Boost logo

Boost Users :

Subject: Re: [Boost-users] Is it safe to download boost_1_67_0-msvc-14.1-64.exe?
From: Gavin Lambert (gavinl_at_[hidden])
Date: 2018-06-28 06:12:45


A little while earlier, quoth I:
> Mere moments ago, quoth I:
>> The Right Wayâ„¢ to handle this case for the layperson is to
>> authenticode-sign the exe file, such that when you try to run it,
>> Windows will verify the signature and tell you who it was signed by.
>
> Also note that Windows normally only does this when apps request admin
> permission.  Which is common but not mandatory for installers; I'm not
> sure which way these ones happen to be set up (since I couldn't download
> them).
>
> You can verify certificates on non-admin exes as well but you have to
> think to do this yourself; it won't happen automatically on launch.

Chrome finally decided to finish scanning, so for the record, they
appear to be non-signed and non-admin (so even if they were signed they
wouldn't be automatically verified).

Signing them anyway probably still wouldn't be a bad idea, although that
depends whether whoever prepares these has access to a valid
Authenticode key with a name that wouldn't pose additional confusion.


Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net