I have JSpell installed in my app which calls ASpell.exe which is not code
signed.

But I get no warning that this program is from an unknown author.

Is this expected behavior?

--
Lynn Howard
www.linkedsoftware.com

Yes

Jane Fleming

Thanks again oh Guru!

Lynn

Vista will normally complain about an unsigned app when one of these occurs:
1. It's been downloaded from the Internet
2. It requests elevation
3. If security policy on the computer or the domain is set not to permit
any unsigned apps to run.

Jane Fleming

Thanks.

So should I sign these third party apps?

Lynn

I'm no pro, and maybe that means I shouldn't say anything, but if you're not
the author of the 3rd party apps, and their not code-signing their apps,
would it really be a good idea to code-sign their apps for them? To me, it
seems like you would be saying: "I know that this app is not tampered with
and will not harm your computer" when really, you can't gaurantee that
that's the case ...

I'm curious to other's opinions here as well.

Regards,
Flint

Hi Flint,

That's how I lean but maybe (certainly) others know more than I.

Lynn

Hi Flint,

To me this is the very reason that you would code-sign the 3rd party
exe's. If you are including them with your app you have obviously
obtained them from a legitimate source and have tested them with your
app to confirm that they are doing what they are supposed to so why
not code-sign them to prevent someone else from tampering with them
before your end user uses them. I'm sure that if an end user has their
PC trashed because an unsigned 3rd party exe that your app used had
been tampered with, they're still going to blame you not the 3rd
party.

Just my thoughts.

Best Regards,
Geoff Spillane
Data Down Under

Hi Geoff,

Very good! IMO, your thoughts make complete sense.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Lynn,
I've confronted this question as well.
I have an app that I protect with a USB dongle. While the manufacturer has
finally come out with a Vista driver, I found some months ago that the
existing driver works OK under Vista. But it isn't signed, so Vista's Found
New Hardware wizard pops up the scary red "Danger Will Robinson" screen.
So I signed the driver (which was an experience - ever tried signing an .INF
file?? LOL...)

I think that's something you'll need to evaluate on a case-by-case basis.
Driver installation obviously requires elevation and prompts the unsigned
driver screen. (IIRC, 64-bit Vista won't install unsigned drivers period.)
An ordinary .EXE that doesn't do anything administratorish and that has been
installed by SB should not encounter the unsigned screen unless security
policy has been set to permit only signed executables to run.

Jane

Thanks Jane!

When I included ASpell.exe and code signed it the compile was fine. The
next time I compiled the install it barfed because and said the file was not
a valid Windows image file. So for now (and probably forever) it's out.

Lynn

Hi Lynn,

Don't check the "Permanent" option in this case! Use the original
ASpell.exe, uncheck the "Permanent" option and you can compile and compile
and compile... ;-)

Friedrich

Thanks!

Of course I should have known that. ;-)

Lynn