Hi,
I thought that by using the "Compute MD5 signature from file" in the Updates Config projects and digitally signing our Setup exe that we would be able to prevent someone from maliciously tampering with the auto-update process.
But, I think in my tests I have proved two things which surprised me, and we need to find an alternative for.
A) I changed the MD5 value to a bogus value so that it doesn't match the md5 sig of the actual Setup exe, and this didn't affect anything. The auto-update occurs and no MD5 difference is noticed.
B) I posted a one-off non-signed Setup exe as the auto update exe and the fact that it wasn't signed was not caught by AI, or by Windows Installer technology.
Are these findings correct/consistent with what AI experts would expect? If so, how do we force the auto-update process to a) require that the digital signature of the posed setup exe file is checked against the value stored in the AIU file, and b) require that the Setup exe used by the updater must be signed, and presumably that cert. should match the one already installed on the user's machine (thus honoring the non-elevated install technology).
Thanks,
Kevin