Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #296965 Score: 0
    Profile photo of BarneyKay
    BarneyKay
    Member
    beginner
    intermediate
    2 pts
    @BarneyKay

    Thanks for getting the offline exe back in version 12 its really useful, however when some of my users, open the file they get a windows security message something like:

     

    “This program is not commonly download and could hurt your computer.”

    I’m guessing this is due to the exe not being signed off digitally so that windows recognises the publisher or something like that. Hope its a fixable one!

     

    Not sure if this is the right place for this but the forums feel harder to navigate than before.

     

    #296966 Score: 0
    Profile photo of Sergey Snegirev
    Sergey Snegirev
    Member
    contributor
    intermediate
    advanced
    friend finder
    lab member
    junior moderator
    advocate
    LUC16
    LUC16 Attendee
    wise owl
    336 pts
    @ssneg

    Signing an EXE with your own key literally takes less than a minute (http://windowsitpro.com/security/q-whats-easiest-way-digitally-sign-internally-developed-applications-executable). In doing so, you will guarantee to your users that the EXE file came from you.

     

    #296967 Score: 0
    Profile photo of Sergey Snegirev
    Sergey Snegirev
    Member
    contributor
    intermediate
    advanced
    friend finder
    lab member
    junior moderator
    advocate
    LUC16
    LUC16 Attendee
    wise owl
    336 pts
    @ssneg

    Also, simply signing a file wouldn’t be enough. As per Microsoft:

    Downloads are assigned a reputation rating based on many criteria, such as download traffic, download history, past antivirus results and URL reputation.  Reputation is generated and assigned to digital certificates as well as specific files.

    Source: http://blogs.msdn.com/b/ie/archive/2010/10/13/stranger-danger-introducing-smartscreen-application-reputation.aspx

    So even if your EXE files are signed by Trivantis, NSA and President of the US all at once, they would need to build up a reputation as “safe” and be downloaded millions of times before that message goes away. Do your courses get downloaded millions of times?

    #296971 Score: 0
    Profile photo of BarneyKay
    BarneyKay
    Member
    beginner
    intermediate
    2 pts
    @BarneyKay

    Sergey, thanks for the response. Not sure any of that is relevant, I’m not going to sign the exe as me. It needs to be signed as a lectora/trivantis exe so that windows doesn’t see it as a security risk. When you install or run software this message doesn’t appear every time. Files from established companies have certificates to prove their authenticity, so you wouldn’t get this warning (might get other warnings but then its a windows issue)</span>

     

    I am only using the exe option to allow the clients (content subject mater experts) to check through the content I’ve created before it goes onto an LMS for our end users, so its no big deal, but two of my clients have not run the content due to this warning.

     

    • This reply was modified 4 years, 1 month ago by Profile photo of BarneyKay BarneyKay .
    • This reply was modified 4 years, 1 month ago by Profile photo of BarneyKay BarneyKay .
    #296975 Score: 0
    Profile photo of Sergey Snegirev
    Sergey Snegirev
    Member
    contributor
    intermediate
    advanced
    friend finder
    lab member
    junior moderator
    advocate
    LUC16
    LUC16 Attendee
    wise owl
    336 pts
    @ssneg

    The problem is, Trivantis will NOT sign any EXE files that are published by Lectora with their certificate. In order to be able to do so, they’d need to include their secret key with every copy of Lectora. Which violates the whole idea of it being a secret key. It’d be very easy to hack Lectora and then sign ANY EXE file with it. I don’t think Trivantis would want malicious EXE files signed by Lectora floating around the internet.

    The only EXE file that they could digitally sign in advance would be the standalone EXE player file, which is included with the offline publish when you choose to store all the HTML files externally. But I don’t think this is what you asked for.

     

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.