Please Note: the following is going to upset equipment manufacturers and I am going to take heat for having said it. If you are a manufacturer and you don’t like what I am going to say, let me disclose that if you complain to me, I will put your complaint (written or verbal) as an addendum to this post, exposing you (personally) and your company as the third-rate hacks that you will have proven to be.
When you download a software tool or a firmware update for your Total Station, Data Collector or GPS from the internet how do you know that it
- Is from the manufacturer?
- Is complete?
- Is uncompromised?
The best way (and I will argue the only way) is if the software tool is ‘Code Signed’. Code signing computes a complex numerical key for the software and appends the key to the code. Through a series of public/public keys, you can be reasonably assured that the code was created by the device manufacturer.
You can read all about code signing and implementation details at Wikipedia [ here ].
No doubt you are already very familiar this process. Here is an example. When you download the X9 GPS download tool from our (iGage) website and run it, a message like this:
A Valid Code Signed File
Is displayed. If you click on the ‘Show Details’ you can inspect the certificate, however in general you don’t need to because your computer won’t display the ‘Verified pulisher’ when there is something wrong with the file. If I make a single 1-bit change to a random location within the file when I run the file I see:
An Invalid or Unsigned File
you should NEVER, EVER run a downloaded file that does not have a verified publisher. Ever.
Now, why is this important and why am I sounding this alarm?
- The file may have been compromised on the fileserver where it was downloaded. (As shown above.)
- The file may have been compromised during the download process.
- If you have a virus on your computer, the virus may modify the file when it is saved to your drive.
- The file may be completely bogus or a partial download.
If the code is properly signed, then you can be sure that it has not been modified since the developer (the signer) made it. If the code is not signed, then you can not be positive that the download is what you think it is. You SHOULD NOT INSTALL OR RUN IT.
Often, when software is installed, it will generate a positive hit with an anti-virus solution. The question always occurs “Is this the EXACT same file that the manufacturer distributed, or has the file been modified by an existing virus on the user’s computer.” Code signing solves this problem.
How Does a Manufacturer Code Sign?
It is pretty simple (which is why it is inexcusable that most manufacturers don’t do it):
1. Manufacturer purchases a certificate for approximately $170 per year. (Here is where iGage get’s our certificate.)
2. Developer applies the certificate to code (it takes a few seconds) and enters the secret password to ‘sign’ the executable. A special secret key must be installed on the computer where the code is signed.
A manufacturer can purchase a certificate and use the same certificate to install software from multiple machines (I have four machines that I routinely sign code on.) You only need the private, public keys and the password.
What are the risks of a manufacturer not signing code?
The big risk is the file is compromised (perhaps after you download it to your computer) and you install a virus on your computer or pass on the virus to a friend or office mate. A lessor risk is the file is incomplete or damaged and won’t work.
What excuse could a manufacturer make to not code sign?
There is no excuse (period).
If a manufacture does not sign updates and installations, then they are either
- too small to afford a $170 certificate
- too stupid to understand how important it is
Either way, you should purchase your survey equipment elsewhere. The lack of consistent code-signing from a software developer is the sign of a software process that is out of control, run by idiots and supervised by hacks. That big companies proffer software tools and updates without code signing is a sure sign that you DO NOT WANT TO DO BUSINESS WITH THEM.
Safe surveying and computing to you, Mark
ps: if you are a manufacturer and need help implementing code signing I will help you. It will make the world a better place, I am all for that. Just don’t argue that it is un-needed or not irresponsible.