Quantcast

Burn: How to suppress Payload Verification after reboot

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Burn: How to suppress Payload Verification after reboot

Simon Chromow
Hello everyone,
is it possible to suppress the verification of an acquired payload after the system/bundle restarted?
Or is it even possible to suppress the payload caching?

Thanks for your efforts,

Simon Chromow
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
WiX-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/wix-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Burn: How to suppress Payload Verification after reboot

robmen
No. Unfortunately, there is no way to ensure that the cache was not
pre-populated with data that is invalid so the verification process is
always executed. There was a security vulnerability before the verification
was always run.

On Mon, Jun 4, 2012 at 3:35 AM, Simon Chromow <[hidden email]>wrote:

> Hello everyone,
> is it possible to suppress the verification of an acquired payload after
> the system/bundle restarted?
> Or is it even possible to suppress the payload caching?
>
> Thanks for your efforts,
>
> Simon Chromow
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> WiX-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/wix-users
>



--
virtually, Rob Mensching - http://RobMensching.com LLC
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
WiX-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/wix-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Burn: How to suppress Payload Verification after reboot

Simon Chromow
Ok. Could you tell me which process of verificating the cached payloads is faster?  Comparing hash or comparing signature?

-----Urspr√ľngliche Nachricht-----
Von: Rob Mensching [mailto:[hidden email]]
Gesendet: Montag, 4. Juni 2012 23:05
An: General discussion for Windows Installer XML toolset.
Betreff: Re: [WiX-users] Burn: How to suppress Payload Verification after reboot

No. Unfortunately, there is no way to ensure that the cache was not pre-populated with data that is invalid so the verification process is always executed. There was a security vulnerability before the verification was always run.

On Mon, Jun 4, 2012 at 3:35 AM, Simon Chromow <[hidden email]>wrote:

> Hello everyone,
> is it possible to suppress the verification of an acquired payload
> after the system/bundle restarted?
> Or is it even possible to suppress the payload caching?
>
> Thanks for your efforts,
>
> Simon Chromow
>
> ----------------------------------------------------------------------
> --------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond.
> Discussions will include endpoint security, mobile security and the
> latest in malware threats.
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> WiX-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/wix-users
>



--
virtually, Rob Mensching - http://RobMensching.com LLC
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
WiX-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/wix-users



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
WiX-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/wix-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Burn: How to suppress Payload Verification after reboot

robmen
I've never measured but I expect verifying just the hash is faster since
comparing the signature requires taking a hash of the file and doing more.

On Mon, Jun 4, 2012 at 11:41 PM, Simon Chromow <[hidden email]>wrote:

> Ok. Could you tell me which process of verificating the cached payloads is
> faster?  Comparing hash or comparing signature?
>
> -----Urspr√ľngliche Nachricht-----
> Von: Rob Mensching [mailto:[hidden email]]
> Gesendet: Montag, 4. Juni 2012 23:05
> An: General discussion for Windows Installer XML toolset.
> Betreff: Re: [WiX-users] Burn: How to suppress Payload Verification after
> reboot
>
> No. Unfortunately, there is no way to ensure that the cache was not
> pre-populated with data that is invalid so the verification process is
> always executed. There was a security vulnerability before the verification
> was always run.
>
> On Mon, Jun 4, 2012 at 3:35 AM, Simon Chromow <[hidden email]
> >wrote:
>
> > Hello everyone,
> > is it possible to suppress the verification of an acquired payload
> > after the system/bundle restarted?
> > Or is it even possible to suppress the payload caching?
> >
> > Thanks for your efforts,
> >
> > Simon Chromow
> >
> > ----------------------------------------------------------------------
> > --------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond.
> > Discussions will include endpoint security, mobile security and the
> > latest in malware threats.
> > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > WiX-users mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/wix-users
> >
>
>
>
> --
> virtually, Rob Mensching - http://RobMensching.com LLC
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and threat
> landscape has changed and how IT managers can respond. Discussions will
> include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> WiX-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/wix-users
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> WiX-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/wix-users
>



--
virtually, Rob Mensching - http://RobMensching.com LLC
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
WiX-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/wix-users
Loading...