Hi Friedrich,

I'm curious to know if you have learned anything new regarding SmartScreen?
You usually have the best and most update to date info. :)

I recently got one of my clients to finally get a code signing certificate
and now they are disappointed that Windows 8 is still saying their installs
are evil.

BTW, the SB 8 install has enough reputation that it does not get flagged by
SmartScreen. Congrats!

Any info you may have to help would be great.

Thanks,
Rick

Hi Rick,

> BTW, the SB 8 install has enough reputation that it does not get flagged
> by SmartScreen. Congrats!

Thank you :-)

>
> Any info you may have to help would be great.
>

Some background information. SmartScreen Application Reputation technology
was introduced in IE9. If an application is NOT signed, the reputation is
build per file. If an application is code signed with a standard code
signing certificates, the reputation is build on the signer, allowing
multiple downloads with the same certificate.

On top of all this "nice" SmartScreen Application Reputation nightmare,
Microsoft introduced EV Code Signing. WHAT? Yes, you hear right. Extended
Validation (EV) Code Signing is a new code signing method that is supported
by Windows 8 and Internet Explorer V9 + V10 and allows to establish
reputation more quickly. It is considered to be "more safe" than the
traditional method for code signing. Cool, eh? No, not at all <g>. The
bad news is that EV code signing certificates are only issued by the two
certificate authorities: Symantec and DigiCert. Of course, an EV code
signing certificate costs a "little" more than a traditional certificate.
Symantec charges only US$995.00 for a 1 year EV code signing certificate,
US$1,790.00 for 2 years and US$2,585.00 for 3 years. Do the math: a 3 years
Comodo code-signing certificate costs US$200 for Lindersoft customers.

But the good news is that EV code signing certificates are NOT really
required to build or maintain reputation with SmartScreen!

To cut a long story short, the only way to get around the "installs are
evils" message is to make the individual certificate more popular. It's
nearly impossible to do this with an unsigned file.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

--Helping You Build Better Installations
--SetupBuilder "point. click. ship"
--Create Windows 8 ready installations in minutes
--Official Comodo Code Signing and SSL Certificate Partner

> To cut a long story short, the only way to get around the "installs are
> evils" message is to make the individual certificate more popular. It's
> nearly impossible to do this with an unsigned file.

Thanks, Friedrich.

I kind of figured that was the answer but thought it wouldn't hurt to
check. :)

Rick

> I kind of figured that was the answer but thought it wouldn't hurt
> to check. :)

:-)

Friedrich

Interestingly enough. We uploaded the file to a site hosted on 1and1.com
vs. the in-house fixed IP server and test downloaded a bunch of times and
the SmartScreen warning stopped. :)
I guess it doesn't take too many downloads as long as there isn't an
problem reported??

Rick