Failing Internet Explorer 9 security checks

[dlboy]

Hi,

I am having a problem where instandsupport.exe is failing IE9 security checks, making it very hard for users to run. when choosing run the file from our website IE9 will download it but then advise the user to delete it as "This program is not commonly downloaded and could harm your computer" After clicking advance options to run it, i notice in the top "SmartScreen Filter has little or no information about this unsigned program. Running this program might harm your computer"

Has anyone else come accross this and is there a fix for it, I am using the latest version of Chunk 3.2.

Regards

Richard

[supercoe]

I was having the same problems since IE9 came out and yesterday the "smart"screen filter must have allowed InstantSupport.exe from my website.

It seems to have taken a good 50+ people having to go through telling IE9 to run the file anyways.

Luckly in my case I host the exe on my website so it's always in the same place as I can see how smartscreen causes problems.

[dlboy]

So as more people download the program the less of a problem it will be?

[B]

I would think NOT. Because each compilation of InstantSupport.exe is by definition different (IP addresses, encryption keys). So I would guess it's going to be an ongoing issue...

[supercoe]

As more people download your compiled InstantSupport.exe the problem will go away. If you recompile then essentially it is a new file and will probably fail the smartscreen filter check again.

[B]

Is there a reasonable way to have it signed? I think that's why Rudi does the normal UltraVNC SC compilation on his server.

I know it doesn't actually mean much from a security perspective, but if it would help people get through these security hoops...

I would think the typical ChunkVNC user is going to have far fewer than 50 downloads!

(In the end I'd just be inclined to warn users to ignore the warnings... which is why people ignore EVERY freakin' security warning their OS and AV software throws up. It's a vicious cycle.)

[redge]

supercoe
the cause of low download, no banner = no top of suggestion download links ....
i mean, search engine make the software won't have their banner go to medium list (almost ignored part)
the dark effect of business banners

seach vnc is a top of search engine
realvnc at top (business), followed by tightvnc, etc..
imagine chunkvnc position... without banner

so if you need authenticate chunkvnc open source, i would donate the money for the certificate bypass security issue of web browsers
let me know, so customer won't worry about virus or spyware or anything. bad hacker make "b......t" cost for secure software.

[supercoe]

redge,

Thank you for your generous offer but I'm not sure how InstantSupport executables could be signed the way it is currently compiled.

I don't know much about how code signing works. I thought you had to have a secret key from the certificate authority at the time of compiling.
I'll be doing some research but If anyone is willing to share a good newbie guide to code signing I'd appreciate it.

Maybe the answer is to compile everyone's InstantSupport.exe on a central server, isn't this how SC is signed?


imagine chunkvnc position... without banner

Could you explain more what you mean here? What would be the benefit of ranking ChunkVNC other than for ad revenue?

[redge]

increase ranking by register your website to search engine for better accuracy


http://www.google.com/addurl/?continue=/addurl
http://www.bing.com/webmaster/Webmaster ... sPage.aspx
http://search.yahoo.com/info/submit.html

i mean register only certificate to InstantSupport ready to RUN (public version)
certificate custom Instantsupport need to be done from the customer, not from chunkvnc

[supercoe]

Now I see what you were saying about the search engines, thanks for the info.

When the RTR version gets good enough I'll look into signing it.

[redge]

sign certificate for chunkvnc RTR with nat2nat feature would be awesome and cream of the cream.
I'm waiting for repeater with nat2nat and vnc would blast a lot of remote software and dramatically decrease relay traffic to minimal authentication and connection

[supercoe]

I'm dreaming of this as well.

Rudi has no idea how happy a working nat2nat will make many of us!

[B]

Maybe the answer is to compile everyone's InstantSupport.exe on a central server, isn't this how SC is signed?

Yes, that's what I said above, "I think that's why Rudi does the normal UltraVNC SC compilation on his server."

The obvious drawbacks are (a) you have to pay for a cert, (b) you become a single point of failure for all new users and you have to keep your server available in perpetuity, (c) suspicious people like me are wary of having their remote control settings funneled through you, and (d) signing other's work has the potential to get you in a limited amount of trouble if the signed code is used for nefarious purposes. But it <b>would</b> be nice to have as an option (perhaps a paid option?) for those who don't want the hassle of the warnings.