none
How do I change "Verified Publisher: Unknown" to "Verified Publisher: [My Name Goes Here]" in the UAC popup

    Question

  • Greetings ...

    I write native Win32/64 windows (.exe) applications.  Sometimes I must elevate and would like to correct the UAC prompt display.

    How do I change the "Verified Publisher: Unknown" to "Verified Publisher: [My Name or My Company Name]" in the UAC prompt?  I am sure that Microsoft provides a way to accomplish this.  How is this done ... the Microsoft way?

    Thanks in advance for your help with this problematic issue.

    Please do not refer me to the Symantec Crime Syndicate or other similar entity.


    Charles S. Cotton
    Friday, November 25, 2011 3:14 PM

Answers

All replies

  • You need to sign the executable - e.g. using signtool.exe from the SDK. You need a code signing certificate for that (e.g. from Verisign).
    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Friday, November 25, 2011 4:17 PM
  • Thanks for taking the time to respond.

    I have signtool.exe.

    Isn't Verisign a Symantec product?  I really don't want to have anything to do with Symantec.  I wouldn't trust them when it comes to computer/internet security matters, being the huge corporate mess that they are. I certainly don't want to pay them anything for the service.

    How can I create my own code signing certificate, even if it works just on my own computer? I should be able to do this.

     


    Charles S. Cotton
    Friday, November 25, 2011 4:48 PM
  • then use an any other CA out there that is in the default windows trust list.

    or http://www.prijon.net/?p=12


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Friday, November 25, 2011 4:51 PM
  • The idea of a code signing certificate is that it provides evidence to the user that the software came from a reputable source, or at the very least from whoever the application says wrote it.

    You do not need to get a certificate from Verisign... There are quite a few providers out there.

    You could create your own code signing certificate, but then if you ran the application on someone else's PC, Windows will warn that it's not a trusted application. However, to do so, see here: http://stackoverflow.com/questions/84847/how-do-i-create-a-self-signed-certificate-for-code-signing-on-windows


    Developer Security MVP | www.steveonsecurity.com
    • Marked as answer by Charles Cotton Tuesday, November 29, 2011 1:47 PM
    Friday, November 25, 2011 4:54 PM
  • Thank you!  The link you suggest looks promising.

    I accept your explanation of the the 'idea' of code signing.

    Unfortunately, however, it is really just another another miserable technique, veiled under the 'fear-tactic' term 'security' which in the present day is totally abused by both the Federal Government and some large corporations to create a 'death-grip' of psychological control in the first instance and to rake in some extra income in the second. 

    In fact, code signing does little except interfere with legitimate commerce.  I think the UAC system is a good idea, on the other hand.  Code signing is just an evil cash grabbing technique.

    My main objection to code signing is that, to the casual computer user, it creates the false impression that the software is somehow 'certified' to be safe, without, of course, actually saying so.  In other words, it is a kind of falsehood, much beloved of large corporations and governments alike, nowadays. 

    It is unfortunate that Microsoft is a willing participant in the deception, being probably less than 100% concious of the misleading quality of code signing.


    Charles S. Cotton
    Friday, November 25, 2011 7:41 PM
  • A code signature does not guarantee a software is safe. It only guarantee the code is unchanged since publishing. 

    It is not just Microsoft, products for downloading often have mirrors all over the world, many of them hosted by universities and volunteers with no or little budget for security. Without signature there’s no guarantee files on the the mirror have not been altered. Do some research on the history of Debian and Fedora projects. 

    If the user trust you enough, you can tell the user to download your public key to make the signing recognizable on the user's machine. But your signature is only as safe as your private key, and if you are a big unknown, nobody will trust your CA to not issue a certificate to gmail.com or store.apple.com.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Saturday, November 26, 2011 2:47 PM