Unsigned update exe?

Explore, browse and analyze .NET assemblies

Moderators: Luke Jefferson, Charles Brown, StephenC, Alex.Davies, Greg.Tillman, melvyn.harbour

Unsigned update exe?

Postby Rene » Sun Oct 03, 2010 8:50 pm

I was prompted by reflector to see if I wanted to automatically update to the latest version. I clicked yes and then I was asked by Windows if I really wanted to run a potentially unsafe exe.

Perhaps I am wrong (I should have taken a closer look) but I don’t think that the update exe was singed, if I am correct about the update exe not being singed then that just shows how little you guys care about protecting your customers. If I am wrong and the update exe is indeed signed then disregard this email.

I don’t care if the exe is being downloaded from your site, there is absolutely no reason why not to sign an exe no matter what that exe does.
Rene
 
Posts: 2
Joined: Sat Feb 13, 2010 8:21 pm

Postby Bart Read » Tue Oct 05, 2010 12:07 pm

Hi Rene,


The executable that Windows is warning you about isn't downloaded. It's actually embedded in reflector.exe itself and extracted at runtime to allow Reflector to update itself once it's downloaded the new zip file.

I agree that it's an annoyance that the updater exe isn't signed, and one that we should definitely fix, however reflector.exe itself is signed, as is the zip file that you (or Reflector) downloads from the website. This means that if the updater exe was modified it would break the signature on reflector.exe and therefore I think it's a bit strong to suggest that we don't care about protecting our customers.

I hope this information is helpful. We will try to get it fixed in the near future.


Many thanks,


Bart
Bart Read
Principal Consultant
bartread.com Ltd
Bart Read
 
Posts: 977
Joined: Thu Mar 31, 2005 11:17 am
Location: Cambridge, UK

Postby Bart Read » Tue Oct 05, 2010 3:38 pm

Hi again,


Having consulted one of the other devs here it turns out we've already fixed this in .NET Reflector 6.5 but obviously you wouldn't have seen that when upgrading from an earlier version because the updater exe is extracted from whatever version you're currently running. Anyway, what I can say is that next time you update, either manually or automatically, you should no longer see this warning.

I hope that helps.


Thanks,


Bart
Bart Read
Principal Consultant
bartread.com Ltd
Bart Read
 
Posts: 977
Joined: Thu Mar 31, 2005 11:17 am
Location: Cambridge, UK


Return to .Net Reflector 6.x and .NET Reflector 6.x Pro

Who is online

Users browsing this forum: No registered users and 0 guests