Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Minim watch won’t install win 64bit
11-07-2020, 12:42
Post: #11
RE: Minim watch won’t install win 64bit
I have done some experiments with this. At present, there are warnings from the download as well as the (elevated) installer. I could change the installer to not be elevated, which removes the installer warning but doesn't remove the download warning. For most users, this change would be transparent but I think there will be some users for whom it is not (various means of automatic startup, automatic rescan and/or running as a service).

The ideal solution would be to remove both the download warning and the installer warning. As a test, I downloaded and installed Wireshark. This downloaded without a warning and produced the "normal" elevation pop-up when installing. This pop-up allows the user to inspect the publisher's code-signing certificate, showing that WireShark is signed by Wireshark Foundation using a certificate issued by Sectigo.

I would like to replicate this download and install experience for MinimServer. I don't think the "normal" elevation prompt is an issue as almost all downloaded software produces this prompt. This will require the purchase of a code signing certificate and now that MinimServer 2 is a commercial product I am able to fund this cost of this.

There is the additional issue of gaining sufficient reputation with Microsoft to be allowed through the SmartScreen defences. I will need to find out how this works in practice after I have produced signed versions of MinimServer and MinimWatch. There is a way to submit signed executables for review as well as a way to submit a web page as being trusted for downloads. I am hoping that one or other of these will enable new versions of MinimServer and MinimWatch to be published with sufficient reputation to not be blocked by SmartScreen.

I will probably not use the new Java packager because it requires bundling Java as part of the MinimServer/MinimWatch packages. This would greatly increase the size of the MinimServer/MinimWatch packages and would also require me to update MinimServer/MinimWatch each time a Java update is issued.

I understand the issue with Java updates causing firewall issues. This is a very common user issue and my intention is to solve it by creating a native Windows launcher for MinimServer and MinimWatch that finds where Java is installed and starts the Java runtime within the MinimServer/MinimWatch process. With this approach, the user should be able to create firewall rules for MinimServer/MinimWatch rather than for Java. This is more intuitive and more secure and doesn't require the firewall rules to be updated when Java is updated.
Find all posts by this user
Quote this message in a reply
13-07-2020, 11:43
Post: #12
RE: Minim watch won’t install win 64bit
(11-07-2020 12:42)simoncn Wrote:  I understand the issue with Java updates causing firewall issues. This is a very common user issue and my intention is to solve it by creating a native Windows launcher for MinimServer and MinimWatch that finds where Java is installed and starts the Java runtime within the MinimServer/MinimWatch process. With this approach, the user should be able to create firewall rules for MinimServer/MinimWatch rather than for Java. This is more intuitive and more secure and doesn't require the firewall rules to be updated when Java is updated.
If you do this, which seems a good idea, then you could add the firewall creation rules to the installer. It makes sense to use an elevated install if you are going to give firewall permissions to an executable, so that the executable which has the permissions can't be changed without admin rights.

The exisiting arrangement gives the permissions to the Java executable, which can't be changed, but does allow any java application the freedom of the firewall.

One final point. The OP mentioned giving firewall permissions on public networks. This really shouldn't be necessary, particularly on a lpatop that that might be used away from home.

Mike
Find all posts by this user
Quote this message in a reply
13-07-2020, 13:25
Post: #13
RE: Minim watch won’t install win 64bit
The present arrangement prompts for the firewall permission (for Java) when I first start MinimServer, not when I install Java. I had assumed this was a default action of Windows Defender rather than something controlled by the Java installer. This is on Windows 7.

Your point about the elevated install preventing the executable from being changed seems reasonable but would not provide protection if an unprivileged user does the install, as the current installer does a non-elevated install in this case. I haven't investigated how this non-elevated install of MinimServer interacts with the firewall. It might happen to work because Java was installed using an elevated install and therefore has firewall privileges.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)