My last posting talked about digitally signing software for downloads. Unfortunately this is only half of the solution. I am sure that Microsoft and Norton are working in most people's best interests, but this does not help the way that CnW operates. With CnW, the idea is to give users the latest updates (and even bug fixes) as soon as possible. This is done by updating the main software package maybe once or twice a month. The changes are small, but incrementally ensure that the produce evolves, and responds to customer feed back.
Part of IE9.0 and Norton security is how long any download has been on the internet. This period is monitored to see if there has been any negative feedback about the product. Norton suggests there is a 1 week learning time, which would man that CnW software would be viewed as dubious for maybe 50% of it's time.
The next plan to try and resolve this issue is to move to the common pattern of having a installer tool, and then in effect an update program. In this case, the installer can be written, and will not be changed for a considerable period of time, maybe a year. The installer will then download the main, and frequently updated data from it's own secure environment. Everything will be digitally signed, but the installer can be recognised by IE9.0 and Norton as a stable, safe program. IE9.0 and Norton will only see the stable installer, though Norton will obviously also monitor any future updates.
I want to know when this issue will be fixed so that i can get that installer tool . It will be valuable because it will no change for near about one year. So i an eager to know it. Thanks.
ReplyDeleteEverything has been signed since July. I no longer see horrid warning messages - just normal warning about downloading ANY software from the web.
ReplyDeleteThe installer is now in two parts - a fixed download program that then calls the main CnWInstall.msi program. The first one will only be changed very periodically, the second one is updated on a regular basis.