Comments
2 comments
-
Hi Rene,
The executable that Windows is warning you about isn't downloaded. It's actually embedded in reflector.exe itself and extracted at runtime to allow Reflector to update itself once it's downloaded the new zip file.
I agree that it's an annoyance that the updater exe isn't signed, and one that we should definitely fix, however reflector.exe itself is signed, as is the zip file that you (or Reflector) downloads from the website. This means that if the updater exe was modified it would break the signature on reflector.exe and therefore I think it's a bit strong to suggest that we don't care about protecting our customers.
I hope this information is helpful. We will try to get it fixed in the near future.
Many thanks,
Bart -
Hi again,
Having consulted one of the other devs here it turns out we've already fixed this in .NET Reflector 6.5 but obviously you wouldn't have seen that when upgrading from an earlier version because the updater exe is extracted from whatever version you're currently running. Anyway, what I can say is that next time you update, either manually or automatically, you should no longer see this warning.
I hope that helps.
Thanks,
Bart
Add comment
Please sign in to leave a comment.
Perhaps I am wrong (I should have taken a closer look) but I don’t think that the update exe was singed, if I am correct about the update exe not being singed then that just shows how little you guys care about protecting your customers. If I am wrong and the update exe is indeed signed then disregard this email.
I don’t care if the exe is being downloaded from your site, there is absolutely no reason why not to sign an exe no matter what that exe does.