All Windows Downloads are now code signed

Since Yesterday all Winodws (.exe) downloads are now code signed. Lately Windows has increased their security measures for Internet Explorer and Edge quite a lot (Smartscreen) and it became difficult to open/run any of the maps if downloaded by Edge or IE. Similar to Nortons Reputation system (which is even worse rubbish) Windows only trusts downloads which are downloaded  very very often. (like 10.000 times in a month)  - this resulted in basically only the mtbgermany and velogermany map to be saved without security warnings. Now such a mechanism is not smart at all. The only way to overcome this is to buy a code signing certificate (not that easy actually with the background checks) and sign all downloads. This makes primarily sense if downloads can be done from several servers - and that way you can check the downloads content has not been changed (if you would open up e.g. Firefox download and check if the certificate is from Mozilla - because smartscreen could still be easily fooled by just changing the download and putting a different security certificate). Additional advantage is that if the download is incomplete/corrupt you would also get a warning (could be simply done by checking the MD5 hash too).

While in principal it would be good that Windows request signed downloads - the problem is that they only allow very few certificate vendors (Symantec, Comodo, Digicert/Globalsign and partly StartSSL) - and well not unsurprisingly all of these companies but Comodo and StartSSL are partly owned by Microsoft and the certificates far too expensive for the effort it costs to grant/publish them. There are no certivicates like Cacert or letsencrypt from open initiatives which are accepted. That's the main reason why I did not code sign the downloads already earlier. But well - pressure got too big so now all .exe downloads are code signed with a comodo cert. Oh - BTW the Mac OSx downloads are not code signed - because it's impossible to code sign .7z files.

Also I removed gmt.exe from the installer - in order to pass better with virus scannners. It will now be downloaded automatically if needed for the batch (.bat) files.

 

Besides some other improvements I found a bug in my styles that caused some islands to be flooded. This is now also solved. There will be more noticeable changes in the next few months. I'm working hard on a new hiking layout (maybe this is gonna be a completely new map besides the OpenMTBMap and Velomap - maybe only a layout. I'm still testing a lot). Also I'm thinking about changing the domain from openmtbmap.org to mtbmap.com. mtbmap.com would for sure be easier to remember for people not so much knowing about openstreetmap.org - but I'm wary of changing the domain and name so long established. The hiking maps - if separately available would move to outdoormaps.com (which I originally thought of as new name - before luckily getting mtbmap.com for very cheap). Of course if the hiking map will be separately available - it will be a free download for all premium members on velomap and mtbmap.com/openmtbmap.org.

 

Wishing you all lots of fun with the maps - Felix

2 comments to All Windows Downloads are now code signed

  • tantalus

    Hi Felix,
    wieder habe ich eine Frage zum Edge Touring in Verbindung mit den Velomapkarten.

    Ursprünglich hatte ich die hesiche und bayrische Länderkarte drauf gespielt. Heute Morgen einen Ausschnitt der Alpenkarte – damit waren die hes und bayr Karten auf dem Gerät nicht mehr sichtbar. Vorhin dann habe ich die Deutschlandkarte aufgespielt – in meinem Kartenmeneu zeigt sich folgendes Bild:
    Deaktivert – INL Standard Basemap, NR
    Deaktiviert – Garmin Cycle Map EU
    Deaktiviert – Garmin Geocode Map EU
    diese drei hatte ich schon vorher deaktiviert – ist also richtig
    Aktiviert – PL Szczeci

    mtbmap_de_04.08.2017,
    mtbmap_de_04.08.2017

    Um zu probieren, welche Karte nun überhaupt auf dem Gerät ist, habe ich am Gerät folgendes zu routen versucht: Land – Deutschland – Stadt Frankfurt/Main DE – Wienerstr (die wurde nicht gefunden) – Schweizer Str. – nicht gefunden – Textorstr. – nicht gefunden.

    Hab ich einen Denkfehler projiziert? Irgendeinen grundlegenden Fehler gemacht/gedacht?

    Viele Grüße aus Unterfranken

    • extremecarver

      Die Standard Basemap und Geocode Map brauchst du nie deaktivieren. Ich nehm an Basecamp/Mapinstall überschreibt dir beim senden die vorhandenen Karten bis auf die Basemaps/Geocode Map und komischerweise auch die Cycle Map. Du musst die Karten also auf einmal gleichzeitig senden – oder vor dem senden die Dateiendung ändern (etwa gmapsupp.img.bak – nachher dann etwa in mtbmapde.img umbenennen). Dabei sichergehen dass alle Dateiendungen angezeigt werden in deinem Dateibrowser – nicht dass sowas wie gmapsupp.img.bak.img drauß gemacht wird weil .img versteckt wird in Anzeige.
      Siehe auch: https://www.velomap.org/de/tutorials/mapsource/

Leave a Reply