如何在Installshield 2018中添加发布者 [英] How to add publisher in Installshield 2018
问题描述
在我通过Installshield构建安装程序之后.当我双击安装该软件时,其发布者显示为未知".有谁知道如何使该字段成为签名证书?我确实有来自VeriSign的签名证书.
Microsoft : SmartScreen常见问题解答 (交叉链接以确保安全).
- 信任 : SmartScreen是基于信任的"-您可以赢得声誉(或失去声誉).
- Grapevine :使用情况分析基于来自许多来源的提交的现实世界用户数据:
IE,Edge,Windows,Anti-Virus,download volume,download logs,download URL past history,web-site reputation,etc... - EV证书 :使用EV证书进行签名可直接购买信任.有趣的概念.
- 说什么? :信任计算的详细信息和确切机制尚不清楚.
The overall idea is that what is downloaded all the time by many users without major incidents is probably not harmful .
数字签名
我对证书已经过时了,但是签名的有效程度在很大程度上取决于证书的性质-它是否指向有效的根证书(例如,很显然,默认情况下,自签名证书将不存在-很明显,我猜),以及证书的类型下面有关EV证书的信息.
在您的情况下, Installshield帮助文件可能会提供使用所提到的证书所需的信息.这是该帮助的在线版本: Installshield 2018 :数字签名和安全性 .我相信您的VeriSign证书应该有效,如果它是最新的(我认为SHA256 -Installshield 2015以上),并且它是有效的代码签名证书(与某些其他类型的证书相对)./p>
根证书: SmartScreen
除了签名之外,我们现在(Windows 8及更高版本)正在处理"智能筛选"( 基于信誉的系统 (也请参见链接问题中的可接受答案)并进行设置/应用遥测数据来确定您的设置是否被认为是安全的-换句话说, 简单的老式证书不足以赢得信任 .所以他们告诉我:-).
您显然可以使用 EV代码签名证书 "购买信任"(有趣的概念-人们不得不说)-本质上是具有 USB硬件令牌安全性的更昂贵的证书 和买方进行的更为严格的审查程序()(还有更多详细信息):"通过EV代码签名证书签名的程序可以立即建立SmartScreen信誉服务的信誉,即使以前没有信誉该文件或发布者."
显而易见,以下链接并不表示认可:
- https://www.digicert.com/code-signing/
- https://www.globalsign.com/zh-CN/code-signing-证书/
- Symantec扩展验证(EV)代码签名证书-入门.
免责声明 :由于缺乏经验,我对这些问题持怀疑态度,但提供的答案是尽最大努力"以帮助您前进.请确实在报告中添加任何重要发现,并附上答案注释,或者只是在社区中其他地方就地编辑答案(或者显然添加您自己的答案).
链接怪物 :现在,是链接节.抱歉:-).
一些用于保护的其他SmartScreen链接:
- 如何避免"Windows Defender SmartScreen阻止无法识别的应用程序启动警告"
- InnoSetup-无法使用全局符号EV代码签名
- 如何通过安装签名的应用程序时,Win8上的智能屏幕是什么?
- 如何通过Windows Defender SmartScreen保护?
一些其他证书链接以进行保护:
- 如何添加SingleImage Install Shield安装程序的数字证书
- 更改数字签名的时间戳服务器.
- 对InstallShield安装程序进行签名并包括中间版本的最佳做法证书
- 安装签名的msi安装程序时出现奇怪的程序名称"
- 是否可以定义Windows Installer-卸载程序文件名?
After I built an installer by Installshield. When I double click to install that software, its publisher shown "Unknown". Does anyone know how to make this field to a signed certs? I do have a signed certs from VeriSign.
Microsoft: SmartScreen FAQ (cross-link for safe-keeping).
- Trust: SmartScreen is "trust-based" - you gain reputation (or lose it).
- Grapevine: Usage analysis is based on submitted real-world user data from many sources:
IE,Edge,Windows,Anti-Virus,download volume,download logs,download URL past history,web-site reputation,etc... - EV-Certificate: Signing with an EV-certificate buys trust outright. Interesting concept.
- Say What?: Full details and exact mechanism of trust calculation is unknown.
The overall idea is that what is downloaded all the time by many users without major incidents is probably not harmful.
Digital Signing
I am outdated on certificates, but how well signing will work largely depends on the nature of your certificate - whether it points to a valid root certificate already present by default on your users' target computers (a self-signed certificate will not be present by default for example - obviously I guess) and what type of certificate it is (see below regarding EV certificate).
In your case the Installshield help file probably provides the information you need to use the certificate you mention. Here is the online version of that help: Installshield 2018: Digital Signing & Security. I believe your VeriSign certificate should work, if it is up to date (I presume SHA256 - Installshield 2015 upwards) and that it is a valid code signing certificate (as opposed to some other type of certificate).
Root Certificates: Microsoft Trusted Root Certificate Program - Portal (2018)
SmartScreen
Beyond signing, we are now (Windows 8 onwards) dealing with "smart screening" (see sample blocking dialog from Windows Defender). A reputation-based system (see the accepted answer in the linked question as well) with setup / application telemetry data determining if your setup is considered safe - in other words a simple, old-school certificate just isn't enough anymore to gain trust. So they tell me :-).
You can apparently use an EV code-signing certificate to "buy trust" (interesting concept - one would have to say) - it is essentially a more expensive certificate with USB hardware token security and a more rigorous vetting process for the buyer (and there are further details): "Programs signed by an EV Code Signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher."
To point out the obvious, the below links are not meant as endorsements:
- Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates
- https://www.digicert.com/code-signing/
- https://www.globalsign.com/en/code-signing-certificate/
- Symantec Extended Validation (EV) Code Signing certificate - Getting Started.
Disclaimer: I am on shaky ground with these issues due to lack of experience, but the provided answer is "best effort" to help get you going. Please do report any important discoveries with comments to the answer or just edit the answer in-situ for the rest of the community (or add your own answer obviously).
Linking Monster: And now, the link-fest. Apologies :-).
Some Further SmartScreen Links For Safekeeping:
- How to avoid the "Windows Defender SmartScreen prevented an unrecognized app from starting warning"
- InnoSetup - fails to use global sign EV code signing
- How to pass the smart screen on Win8 when install a signed application?
- How to pass the Windows Defender SmartScreen Protection?
Some Further Certificate Links For Safekeeping:
- How to Add a Digital Certificate to a SingleImage Install Shield Installation Program
- Changing the Timestamp Server for Digital Signatures.
- UAC prompt from unidentified publisher appears when uninstalling MSIs on Windows Vista and Windows Server 2008
- Best practice to sign InstallShield setup and include intermediate certificates
- Odd 'Program name' when installing signed msi installer
- Is it possible to define a Windows Installer-uninstaller filename?
这篇关于如何在Installshield 2018中添加发布者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
