Corrupt download - Insert Disk One

[NewsArchive]

Occasionally my customers get an incomplete or corrupt download and on
install they get the message 'Insert Disk One'. Is there any way to catch
the incomplete/corrupt download and throw up a message or change the 'Insert
Disk One' message to alert that the download was bad and to retry.

Don Harvey

[NewsArchive]

Don,

> Occasionally my customers get an incomplete or corrupt download and on
> install they get the message 'Insert Disk One'. Is there any way to catch
> the incomplete/corrupt download and throw up a message or change the
> 'Insert Disk One' message to alert that the download was bad and to retry.

Yes

1. General Information -> Advanced Settings -> Enable Installer Integrity
Check

and/or

2. For super duper high-security systems:

a.) Get File Info -> Verify Trust [Code-signature] -- This option lets you
retrieve the code-sign status of your own (setup) file.

b.) Get File Info -> Get Trust [Code-signature] -- For example, for updates
to make sure that only YOUR updates are applied. This option lets you
retrieve certificate specific information from a code-signed (setup) file.

Friedrich

[NewsArchive]

That I did not know about. Going to play with that! :-)

--

Russ Eggen
RADFusion International, LLC

[NewsArchive]

Thanks Friedrich,

This should solve the problem.

Going to try #2 also.

Don Harvey

[NewsArchive]

Do have some examples of this usage? Where in the script should this
occur? The closest I've got it this:

Set Variable %VERIFIED% to FUNCTION:Get File Info(Verify Trust
[Code-Signature]) of file "ThisInstaller.exe"

I'd assume I want to check %VERIFIED% in an IF condition afterwards.
I'd also assume this happens when you start the installer program. Can
you display the results on the opening dialog if successful (%VERIFIED%
= 1 if I'm reading the docs right). Something like "installer code
signature valid" and if not, then display one of the 8 reasons for failure?

Or am I making this too complex? :-)

--

Russ Eggen
RADFusion International, LLC

[NewsArchive]

Russ,

> Do have some examples of this usage? Where in the script should this
> occur?

Good question

The "Verify Trust [Code-signature]" script function lets you retrieve the
code-sign status of a file. The function can ensure that a binary is signed
by some key that is part of Microsoft's chain of trust. I would suggest to
add the "Verify Trust [Code-Signature]" check at the beginning of the setup
script. See attached signature1.png and signature2.png. If the signature
is invalid, the installer will terminate.

The powerful "Get Trust [Code-signature]" function lets you perform the
Authenticode verification AND retrieve code-signing certificate specific
information. This function can ensure that an (update) install image was
signed by your private key (e.g. based on the serial number or the
code-signing certificate issuer name). This function allows you build a
customized wupdate.exe (or wucheck.exe) and check whether a downloaded web
update installer package is code-signed with a specific code-signing
certificate before the update process begins. Or you can display the issuer
name and let the user decide what to do, etc. See signature3.png. BTW, we
have developed this function for the U.S. Government (to handle ultra secure
updates) -- that's why it is a bit undocumented, but fully functional <g>.
Yes, I can tell you for which U.S. Government Departments and Agencies, but
then I'd have to kill you <g>

Friedrich

[NewsArchive]

Thanks!

Which US governments? I reckon that is why the 3rd image is missing <g>

--

Russ Eggen
RADFusion International, LLC

[NewsArchive]

If I open it, I can see it. Thanks for the hints.

--

Russ Eggen
RADFusion International, LLC

[NewsArchive]

Russ Eggen,

> Which US governments?

NSA - Never Should Ask!

Lee White

[NewsArchive]

I thought it was the DEA - Don't Ever Ask!

--

Russ Eggen
RADFusion International, LLC