You are here

Testers Needed: PA.c Installer 3.1b1 with NSIS3 and New Digital Signing

4 posts / 0 new
Last post
John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 6 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Testers Needed: PA.c Installer 3.1b1 with NSIS3 and New Digital Signing

We need some quick testers to try out a new beta PA.c Installer and a new signing technique for the installers.

1. PA.c Installer 3.1 Beta 1 with NSIS3

I've built an updated PA.c Installer that utilizes the latest NSIS 3 Beta 3 build. The new build prevents a possible DLL hijack exploit on the majority of Windows installers attacked via insecure automatic downloading of DLLs by Google Chrome and Microsoft Edge (both browsers allow any website to indiscriminately download malware DLLs to your Downloads directory without user interaction that signed installers will use, especially critical for local installers with admin rights). Here's some background on the issue. In addition to the security fix, this new installer also makes use of proper UI scaling on Windows 10 so it won't be fuzzy when zoomed to 125-200% and adds in the new 7-Zip release for live installer extractions for better compatibility with some installers.

2. New Digital Signing

Starting this week, we'll be signing our installers and launchers with both old-style SHA-1 and new-style SHA-2/SHA-256 digital code signing hashes. This will allow us to comply with upcoming SHA-1 deprecation rules while still working on older Windows systems that don't properly handle SHA-2 hashes (Windows XP and Vista). This test will help ensure that the signatures work as expected.

First Test: PA.c Installer 3.1b1

Download PA.c Installer 3.1 Beta 1
Download: 2MB / Install: 7MB
MD5: d3c41efbeb688d6799a3695d2c202d27

Note that this will install to the standard directory for the PA.c Installer in your PA.c Platform setup, so backup first or manually pick another directory.

Second Test: Google Chrome Portable 47.0.2526.106

Download Google Chrome Portable 47.0.2526.106 (repack with new installer)
Download: 1+38MB / Install: 150MB
MD5: 65b84c733fc57e828885339bb456affc

This is the same build as currently released just packed with the new installer and signed using the new technique.

What to Test

You'll be testing to ensure the installers run properly on your own system both visually and functionally. The PA.c Installer 3.1b1 release will allow you to test both the installer and the signing for compatibility with your system. The Google Chrome installer will allow you to test out the live installer functionality with 7-Zip extraction on your system.

You can verify the digital signatures by right-clicking the installers, selecting properties, and selecting the Digital Signatures tab. On Windows XP/Vista, a single SHA-1 hashed signature will show that is based on a SHA-2 signing certificate. On Windows 7 and later, two signatures will show, one SHA-1 hashed and one SHA-2 hashed, both based on the same SHA-2 signing certificate. It will work on Windows 2000 as well, for the curious, though it will warn that it may be invalid if you click for details.

Please post your findings below including your operating system version, service pack level, 32-bit vs 64-bit, and any other pertinent details as soon as you can.

The sooner we get a few tests back, the sooner I'll be releasing this along with the rest of the outdated apps.

Thanks!

Wm ...
Offline
Last seen: 7 years 2 months ago
Joined: 2010-07-17 12:37
Uncertain

I understand the threat. I've checked the MD5's, virus scanned, etc. What I'm not sure about is what I should be observing to know whether the test is successful or not. i.e.
===
You'll be testing to ensure the installers run properly on your own system both visually and functionally.
===
What should I be expecting "functionally" ? If it didn't work and played naughty with DLL's what should I be observing ?

Windows 8.1 (x64) (build 9600)

Wm

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 6 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Does It Work

Functionality means... does the installer work. That's all. We don't need verification that the DLL issue is handled because it already is handled by code that's not ours. We're just testing that our installer that was written against Unicode NSIS 2.46.x still works against NSIS 3.0b3.

Sometimes, the impossible can become possible, if you're awesome!

Wm ...
Offline
Last seen: 7 years 2 months ago
Joined: 2010-07-17 12:37
OK here X 2

In that case all appears fine on the relatively modern system above as well as a WinXP SP3 system

Wm

Log in or register to post comments