Windows 8 unsigned DLLs
-
It seems that the Windows 8 DLLs are not digitally signed. This makes it considerably easier for piracy protection to be circumvented since malware writers can now trivially replace the Windows DLLs. Did I miss a memo? Cheers, Guy
-
It seems that the Windows 8 DLLs are not digitally signed. This makes it considerably easier for piracy protection to be circumvented since malware writers can now trivially replace the Windows DLLs. Did I miss a memo? Cheers, Guy
-
Signing slows down pirates. Our security relies on the Win7/Vista/XP DLLs being signed so we can check that they haven't been replaced. G
-
Signing slows down pirates. Our security relies on the Win7/Vista/XP DLLs being signed so we can check that they haven't been replaced. G
Guy Davidson wrote:
Signing slows down pirates.
It didn't, actually. Windows File Protection has been changed for that reason; there are tools available that make it quite easy, and there are tutorials on youtube. Looks like it has replaced with Windows Resource Protection[^] since Vista. ..and no, no pirate would go through the trouble of copying an existing Windows-system. A pirate would simply download an existing copy that does not have the key-protection (ideal for larger companies, bulkinstall) From what I understood, W8 would even stop my scripts if not signed. I haven't touched it yet, so I can't say much about the (security) features. FWIW, you can still verify your system files with the System File Checker[^]
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
-
Guy Davidson wrote:
Signing slows down pirates.
It didn't, actually. Windows File Protection has been changed for that reason; there are tools available that make it quite easy, and there are tutorials on youtube. Looks like it has replaced with Windows Resource Protection[^] since Vista. ..and no, no pirate would go through the trouble of copying an existing Windows-system. A pirate would simply download an existing copy that does not have the key-protection (ideal for larger companies, bulkinstall) From what I understood, W8 would even stop my scripts if not signed. I haven't touched it yet, so I can't say much about the (security) features. FWIW, you can still verify your system files with the System File Checker[^]
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
I can assure you it did, we had a very enjoyable game of cat and mouse with them at our last release, a AAA game title, watching torrents of still-protected versions clogging the internet. The question is more why have Microsoft STOPPED signing their DLLs, particularly after they have gone to such great lengths historically to get developers to sign theirs? Is there a replacement security mechanism I should have been made aware of?
-
I can assure you it did, we had a very enjoyable game of cat and mouse with them at our last release, a AAA game title, watching torrents of still-protected versions clogging the internet. The question is more why have Microsoft STOPPED signing their DLLs, particularly after they have gone to such great lengths historically to get developers to sign theirs? Is there a replacement security mechanism I should have been made aware of?
Guy Davidson wrote:
The question is more why have Microsoft STOPPED signing their DLLs, particularly after they have gone to such great lengths historically to get developers to sign theirs?
Because it was broken, I guess.
Guy Davidson wrote:
Is there a replacement security mechanism I should have been made aware of?
Seems to be replaced by Windows Resource Protection, as I already mentioned.
Guy Davidson wrote:
we had a very enjoyable game of cat and mouse with them at our last release, a AAA game title, watching torrents of still-protected versions clogging the internet
Sounds like fun, but not like a very fruitful endeavour. I'm butting out, seems you have the wrong person to answer your query. Good luck hunting :)
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
-
Guy Davidson wrote:
The question is more why have Microsoft STOPPED signing their DLLs, particularly after they have gone to such great lengths historically to get developers to sign theirs?
Because it was broken, I guess.
Guy Davidson wrote:
Is there a replacement security mechanism I should have been made aware of?
Seems to be replaced by Windows Resource Protection, as I already mentioned.
Guy Davidson wrote:
we had a very enjoyable game of cat and mouse with them at our last release, a AAA game title, watching torrents of still-protected versions clogging the internet
Sounds like fun, but not like a very fruitful endeavour. I'm butting out, seems you have the wrong person to answer your query. Good luck hunting :)
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]
I think your answers are a little too high level: I suspect digital signing is the means by which WRP was achieved. WRP has been around since Vista, but it's not the means we adopt to achieve our goals. The endeavour was quite fruitful in that it delayed the cracking of the game. That's worth sales, believe it or not! Thanks for your help. G
-
I think your answers are a little too high level: I suspect digital signing is the means by which WRP was achieved. WRP has been around since Vista, but it's not the means we adopt to achieve our goals. The endeavour was quite fruitful in that it delayed the cracking of the game. That's worth sales, believe it or not! Thanks for your help. G
Guy Davidson wrote:
I suspect digital signing is the means by which WRP was achieved
Correct. Read the link I posted. Would also explain why there's no "need" for it anymore.
Guy Davidson wrote:
That's worth sales, believe it or not!
It is costing you sales. The reason you are working on Windows and not Macintosh or under AmigaDOS is the fact that it spread and got the most market-share. The people who wouldn't buy it still haven't bought it - (which does not equal a missed sale, that's a jump from a wordsmith) - but within no-time, everyone new the name, everyone complained about MS, and presto - they were the standard. Same story for MS Office and their competition WP, Lotus and DBase. They actively used the strategy to push the Express versions and bumped Borland out of the market. The notion that a gamer would "buy" your game if he can't find a cracked version is plain wrong. We simply played another game, knowing that the other game would be available within a week. The reason that there are few cracked (modern) versions of Delphi available, is because we have a free alternative. It might not be as loaded as the "pro" version, but it's enough for the casual user. I am sorry, but I cannot help here - as you can see, I'm coming from a very different perspective.
Bastard Programmer from Hell :suss: if you can't read my code, try converting it here[^]