New: HomeBank (Sep 03, 2023), Platform 26.2.1 (Sep 17, 2023)
450+ real apps (49GB), 1.1 billion downloads, Please donate.
Jack Haller, Advisor and Father of Our Founder, Has Passed Away
file tampering ? digital certificates ? file hash ?
how can I' tell if a setup install program from a developer wasn't tampered with by someone else,if theres no digital certificate or hash info provied for the setup install file ?
how do I' tell if the file has been tampered with ? without a digital security certificate or the files hash ?
signed
curious GEORGE
Scarily enough, I'm a pretty paranoid person already and I've never thought to look at that. In that case, the best idea is to run everything in separate Windows virtual machines, and backup/restore/wipe the data every usage.
Or not care.
(Sorry if that sounded sarcastic, but I was serious.)
I' guess no sec certificate or hash info with setup file means no quarantee the file is safe ?
I' do run a virus scanner thou on setup programs
I usually provide a MD5 sum for my setup packages. Else it works on trust. So far the people that usually release app (Myself, wraithdu, ZachThibeau, JohnTHaller, and man, many many more) haven't gotten in trouble for doing that. We take pride in what we do and providing good clean software for all who whish it.
And by the way, it is a good thing to scan it. Do you use virus total and jotti?
I' use AVAST AV to scan my apps...it hopefully nows malware ?
I' guess thats what it's all about,trust...although I' don't no what crackers think think of unsigned code ? open and seek ? u-ha-ha-humm ?
cool pic of ur self http://www.simplexitynetwork.com/mr.soup12/me.jpg
a ha ha cool pic man...
There are risks involved.
I for one would never download a file from a new comer signed/hashed or whatever until he has proven himself over time, unless others who have good security procedures in effect have commented already.
Even with known folks, I scan all downloads thru Virus Total.
The problem with signing is that if the program had malicious content signing would not tell you that, and even if the program were not malicious, if the signer signed it without realizing it was infected with a virus that he did not know he had, it would have a valid signature, but still be infected.
Checksums/hashes only tell you if the download was successfully completed.
Signatures are only as trustworthy as the person who signed them.
If you are truly concerned I would say don't download apps from this site until they are Officially Released and signed.
And all of our Official Releases come from our servers on sourceforge , I would never download a version from MakeShift.com 
Tim
Visit the Community page
Join our forums
Follow us on BlueSky