FYI -- Regarding the security settings of Window-Eyes, I posted this to gw-info earlier.
Thanks, Aaron -- Aaron Smith Web Development * App Development * Product Support Specialist Ai Squared * 725 Airport North Office Park, Fort Wayne, IN 46825 260-489-3671 * www.aisquared.com -----Original Message----- From: Aaron Smith [mailto:asm...@aisquared.com] Sent: Saturday, January 17, 2015 7:06 PM To: Felix G.; gw Subject: RE: app updates, is it safe now This is a good suggestion. I understand Chip's reservation, but there are solutions. If you develop your own apps and don't distribute them, you can create a self-signing certificate, and sign your own apps. Then they will fall under the category of signed, and run as normal. If you run third party apps, then you can tell the Security dialog to trust a particular publisher and particular apps. So you can trust the Ai Squared apps, and third party apps, while keeping untrusted apps from running. That's the whole reason why we came up with the security dialog in the first place. To run only trusted apps, use the App Security dialog. You can get to it from the App Manager dialog. Check the Show More Options check box, and then activate the Security button. Choose the Only Allow Trusted Apps radio button, select an app with a publisher of GW Micro, Inc. (our digital certificate still says GW Micro, Inc. because it hasn't expired yet -- when it does, and we renew it, it will say Ai Squared), and tab to the Publisher Trusted check box, and press your space bar. At that point, all apps that have been signed with the GW Micro, Inc. digital certificate will be trusted. That includes all of the apps that ship with Window-Eyes (minus one that's distributed by and for one of our European dealers). You can then select any third party app, tab to the App Trusted check box, and press your space bar. That will mark that app as being trusted. You can do that for all third party apps that you run. At that point, only trusted apps will run, and untrusted apps will not run. We didn't make this the default setting, because we wanted to run under the premise of innocent until proven guilty. We may re-think that in a future release. In addition, currently, all apps updates have been disabled. We will be moving to a manual verification process wherein all apps and app updates will need to be submitted to us, and they will only be allowed to become public when they have been verified by us. I'm personally saddened to have to do this. It's unfortunate that the action of one individual can adversely affect so many people. But we take security very seriously, and we want to keep everyone as safe as we're able to regarding our own products. I hope that's helpful. Thanks, Aaron -- Aaron Smith Web Development * App Development * Product Support Specialist Ai Squared * 725 Airport North Office Park, Fort Wayne, IN 46825 260-489-3671 * www.aisquared.com -----Original Message----- From: Felix G. [mailto:constantlyvaria...@gmail.com] Sent: Saturday, January 17, 2015 6:16 AM To: gw Subject: Re: app updates, is it safe now Hi, yes, Version 8.5.9 is good. To make sure only digitally signed apps will ever run, we can do the following: 1. In the Window-Eyes control Panel, go to Apps / App Management / App Manager. 2. Make sure the Checkbox "Show more Options" is checked. 3. Activate the "security" button. 4. Set the security Level to "allow only trusted apps." 5. In the list of apps, go to one from GW Micro. 6. Check the "Publisher trusted" Checkbox. (Repeat steps 5 and 6 for any other Publisher that you trust. Any other apps will not run.) 7. Activate the "OK" button. 8. Activate the "Close" button to Close App Manager. Now anything that hasn't been digitally signed by a trusted Publisher will not run. For example, this would have protected against the recent Problem. Kind regards, Felix Grützmacher If you reply to this message it will be delivered to the original sender only. If your reply would benefit others on the list and your message is related to GW Micro, then please consider sending your message to gw-i...@gwmicro.com so the entire list will receive it. GW-Info messages are archived at http://www.gwmicro.com/gwinfo. You can manage your list subscription at http://www.gwmicro.com/listserv. If you reply to this message it will be delivered to the original sender only. If your reply would benefit others on the list and your message is related to GW Micro, then please consider sending your message to gw-i...@gwmicro.com so the entire list will receive it. GW-Info messages are archived at http://www.gwmicro.com/gwinfo. You can manage your list subscription at http://www.gwmicro.com/listserv.
