Jaa


Why does my signed cab still show the "Unknown Publisher" prompt?

At install time, we crack open the cab file and check for a signature on every executable (exe and dll) inside the cab. If any of the binaries are unsigned (or signed with a cert that doesn't chain to the code execution stores) then we'll display the unsigned code prompt. If the user presses "Yes" at the prompt, then we add the hashes for all the unsigned code in the cab to the "Prompt Exclusion List". This list stores the hashes of unsigned binaries that have already been accepted by the user. One advantage of this approach is that it allows the user to make the trust decision at install time, instead of at run time. It also means that the trust decision is atomic - once the cab is installed, none of the binaries will prompt, so you won't have to accept a wave of prompts at runtime.

So if your signed cab is still showing the prompt at install time, make sure all the binaries inside are signed.

Comments

  • Anonymous
    December 07, 2006
    There is a way to disable sign verification at install and run-time too. Just import the following registry key: [HKEY_LOCAL_MACHINESecurityPoliciesPolicies] "0000101a"=dword:00000001 That is all. Enjoy!

  • Anonymous
    December 08, 2006
    The comment has been removed

  • Anonymous
    December 08, 2006
    The comment has been removed

  • Anonymous
    December 08, 2006
    Jeff - good question. I updated the FAQ with an answer. http://blogs.msdn.com/windowsmobile/archive/2005/12/17/security-model-faq.aspx

  • Anonymous
    December 12, 2006
    Hi, Can you please clarify how signed CABs work? What I mean is that there are two types of WinCE installation CAB files. There is 1) the old type of CABs, based on building a CAB with a (compiled) .INF file; and 2) The new type of CAB file, based on building a CAB with the corresponding info in XML format (setup.xml) instead. In both cases the executable files (EXE, DLL, ...) have to be signed, naturally, but is it possible to sign a CAB of the "old" (based on .INF file) type? All the examples I have seen only demonstrate how to incorporate the digital signature in the XML config file. Also, regarding these signed CABs and executables. Will they work on a previous version of Windows CE, like Pocket PC 2000 ? Pocket PC 2002? Windows Mobile 2003? Windows Mobile 2003 SE? I ask this question since I need to know if I must keep two sets of files, one set for the non-secured devices and another for the secured devices. A lot of questions, but to me they are of great interest. Regards, Johan

  • Anonymous
    December 17, 2006
    The comment has been removed

  • Anonymous
    December 17, 2006
    Hi Johan - Signing old-style and new-style cabs is the same procedure. As for compatibility, check out this entry. http://blogs.msdn.com/windowsmobile/archive/2006/04/25/ppc2003-signed-cabs.aspx

  • Anonymous
    April 23, 2007
        Just take this instance. I have created a new CAB for my application with .exe and some .dll files. This is a signed cab and all the executables and dll's in this CAB are signed. I would load .dll libraries from .exe everytime.    If the library is not signed or unprivileged one, it will not be able to load from signed privileged .exe.    My other scenarios are as follows. If an intruder tries to,

  1. Replace my M2M signed abcd.dll with older version of abcd.dll
  2. Replace M2M signed abcd.dll with a M2M signed wxyz.dll renamed as abcd.dll
  3. Replace M2M signed abcd.dll with a other party signed 1234.dll renamed as abcd.dll What will happen in these scenarios? My guess is,
  4. This one will not be able to run on the device as it is not signed with M2M certificate.
  5. When I am trying to access certain API's in this library, it might fail and error will be thrown.
  6. I am not sure abt this scenario. Can anybody help me on this issue.
  • Anonymous
    July 06, 2008
    Like so many security precautions, the total harm caused by them is probably far greater than the harm they attempt to prevent. Security in general is the dog which is wagged by the tail of abstract, theoreticians who do know theoretical security threats, but who don't know jack about really using a computer. Signing is one example.  Of course the theory is good, but the harm caused by poor implementation far outweighs the benefit.

  • Anonymous
    September 17, 2008
    By security means, wouldn't signing the cab-file equal the user accepting the cab file during installation? If so, the trust decision should be atomic for both a signed cab and a user accepting the cab! If you have the ability to sign the cab, you obviously have the ability to sign the executables...