All,
Here we go. Windows 10 installed a security patch this morning. I have
downloaded my test executable, code-signed with my old SHA-1 certificate on
January 05, 2016.
And here are the results.... ;-) See attached screenshots.
For code signing certificates, Windows stopped accepting SHA-1 signed code
and SHA-1 certificates that are time stamped after 1 January 2016 amd have a
"Mark of the Web" attribute. A "Mark of the Web" attribute means that the
executable is flagged as downloaded from an untrusted source (e.g. the
Internet). Code signature status behavior might depend on specific Policy
settings and Trusted Zones, and SmartScreen data may be used to allow
certificates with good reputation.
SHA-1 signed code time stamped by an RFC 3161 Time Stamp Authority before 1
January 2016 will be accepted until such time when Microsoft decides SHA-1
is vulnerable to pre-image attack.
Friedrich
--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
954.252.3910 (within US) | +1.954.252.3910 (outside US)
--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner