3. New face of paranoia: is that
really so annoying?
4. But I am administrator!
• My
Oleksandr Documents
User
• Registry
Oleksandr • …
• My
Oleksandr Documents
Administrator
• Registry
• …
5. UAC compliant application
Code Sign the installer AND the executable programs as
well as any supporting DLLs.
Manifest the program & Installer
Prompt the user for creation of shortcuts
No option to run the program at the end of the install
Never write to any file (even an INI file) in installation folder
- it is "read only“
Data should go into a UAC location based on CSIDL
values such as APPDATA.
6. How do they trust you?
Certificate
authorities
We provide
verifications!
Running
platform (Win,
Application
IE, Firefox,
Code etc.) Root trust
SSL certificate
signing
certificate s
certificate
8. Paper monsters - what was needed
to apply for certificate
Passport
Driver license
Copy of a recent bank statement (you may
blacken out the Account Number)
Copy of a recent Land line phone bill.
Copy of a recent major utility bill(i.e. power bill,
water bill, etc.).
9. My paper monsters – how I applied
for CoMoDo
Passport/ Driver license
Recent bank statement -2 times
Life :) contract plan
Personal email, bound to concrete domain
Translations!
10. Generating…
Windows XP
IE
Get the file! (not the CSP!)
Pay for 3 years…
….
Don’t click back – next in browser while applying!
Creating a ticket on CoMoDo
Verifying the documents
Collecting the certificate on the SAME WinXP
OS
12. What was not mentioned
We should not count on other applications, that is
not UAC compliant. It’s now new times!
Crash dumps – they are possible, and some
people even upload reports to MS! And even
sometimes they are downloadable from MS
servers.