Visual Installer - Can create a code signed setup package

 
Important setup files in Visual Installer are always code signed and you can also code sign the setup package that you deploy in an easy way if you have a code signing certificate (a digital certificate). By code signing your installation you will create a setup package that will give no deterrent warning in Windows (for example: "Unknown publisher" or "The publisher could not be verified"). If you have a demo / trial on your web site that people download, for many users this can be the difference between starting the installation or deleting the installation file after they have downloaded it.
 
Code signed setup package or not - Windows shows different dialog boxes
Below we show the difference between a code signed installation and an installation that is not code signed. We show which information or warning dialog boxes that are shown after the installation has been downloaded from the Internet and the setup program is started. The look of the dialog boxes are slightly different in different Windows versions, and below we show how the dialog boxes look like in Windows XP, Windows Vista and Windows 7.
 
Windows 7 and Windows Vista Windows 7 and Windows Vista
Code signed installation: Installation that is not code signed:
Dialog box that is shown if the installation is code signed (Windows 7 and Windows Vista) Dialog box that is shown if the installation is not code signed (Windows 7 and Windows Vista)
 
Windows XP Windows XP
Code signed installation: Installation that is not code signed:
Dialog box that is shown if the installation is code signed (Windows XP) Dialog box that is shown if the installation is not code signed (Windows XP)
  
 
As you can see there is a big difference in the information that is shown for the user. Also the graphical symbols are different, and the red shield with a cross can be very deterrent for some users. If you code sign an installation this red shield is not shown.
 
Windows 7 and AppLocker
In systems that use Windows 7 (Ultimate and Enterprise) in combination with Windows Server 2008 R2, the administrator can block unsigned program files from starting. This means that if an executable file is not code signed it can not be run by a user. This technique is called AppLocker and was introduced with Windows 7 and Windows Server 2008 R2. If you think your customers will use this kind of systems we recommended you to code sign your installations before they are distributed.
 
Windows SmartScreen in Windows 8
Windows SmartScreen is a new feature in Windows that was introduced with Windows 8. Windows SmartScreen will warn a user if a downloaded software may be a risk for his/her computer. The warning message will look like:
 
Windows SmartScreen
 
Windows SmartScreen is a reputation-based system, but it will also take into account other factors, such as if a setup package is code signed or not. If you code sign your installation, you will earn a "good" reputation much faster than if you distribute an installation that is not code signed, and the warning messages in Windows will stop appearing much faster. You can read more in the Windows SmartScreen - Anti-Malware Protection in Windows 8 article on our website.
 
Code signing of installation files increases the security
 
There is another good reason why you should code sign your installation files. When a setup package is code signed it is very difficult to modify the setup file after creation. A checksum (hash) is stored together with the code-signing information, and if somebody tries to change the file afterwards, this will be immediately discovered by Windows. Strong encryption ensures that nobody can manipulate the code signing information and the digital certificate that is stored in the setup file.
 
< Go back
  

 

SamLogic