]" <ttoews(a)telusplanet.net> wrote:
>
> Also note the following question I posted to Stack Overflow
>
> Code signing didn't complain when I changed an exe file?
> http://stackoverflow.com/questions/1801565/code-signing-didnt-complain-when-i-changed-an-exe-file
>
> Tony
> --
> Tony Toews, Microsoft Access MVP
> Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
> Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
> For a convenient utility to keep your users FEs and other files
> updated see http://www.autofeupdater.com/
> Granite Fleet Manager http://www.granitefleet.com/

 |  Next  |  Last
Pages: 1 2 3 4
Prev: SAINSBURYS
Next: report error message