Code Signing FSX Gauges

[byork 2,259]

It appears gauges in FSX will need to be code signed or users will get a security warning when the gauges are loaded.I'm not sure if this applies to XML gauges, but C gauges yes.This may not be news to a lot of you. From what I've heard, however, it's possible to create a self-signed root CA somehow if you want to save the hundred's of dollars you will have to spend at places like GlobalSign, Verisign, etc.Chrs,Bryan

[ahuimanu 50]

Brian, can you expand more on this? What exactly does this mean? I think I know, but I'd like to hear more from others.

[WarpD 824]

What it means is you will have to purchase an annually renewed digital signature certificate that identifies you as the publisher. The annual cost currently ranges from $200 to $500 for a publisher certificate.

[Guest Chuck Jodry-VJPL]

By extension one could assume the same case for module's.... nuts

[n4gix 4,947]

>By extension one could assume the same case for module's....>nutsYep... Pete Dowson had to get a Certificate for his FSUIPC module.

[n4gix 4,947]

>This may not be news to a lot of you. From what I've heard,>however, it's possible to create a self-signed root CA somehow>if you want to save the hundred's of dollars you will have to>spend at places like GlobalSign, Verisign, etc.Bryan, it that is indeed possible, it would be a blessing... but if there is such a way, not a single person at ACES or any of the freeware/payware gauge coders seems to know about it... :-eek

[WarpD 824]

There is a way... however I won't state how. It's best that this not be public information because it then allows anyone to make such a certificate and impersonate another organization.

[n4gix 4,947]

It would be nice if some major flightsim site (AVSIM?) were to set themselves up as a Signing Authority for the use of freeware C gauge programmers at least, with perhaps a very, very small fee to obtain a Trusted Certificate... ;)

[Guest lc0277]

Oh well, C gauges are FS modules, which are no more than DLLs, loaded every time you launch FS with an aircraft using that gauge. They can contain potentially any code, including all kinds of spyware, virii and malware you can imagine. Considering hundreds of gauges downloaded every day on avsim, I'm very surprised no one ever uploaded harmful code hidden into a flashy snazzy altimeter or similar instrument :)With the protection providen at operating system level (read: none) this is really a security issue for everyone. Microsoft is more and more attentive to the security of their products, and the techniques used here are just a part of a global policy to unburden users from everyday care about keeping your AV up to date, wondering if you are downloading from the right site/person, removing spywares, etcI don't have access to FSX beta, so I can't tell about those signing issue. Maybe there is a tool in MS platform SDK or .net SDK to sign your programs. I'm not very enthusiast about those 500$ fees just to prove who you are.I'm not sure it's the best choice for security. In Microsoft' C# there are some type-checking and sandbox system stolen to^W^Winspired by the java language. It makes a real difference, since you don't have to trust an external authority, signer or everyone else, you can just trust the code. The way it's programmed and executed makes it naturally safe and secure.

[Guest Patrick_Waugh]

>There is a way... however I won't state how. It's best that>this not be public information because it then allows anyone>to make such a certificate and impersonate another>organization.If you create a root cert it is not on a users computer, so a warning pops up anyway asking the to install it, and explains the security implications.This is a great solution as once a user is imformed about the security implications and obtains the software from you in a secure / verifiable way, then they can choose to trust YOU, and not Verisign's trust of you.We will be creating a root cert for Benchmark Avionics, and might offer other developers their own cert.

[WarpD 824]

Right... so you create a root cert for Benchmark... then I create a root cert for Benchmark. Which is the 'real' cert? ;)

[Guest Patrick_Waugh]

The one the works with my secret decoder ring of course. :)The real one is the one that matches the one available on my site, and downloaded from that site. Further, easy enough to sign it with PGP etc.Yes, it is more of a step for the user, but not really that hard. With a bit of work, I think much of it can be automated for them as well.So, while you might create a Cert with a similar name ( a phishing attack ), it won't be identical, nor use the same public key.Only difference really is that my root cert. won't already be on your manchine like the others.

[ahuimanu 50]

>Oh well, C gauges are FS modules, which are no more than>DLLs, loaded every time you launch FS with an aircraft using>that gauge. They can contain potentially any code, including>all kinds of spyware, virii and malware you can imagine. >Considering hundreds of gauges downloaded every day on avsim,>I'm very surprised no one ever uploaded harmful code hidden>into a flashy snazzy altimeter or similar instrument :)>With the protection providen at operating system level (read:>none) this is really a security issue for everyone. Microsoft>is more and more attentive to the security of their products,>and the techniques used here are just a part of a global>policy to unburden users from everyday care about keeping your>AV up to date, wondering if you are downloading from the right>site/person, removing spywares, etc>>I don't have access to FSX beta, so I can't tell about those>signing issue. Maybe there is a tool in MS platform SDK or>.net SDK to sign your programs. I'm not very enthusiast about>those 500$ fees just to prove who you are.>>I'm not sure it's the best choice for security. In Microsoft'>C# there are some type-checking and sandbox system stolen>to^W^Winspired by the java language. It makes a real>difference, since you don't have to trust an external>authority, signer or everyone else, you can just trust the>code. The way it's programmed and executed makes it naturally>safe and secure. >>>MAN you are talking some sense...I asked tdragger (no, I begged), for a CLR interface to the FS internals so that we could use .NET, which won't be optional by the time Vista rolls around. I think tdragger said "that's interesting" and "why?" to that request.

[Guest Patrick_Waugh]

>I asked tdragger (no, I begged), for a CLR interface to the FS>internals so that we could use .NET, which won't be optional>by the time Vista rolls around. I think tdragger said "that's>interesting" and "why?" to that request.I think the reason he said that was because with marshalling you can already use managed code in a gauge, much like we use C++ now, but with the added overhead and complexity of marshalling. Unless they re-write FS in managed code (which will never happen with such a high performance app), you'll always have to use marshalling to communicate with any unmanaged code.

[dragonflightdesign 98]

FSX gives you the opportunity to declare a gauge as 'safe' and to be loaded each time you fire the game up, much in the same fashion as we had the means to declare third-party modules as acceptable in FS2K2. You don't need a certificate but ATM the certification routine doesn't work.... guess they'll fix it before release.-Dai