June 29, 2015 at 4:09 am #296965
Thanks for getting the offline exe back in version 12 its really useful, however when some of my users, open the file they get a windows security message something like:
“This program is not commonly download and could hurt your computer.”
I’m guessing this is due to the exe not being signed off digitally so that windows recognises the publisher or something like that. Hope its a fixable one!
Not sure if this is the right place for this but the forums feel harder to navigate than before.June 29, 2015 at 4:38 am #296966
Signing an EXE with your own key literally takes less than a minute (http://windowsitpro.com/security/q-whats-easiest-way-digitally-sign-internally-developed-applications-executable). In doing so, you will guarantee to your users that the EXE file came from you.June 29, 2015 at 4:46 am #296967
Also, simply signing a file wouldn’t be enough. As per Microsoft:
Downloads are assigned a reputation rating based on many criteria, such as download traffic, download history, past antivirus results and URL reputation. Reputation is generated and assigned to digital certificates as well as specific files.
So even if your EXE files are signed by Trivantis, NSA and President of the US all at once, they would need to build up a reputation as “safe” and be downloaded millions of times before that message goes away. Do your courses get downloaded millions of times?June 29, 2015 at 7:44 am #296971
Sergey, thanks for the response. Not sure any of that is relevant, I’m not going to sign the exe as me. It needs to be signed as a lectora/trivantis exe so that windows doesn’t see it as a security risk. When you install or run software this message doesn’t appear every time. Files from established companies have certificates to prove their authenticity, so you wouldn’t get this warning (might get other warnings but then its a windows issue)</span>
I am only using the exe option to allow the clients (content subject mater experts) to check through the content I’ve created before it goes onto an LMS for our end users, so its no big deal, but two of my clients have not run the content due to this warning.June 29, 2015 at 8:51 am #296975
The problem is, Trivantis will NOT sign any EXE files that are published by Lectora with their certificate. In order to be able to do so, they’d need to include their secret key with every copy of Lectora. Which violates the whole idea of it being a secret key. It’d be very easy to hack Lectora and then sign ANY EXE file with it. I don’t think Trivantis would want malicious EXE files signed by Lectora floating around the internet.
The only EXE file that they could digitally sign in advance would be the standalone EXE player file, which is included with the offline publish when you choose to store all the HTML files externally. But I don’t think this is what you asked for.
You must be logged in to reply to this topic.