protection for installer ?

o_owd · 13th August 2008, 05:46

Hey,

In the last few weeks the server where my installer is, was hacked twice and a virus/trojan was injected in my installer.

How can I protect my installer to display an error or warning message if the size / others / MD5 / had been changed ?

Thanks,
OJi.

Yathosho · 13th August 2008, 14:25

use the CRCCheck command. however, it happens quite often that antivirus software reports nsis installers as malware, even if not true. you will find many postings of false positives in this forums.

Sheik · 14th August 2008, 04:28

Also, you can use signcode/signtool to Authenticode sign your binary, to ensure it is not tampered with.

To read up on it:

http://www.microsoft.com/technet/arc....mspx?mfr=true

Sheik · 14th August 2008, 04:30

Or perhaps, a better link:
http://msdn.microsoft.com/en-us/library/ms537360.aspx

o_owd · 14th August 2008, 12:27

thanks for replies.

if i understand correctly, i need to buy a certificate. what if i do not have any company or money to pay for one ?

a tutorial is (really) missing for all the signing/certificate stuff.

thanks,
OJi.

demiller9 · 14th August 2008, 17:57

NSIS installers are already protected by CRC checks. It would have to be a clever virus to recognize that the executable it is about to infect is a NSIS installer, and to infect it and to correct the crc so that it passes (or to disable the crc check but still leave the installer functional).

Don

o_owd · 14th August 2008, 19:17

my installer was virused and still did not displayed any crc error.
crc check is not disabled in my installer.

Sheik · 15th August 2008, 02:32

I think you can self-sign the binary with the AuthenticCode stuff, but I think then it doesn't help you, as someone could self-sign your Installer with a virus...

But if you are willing to pay for a cert, its the way to go.
If you download winamp for example, you will notice that its signed by "AOL", specifically:
Publisher: America Online, Inc

Also, for my company (Digi), we do pay for the cert each year, and then we sign literally every windows binary we release with it.

If paying for the cert isn't an option...

Another thing you can do, is what some people do...
Whether its really perfect or not, I don't really know.
But you can post your binary and then also post the md5sum of the binary image.
You can tell user's to compare the binary's md5sum against the one you post.
The only gotcha there, is if someone hacked into your server to add a virus to your binary, they surely can hack in and change the md5sum value as well.

13th August 2008, 05:46	#1
o_owd Senior Member Join Date: Feb 2003 Location: TGM, Romania Posts: 176	protection for installer ? Hey, In the last few weeks the server where my installer is, was hacked twice and a virus/trojan was injected in my installer. How can I protect my installer to display an error or warning message if the size / others / MD5 / had been changed ? Thanks, OJi.

13th August 2008, 14:25	#2
Yathosho Forum King Join Date: Jan 2002 Location: AT-DE Posts: 3,366	use the CRCCheck command. however, it happens quite often that antivirus software reports nsis installers as malware, even if not true. you will find many postings of false positives in this forums. NSIS IDE for Atom \| NSIS for Visual Studio Code \| NSIS for Sublime Text \| NSIS.docset

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

14th August 2008, 04:28	#3
Sheik Senior Member Join Date: Feb 2007 Posts: 152	Also, you can use signcode/signtool to Authenticode sign your binary, to ensure it is not tampered with. To read up on it: http://www.microsoft.com/technet/arc....mspx?mfr=true

14th August 2008, 04:30	#4
Sheik Senior Member Join Date: Feb 2007 Posts: 152	Or perhaps, a better link: http://msdn.microsoft.com/en-us/library/ms537360.aspx

14th August 2008, 12:27	#5
o_owd Senior Member Join Date: Feb 2003 Location: TGM, Romania Posts: 176	thanks for replies. if i understand correctly, i need to buy a certificate. what if i do not have any company or money to pay for one ? a tutorial is (really) missing for all the signing/certificate stuff. thanks, OJi.

14th August 2008, 17:57	#6
demiller9 Senior Member Join Date: Mar 2006 Location: Dallas Posts: 462	NSIS installers are already protected by CRC checks. It would have to be a clever virus to recognize that the executable it is about to infect is a NSIS installer, and to infect it and to correct the crc so that it passes (or to disable the crc check but still leave the installer functional). Don

14th August 2008, 19:17	#7
o_owd Senior Member Join Date: Feb 2003 Location: TGM, Romania Posts: 176	my installer was virused and still did not displayed any crc error. crc check is not disabled in my installer.

15th August 2008, 02:32	#8
Sheik Senior Member Join Date: Feb 2007 Posts: 152	I think you can self-sign the binary with the AuthenticCode stuff, but I think then it doesn't help you, as someone could self-sign your Installer with a virus... But if you are willing to pay for a cert, its the way to go. If you download winamp for example, you will notice that its signed by "AOL", specifically: Publisher: America Online, Inc Also, for my company (Digi), we do pay for the cert each year, and then we sign literally every windows binary we release with it. If paying for the cert isn't an option... Another thing you can do, is what some people do... Whether its really perfect or not, I don't really know. But you can post your binary and then also post the md5sum of the binary image. You can tell user's to compare the binary's md5sum against the one you post. The only gotcha there, is if someone hacked into your server to add a virus to your binary, they surely can hack in and change the md5sum value as well.