All Windows Downloads are now code signed

Since Yesterday all Winodws (.exe) downloads are now code signed. Lately Windows has increased their security measures for Internet Explorer and Edge quite a lot (Smartscreen) and it became difficult to open/run any of the maps if downloaded by Edge or IE. Similar to Nortons Reputation system (which is even worse rubbish) Windows only trusts downloads which are downloaded  very very often. (like 10.000 times in a month)  - this resulted in basically only the mtbgermany and velogermany map to be saved without security warnings. Now such a mechanism is not smart at all. The only way to overcome this is to buy a code signing certificate (not that easy actually with the background checks) and sign all downloads. This makes primarily sense if downloads can be done from several servers - and that way you can check the downloads content has not been changed (if you would open up e.g. Firefox download and check if the certificate is from Mozilla - because smartscreen could still be easily fooled by just changing the download and putting a different security certificate). Additional advantage is that if the download is incomplete/corrupt you would also get a warning (could be simply done by checking the MD5 hash too).

While in principal it would be good that Windows request signed downloads - the problem is that they only allow very few certificate vendors (Symantec, Comodo, Digicert/Globalsign and partly StartSSL) - and well not unsurprisingly all of these companies but Comodo and StartSSL are partly owned by Microsoft and the certificates far too expensive for the effort it costs to grant/publish them. There are no certivicates like Cacert or letsencrypt from open initiatives which are accepted. That's the main reason why I did not code sign the downloads already earlier. But well - pressure got too big so now all .exe downloads are code signed with a comodo cert. Oh - BTW the Mac OSx downloads are not code signed - because it's impossible to code sign .7z files.

Also I removed gmt.exe from the installer - in order to pass better with virus scannners. It will now be downloaded automatically if needed for the batch (.bat) files.

 

Besides some other improvements I found a bug in my styles that caused some islands to be flooded. This is now also solved. There will be more noticeable changes in the next few months. I'm working hard on a new hiking layout (maybe this is gonna be a completely new map besides the OpenMTBMap and Velomap - maybe only a layout. I'm still testing a lot). Also I'm thinking about changing the domain from openmtbmap.org to mtbmap.com. mtbmap.com would for sure be easier to remember for people not so much knowing about openstreetmap.org - but I'm wary of changing the domain and name so long established. The hiking maps - if separately available would move to outdoormaps.com (which I originally thought of as new name - before luckily getting mtbmap.com for very cheap). Of course if the hiking map will be separately available - it will be a free download for all premium members on velomap and mtbmap.com/openmtbmap.org.

 

Wishing you all lots of fun with the maps - Felix

Leave a Reply