Monday, July 4, 2011

More Digital Signature issues with IE9.0 and Norton

My last posting talked about digitally signing software for downloads.  Unfortunately this is only half of the solution.  I am sure that Microsoft and Norton are working in most people's best interests, but this does not help the way that CnW operates.  With CnW, the idea is to give users the latest updates (and even bug fixes) as soon as possible.  This is done by updating the main software package maybe once or twice a month.  The changes are small, but incrementally ensure that the produce evolves, and responds to customer feed back.

Part of IE9.0 and Norton security is how long any download has been on the internet.  This period is monitored to see if there has been any negative feedback about the product.  Norton suggests there is a 1 week learning time, which would man that CnW software would be viewed as dubious for maybe 50% of it's time.

The next plan to try and resolve this issue is to move to the common pattern of having a installer tool, and then in effect an update program.  In this case, the installer can be written, and will not be changed for a considerable period of time, maybe a year.  The installer will then download the main, and frequently updated data from it's own secure environment.  Everything will be digitally signed, but the installer can be recognised by IE9.0 and Norton as a stable, safe program.  IE9.0 and Norton will only see the stable installer, though Norton will obviously also monitor any future updates.

Friday, July 1, 2011

Software signing and IE9.0

Internet security can be a large issue.  To this end, IE9.0 has very  'tough' security measures added to try and protect users from downloading unsafe software.  If a user tries to download an unsigned program, there are severe warning messages and it can be difficult to download or run the program.

To overcome the above problem the program has to be digitally signed, with a secure certificate.  This can be an expensive process but fortunately there are solutions for small companies.  One such company - that CnW have used - is Global Sign.  This gives a digital signature which can then be traced back to Global Sign.  Having this on the program now means that Internet Explorer V9 does not scream that the software could be very dangerous.

The other security measure that is causing problems is Norton Insight.  This can warn that the software is new, and may be dangerous.  The solution can be to get listed on their White List (is not a Black List).  The problem here is that listing can take a few weeks, and with CnW this is when the next release may have been made.  If a company does a single release each year this is not a problem, but for a small company doing regular updates to keep pace with new solutions, and customer requests, then Norton is not very friendly.  Unfortunately, Norton does not seem to recognise the digital signature.  I do not know what the ultimate solution will be.