ShopMate Internet Download and Internet Security
ShopMate Internet Download and Internet Installation Security
Softhard Solutions ShopMate Business Accounting Software for Businesses
Get Internet Installation of Business Accounting Database Software Offer
Hi everyone,
Many users are asking about the ShopMate Internet and AzureMate Download and Installation
and the Internet Installation Security that is associated with it. In this
post I would like to explain more fully the Digitally Singed Software and
how it works.
Those of you who want to know more of what Softhard Solutions ShopMateWb, ShopMate or AzureMate are, learn more about
ShopMateWeb Online,
ShopMate Desktop or
AzureMate Desktop.
All our downloads come from our Microsoft Azure Data Storage server,
using secured 'https://' protocol.
The difference between Windows Installer and the Internet Installer
is that we could create the Windows Installer and, therefore, could guide you through the
correct steps to install ShopMate. The Internet Installer is run by Microsoft Technology,
ClickOnce, which should be trusted and which installs ShopMate or AzureMate on your computer,
independently of us.
The ClickOnce allows you to be automatically notified about
any changes in version upgrades we implement, the users of Windows Installer would have to
check with us periodically on our website. When you use the Internet Installation,
ShopMate is installed on your computer for current user in so called SandBox configuration,
meaning that only the user who installed ShopMate can run ShopMate afterwards.
ShopMate or AzureMate Internet Installation
Typically, you would use the ShopMate or AzureMate Internet Installation Setup on machines
that have full, partial or timed access to the Internet Network. ShopMate Internet Installation
is the preferred way because the Deployment of ShopMate and any of its later updates to customer users
is simple, easy and mostly interaction free.
For ShopMate or AzureMate Internet Installation and deployment, Softhard Solutions is
using the Microsoft ClickOnce Technology. A ClickOnce application is a .NET
Framework (system) client application combined with manifest files that describe
and authenticate the application and supply installation parameters.
The application is installed on the client computer in a so called "SandBox",
per currently logged in User only and, therefore, totally self contained and secured
and the application can be run afterwards only by this same user on that machine.
So, say there are 5 different users using the same machine and all want to use ShopMate,
all 5 users must run the Internet installation, 5 installations will exist on that
machine. This is ok, the ShopMate Internet Installation has a very small footprint.
One Shortcut, to run ShopMate, is created on your desktop by the setup.
Two more entries are created, one in the Start button on your windows Task
Bar to access and run ShopMate and another one is created in the (32 bit) Add/Remove Programs
or (64 bit) Uninstall Programs section of your Control Panel
to be able to remove ShopMate. The Icon for removing ShopMate is created by ClickOnce
setup and is different looking from the normal ShopMate Icon.
ClickOnce makes it easy for our customer users to receive all ShopMate Updates
that we implement and publish by being notified automatically about current changes
when they run ShopMate. Unlike in Windows Installer of ShopMate, they do not loose
any settings they may have set and the installation of the updates is done smoothly,
behind the scenes, without any interaction.
The user clicks on the Install link just once and the software is downloaded from
our website download page and installed on user's machine without any further interaction.
This only works in theory. When your Browser security and later the windows security
kicks in at the actual installation, the user has to make choices that the security
is presenting and, obviously, click more than once.
Packaged software uses branding and trusted sales outlets to assure users of its
integrity, but these are not available when code is transmitted on the Internet.
Additionally, there is no guarantee that the code hasn't been altered while being
downloaded unless the secured 'https://' protocol (all our downloads from
our Cloud
Microsoft Azure Data Storage
server are using this protocol) is used instead of normal, unsecured, 'https://'
protocol.
Browsers typically exhibit a warning message explaining the possible dangers of
downloading data, but do nothing to actually see whether the code is what it claims
to be. A more active approach must be taken to make the Internet a reliable medium
for distributing software.
ShopMate Internet Installation Security
So what should be done to secure the installation?
The deployment software must be digitally signed using Authenticode signing. Publisher
information based on the Authenticode signature will be displayed to the user in
the permissions dialog box during installation, to show the user that the application
originated from a trusted source and that the application has not been altered.
It is a cryptographic signature that consists of a public and private key; generally
issued by a certification authority (CA) that can vouch for its authenticity.
Digital certificates are a core component of the Microsoft Authenticode authentication
and security system. Authenticode is a standard part of the Windows operating system.
All ClickOnce applications, like ShopMate, must be signed with a digital certificate,
regardless of whether they participate in Trusted Application Deployment (CD, DVD)
or not. Without any digital certificate the application will not even compile.
So, we did that. We purchased a Digital Certificate (for big bucks mind you) from
a reputable certification authority (CA) and signed ShopMate and all of its components
(assemblies) with it. That got Softhard Solutions into the Microsoft's "Trusted Publishers List"
which is distributed into every windows system in the world.
But...
When the CLR (common language runtime - system) loads an assembly (component) which
has an Authenticode signature, it will always try to verify that signature. This
is in contrast to the Windows Installer loader, which will verify the signature
of a file only in specific instances, such as when the file is an ActiveX control.
This verification can be quite time intensive, since it can require hitting the
network several times to download up to date certificate revocation lists, trusted
publishers, and also to ensure that there is a full chain of valid certificates
on the way to a trusted root (CA).
So, when an Authenticode signature is applied to an assembly it's not unheard of
to see a large delay in the application and component startup while that assembly
is being loaded.
Well... This was totally unacceptable...
To fix these problems, we decided to go down the road of removing the certification
authority's digital signature certificate and, since all ClickOnce applications
must be digitally signed, creating and using our own, self signing certificate,
which does not do the above checking, only checks for tampering once, to return
the ShopMate and AzureMate applications and their assemblies loading performance back to "normal".
This was done with a cost...
The loss of being included in the Microsoft's "Trusted Publishers List" and,
therefore, relying on our customer users' trust of our website from where they install
the ShopMate application. Look at our website, we are partners with the
Google Search Engine.
Only reputable websites are allowed to publish Google adds. Google would not allow us to publish their
adds if we were not a reputable and trusted website. If Google trusts us - can you? Please read the above
independent audit, public description of softhard-solutions.com website.
The cost was too high...
During this period of not being included in the Microsoft's "Trusted Publishers List", all was ok
for a while and then, we slowly noticed a dive in our sales. This was due to Microsoft ever increasing
drive for safer web. People are more and more aware of dangers that the web presents. With this drive
they have meanwhile improved the Authenticode signature reading so now, when an Authenticode signature
is applied to an assembly it has no large delay in the application and component
startup while that assembly is being loaded.
So now we have gone back to digitally sign all our assemblies and components and
are included in the Microsoft's "Trusted Publishers List", which means downloading
from us is totally safe for you again.
So what happens when you press the Install ShopMate Database or AzureMate Application button?
For any ShopMate prerequisite you do not have installed on your machine, extra windows
security popup will ask you if you want to Save the file or Run it.
The publisher of these prerequisite files is usually Microsoft but it may not show
it. You only need to run it on your system to install it, if you do not have one
on your system yet, so press the Run button.
When you click Install ShopMate or AzureMate Application button the ShopMateSetup.exe installer
file is downloaded, for AzureMate the AzureMateSetup.exe installer file is downloaded.
Depending on your browser, most save the file in your user Downloads folder.
Safari Browser
In Safari you can choose to save or run the installer. Click Run button.
This will save the file and start the installation.
Firefox Browser
In Firefox you can choose to save installer. Click Save File button. This will save the file.
Chrome Browser
In Chrome the installer is saved. You may get a warning that this file is not commonly downloaded and may be
dangerous and shows Discard button. This happens after each new release of ShopMate and will disappear in time
since the installer file is digitally signed. In that case press the down arrow and click Keep button.
This will save the file.
Internet Explorer Browser
In Internet Explorer you can choose to save or run the installer. Press Run button. This will save the
file and start the installation.
If you have not clicked any Run button, after saving the file, navigate to it and run it by clicking or
double-clicking the file. This will start the installation. First any prerequisites are downloaded and
installed and then, finally, when the Windows Security asks you if you want to Install the
Application, click the Install button to start final installation.
The security pop-ups, if any, when you run the ShopMateSetup.exe (and the Prerequisites), is there for your
protection. Never run any executable (.exe) file you download unless it is digitally signed, it clearly shows
the publisher name if it is, or you know it is safe to run it. All our assemblies (.exe, .dll etc.) are
digitally signed. The Prerequisites are signed by Microsoft Corporation.
When the actual installation of ShopMate starts, windows
security pop-up, showing "Softhard Solutions" as the publisher, will ask you if you
want to Install the application or Do Not Install it.
The reason why it is showing "Softhard Solutions" as publisher" is explained above.
The ShopMate application is digitally signed with a reputable certification authority
(CA) certificate which signed ShopMate and all of its components (assemblies) with
it and, therefore, we are included in the Microsoft's "Trusted Publishers List".
The publisher of the ShopMate and AzureMate applications is us, Softhard Solutions and the application
is being downloaded and installed from our Google trusted website, so, go ahead,
push the Install the application button with trust that the application comes
from a good source, Softhard Solutions.
When ShopMate launches, follow the instructions carefully, especially when it comes
to entering of your Company Trading Name and all other business details.
I hope these instructions will help you understand a little more about what is going
on behind the scenes of
Downloading and Installing ShopMate
with Internet installation. If you have more questions please
contact us by e-mail.
Softhard Solutions ShopMate team...
See More Information On:
-
ShopMateWeb Online Cloud Based Business Database Application
-
ShopMate Desktop Automotive Database Software
-
ShopMate Desktop Modules Explained - Screen Shots
-
AzureMate Desktop Cloud Data Storage Explorer Software
-
Software Downloads and Installations
-
MotoShop Automotive Database Software
-
Accountancy - Accounting Theories
-
Ideas for Business - Business Tips
- Automobile History - Automotive Fuels