> I don't know much about SB, but doesn't it have a function (can't remember
> the name) that lets you validate the integrity of the installer as it is
> running and abort if it has been tampered with?

Yes, absolutely.

1. General Information -> Advanced Settings -> Enable Installer Integrity


2. For super duper high-security systems:

a.) Get File Info -> Verify Trust [Code-signature] -- This option lets you
retrieve the code-sign status of your own file.

b.) Get File Info -> Get Trust [Code-signature] -- For example, for updates
to make sure that only YOUR updates get applied. This option lets you
retrieve certificate specific information from a code-signed file.

We have developed this function for the U.S. Government (to handle ultra
secure web updates).

Background: Software product deployed with SetupBuilder to a VERY large user
base. Web Update is used to bring the software to the latest version
(live-update functionality). The full and the web update install images are
code-signed. If a new version is available, the Web Update client downloads
and launches the update.

IT security specialists analyzed the update strategy for potential
vulnerabilities and reported that they need to be prepared for the following
type of action: an attacker gets control over the web update server and
redirects the traffic to an external server to download and execute
malicious code (which is very unlikely, but in theory, it's possible).

The "Verify Trust [Code-signature]" SetupBuilder function lets you retrieve
the code-sign status of a downloaded file. But the WinVerifyTrust Windows
function can only ensure that a binary is signed by some key that is part of
Microsoft's chain of trust.

No problem. There is another "Get Trust [Code-signature]" SetupBuilder
function that lets you optionally perform the Authenticode verification AND
retrieve code-signing certificate specific information to ensure the update
install image was signed by your private key (e.g. based on the serial
number or the code-signing certificate issuer name). This function allows
you to build a customized wupdate.exe (or wucheck.exe) and check whether a
downloaded web update installer package is code-signed with a specific
code-signing certificate before the update is launched.


Friedrich Linder
Lindersoft | SetupBuilder |
954.252.3910 (within US) | +1.954.252.3910 (outside US)

--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner