1

I made a small application that I thought would help myself and other players of a game. When I finished this program, I zipped it and threw it up on a download site so I could share it with others. However, when my friends went to download it they got a scary sounding message about the potential danger of running my program from Windows.

I don't think anyone who doesn't know me personally would trust using my little application when such a message pops up. I read I can avoid this by purchasing a verified authenticode from a number of certificate vendors. But since I am just really programming as a hobby and am a recently poor recently graduated student this is not really an option.

Is there any other way for me to offer my program to those interested that won't throw such a warning? I am not asking for money or any other forms of gratuity for it, I just want to let others that may find it useful use it. Also, My program does NOT need elevated permissions or anything, it just grabs a website through HttpClient and allows the players to see the information in a more user friendly way in the program window.

Erik S
  • 45
  • 6
  • You aren't saying what the message is. It sounds like it might just be the standard warning on any .EXE of outside origin. If so there's nothing you can do about it. – Loren Pechtel Jul 27 '14 at 04:44

2 Answers2

3

For any executable to be distributed through an anonymous download site, Microsoft has decided that if it is not digitally signed, Windows will warn potential users using intentionally scary language.

The only solution that Microsoft provides is for the executable to be signed with a specific kind of Certificate that identifies you or your company by name. You can only get such a certificate from an official Certifying Authority (CA) and you can only get it by having your personal details authenticated. Because of these requirements, certificates cost money. The minimum is something like $100 a year. If you don't keep paying, it will be revoked.

It's been this way since Vista, but as of Windows 8 there is another scary layer on top called SmartScreen. To avoid this you need to be "of good reputation" as well as having a certificate.

There is no way to get round this, at least not directly. One or more of the following might work for you.

  1. Search for "free certificate". There are organisations that do this. I haven't used one.
  2. Search for "authenticode timestamping services" that will do it for you.
  3. Use someone else's certificate (maybe your school/college/uni has one).
  4. Submit your code for download through a download service that will do this for you.
  5. Self-sign and persuade your friends to install your certificate. They probably won't.
  6. Distribute by a mechanism that does not trigger this. Files transferred by FTP or peer-to-peer may not trigger this warning.
  7. Distribute files inside a passworded zip file, and give uses the password.
  8. Change the file extension, and ask the user to rename the files back to .exe

Best of luck!

david.pfx
  • 10,520
  • 3
  • 30
  • 63
1

You need to digitally sign your executable to avoid getting that "cannot be verified" warning. You can see this answer for more information: How can I digitally sign an executable?

You can also read about signtool.exe (http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.110%29.aspx) which is used to sign executables.

Community
  • 1
  • 1
itsme86
  • 19,266
  • 4
  • 41
  • 57