Digitally Signed / Code Signed Program Files
The first program file that is run on the USB flash drive is always a program file that comes from us (SamLogic Software). We ensure this by checking that the program file is digitally signed / code signed and has a valid digital certificate from SamLogic Software.
When a program file is digital signed a very strong encryption is used making it almost impossible to alter the program file after creation. Before the program can be launched a checksum comparison control is made by the Windows operating system. If Windows discovers that the checksum of the file does not match the stored checksum, the program cannot be launched. In addition, USB AutoRun Creator will always check that the digital signature is from SamLogic Software. If the signature is not present or is from another source; once again the program cannot be launched.
If a secondary program is run during the AutoRun process, the program's checksum is controlled
If you need to use USB AutoRun Creator to start your own program instead of a menu program from us, we ensure that the original program is executed by storing a checksum for it and compare it with the program file just before it is started. If the checksum is not correct the program will not be run.
We recommend that you digitally sign / code sign your own program files if you do use a secondary program, but this is not required by USB AutoRun Creator. Digitally signed / code signed programs provide the highest degree of security because of the strong encryption used and fact that the checksum comparison will be made by the operating system itself. But USB AutoRun Creator can also start program files that are not digitally signed, our own checksum system is then used to ensure that the program file has not been altered since it was created.
If a menu should be opened automatically, no secondary program is needed
If a menu interface created with our menu designer tool CD-Menu Creator should be opened automatically, a secondary program is not needed. The only program that is run during the AutoRun process is the digitally signed menu program. If the end-user should start other programs or setup files via the menu interface, it can be a good idea to have those files digitally signed.
The risks posed by letting users start files via the menu that are not digitally signed are the same as when not using the USB flash drive AutoRun functionality. There is always a general risk that files that are not digitally signed may be modified, but you can reduce this risk by distributing USB sticks that are write protected. A write protected USB stick cannot be altered via software.
< Go back