我如何生成Windows证书,以便我的MSI不向用户显示警告 [英] How can i generate windows certificate so my msi doesn't shows warning to users
问题描述
我是Windows开发的新手.我将项目打包到一个msi设置中以安装在其他系统上,但是当我在任何系统中打开msi时,它都会显示警告,并显示为.如何删除此警告?
I am new to windows development. I packed my project into a msi setup to install on other systems but when I open the msi in any system it shows a warning as attached . How can I remove this warning?
推荐答案
注意 :请确保检查您的组织是否已拥有EV级证书?在尝试研究购买过程之前,明智的选择只是几封电子邮件或打个电话?
Note: Be sure to check if your organization already has an EV-level certificate? Just a few emails or phone calls might be wise before trying to research the purchase process?
信任&声望 :您真正需要的是 EV代码签名证书 .Microsoft的 SmartScreen 功能在Windows中(这是您看到的蓝色提示)基于信誉的系统,其中未知二进制文件被标记为不安全,直到用户在实际使用中确认它们是安全的为止.
Trust & Reputation: What you really need is an EV code-signing certificate. Microsoft's SmartScreen feature in Windows (which is what you see with that blue prompt) is a reputation-based system where unknown binaries are flagged as unsafe until they are validated safe by users in actual use.
> Virustotal.com :一个完全信任购买"
-一个有趣的概念-并且应该允许您的用户即使对于全新的二进制文件也不会看到这样的提示.不过,请确保使用 virustotal.com 检查所有二进制文件,因为许多恶意软件扫描程序检测都可以触发智能屏幕恢复警告任何二进制文件-这是什么意思( 已签名的恶意软件仍然是恶意软件
).
Virustotal.com: An EV code-signing certificate "buys trust outright"
- interesting concept - and should allow your users to not see such a prompt even for brand new binaries. Make sure to check all your binaries using virustotal.com though, as many malware-scanner detections can trigger a resurged smartscreen warning for any binary - which is what it is for (signed malware is still malware
).
误报 :恶意软件误报是一个巨大的问题,因为您必须处理并解决它,并且您可以只是告诉您的用户重建他们的PC,然后重试.
False Positives: False positives for malware is a huge problem since you have to deal with it and solve it, and you can't just tell your users to rebuild their PC and try again.
道德 :该故事的寓意是使用Virustotal.com 可以测试二进制文件和文件中是否存在恶意软件和误报,以进行分发,并使用EV级证书进行认真的软件分发,以完全信任您的二进制文件(无延迟). EV级证书不是灵丹妙药.问题仍然可以看到.信任也可能失去,而不仅仅是获得信任(信任……很难获得,容易失去).
Moral: The moral of the story is to use Virustotal.com to test for both malware and false positives in your binaries and files for distribution, and to use an EV-level certificate for serious software distribution to get trust for your binaries outright (without delay). An EV-level certificate is not a silver bullet. Problems can still be seen. Trust can be lost too, not just gained (trust... hard to earn, easy to lose).
提示 :正确签名的MSI也会以正确的名称显示在UAC提示符中:
Tip: A properly signed MSI will also show up with the correct name in the UAC prompt: Installshield Custom Dialogue Installer (see screen shot and then the answer a bit down the page).
远端观点 : "请确保您的安装程序没有恶意软件或已应用的数字证书,证明您已交付了恶意软件"
(直到也可以被黑客入侵):-)
我们会尽力而为.
链接 :
Link:
这篇关于我如何生成Windows证书,以便我的MSI不向用户显示警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!