grahama
5th November 2004 02:19 UTC

signed cab vs. a straight .exe : best in practice?
I have just about finished an installer built in NSIS....fantastic...and very happy with it
Currently, in an html page, when the user clicks the 'download app to my desktop' button, a straight nsis built .exe is executed.
My question: Is is better in practice to create a signed cab? Or, is using a signed cab more problematic than using a straight .exe file where you get the 'malicous code' warnings and where the user is prompted for a location to download the .exe. Is there some accepted protocol for real world installers ?

many thanks as I hope this is not too theoretical

scully13
5th November 2004 13:11 UTC

I would say a straight executable would be better than a signed cab. However, you could take it one step further and sign your executable. Ecspecially, since I'm sure you'll have users running XP with SP2.

grahama
5th November 2004 21:57 UTC

a growing few...still find a lot of users with 2000 and 98 :( Hell, I use Mac OS X with Virtual PC....as I do not actually own a PC computer. Basically, I just assume everyone's computer system is from hell ;)
Is a signed executable going to fail on 2000/98 or does the operating system just ignore it. If so, is there a quick and easy way to create a signed executable ?
many thanks
g

scully13
5th November 2004 22:04 UTC

Signed or unsigned will not fail either way. The only difference I notice is with SP2 you get a warning when it's not signed. The only signing technique I'm familiar with is Verisign and we use it to sign both CABs and EXEs using signcode.exe. If the CAB isn't signed some users won't be allowed to install it at all depending on how their security settings are set in IE. If your looking for others besides Verisign I've seen them talked about in this forum but I'm unfamiliar with them or what the difference is.

grahama
5th November 2004 23:35 UTC

great ....seems like Verisign would be the way to go for this kind of thing
many thanks