JMH
Emeritus, Contributor
- Apr 2, 2012
- 7,197
Microsoft Attack Surface Analyzer tests app's impact on OS security
- Thread starter JMH
- Start date
LilBambi
BSOD Kernel Dump Senior Analyst
Kosh Vorlon
Contributor
If I go to http://www.microsoft.com/en-us/download/details.aspx?id=24487 to get the download, when it completes, I get a message from the IE9 Download Manager that says it is unsafe. If you go to the folder and check the installation file properties, you discover that the certificate is not valid. If you try to import the certificate, it still sees it as not valid (though the information LOOKS valid). Is this something to be ignored, is it some kind of bug with IE9 or the certificate manager, or what? Anyone have any ideas?
Thanks!
Thanks!
Kosh Vorlon
Contributor
Bug confirmed by Microsoft - no info on fix. Workaround is to verify certificate validity on W7 or W8 machine and then safely ignore in Vista. Microsoft Attack Surface Analyzer V1 (just released a day or three ago) Download is deemed unsafe by IE9 - Certificate invalid - can't import fix.
Hi, Kosh.
It was recommended by MSFTSecurity, via Twitter that you try installing Attack Surface Analyzer again. See https://twitter.com/msftsecurity/status/238463366333603841. Please let me know how you make out so I can respond.
Thanks.
It was recommended by MSFTSecurity, via Twitter that you try installing Attack Surface Analyzer again. See https://twitter.com/msftsecurity/status/238463366333603841. Please let me know how you make out so I can respond.
Thanks.
Kosh Vorlon
Contributor
Hi Corrine,
Same problem - identical. The linked snips may help in terms of visualizing the problem, but other things exist like the certificate path leads to an additional path sub-segment where View Certificate is greyed out (I suspect it's missing). Also, the Advanced Cert info talks about V2 but the info in the Cert talks about V3 and I don't know why it's different - but I'll bet it's related.
https://skydrive.live.com/redir?resid=6C3DB03FFFF7E19F!427&authkey=!AHjzkH-r8K7x3mw
https://skydrive.live.com/redir?resid=6C3DB03FFFF7E19F!428&authkey=!AL1e4khLkbsyxQc
Thanks!
Kosh
P.S. I'll bet the Twitter responders didn't see the thread and the reply from MSFT in my prior post and are "assuming" based only on the report of having troubles that it's me and I somehow fixed my problem without realizing they've already acknowledged them and know it's on their end. Try giving them that link and the above links and say "no change."
Thanks for the follow-up. If I had a W7 or W8 machine handy, I'd test the download on it - but getting to one is not practical. Note this ONLY applies to Vista with IE9. W7 and W8 are apparently fine (or so they say). Suggesting I overlook a Certificate warning on a Microsoft application dedicated to improving security seems like a contradiction. They aren't seeing complaints because it's limited in Vista (view only) and I'll bet few if any people besides me have even tried the download using Vista SP2 and IE9. My guess is that the fix is not on the stove let alone the back-burner because the impact is too minimal and they're assuming it's just a reporting glitch and not a real problem so it's not worth the effort.
Same problem - identical. The linked snips may help in terms of visualizing the problem, but other things exist like the certificate path leads to an additional path sub-segment where View Certificate is greyed out (I suspect it's missing). Also, the Advanced Cert info talks about V2 but the info in the Cert talks about V3 and I don't know why it's different - but I'll bet it's related.
https://skydrive.live.com/redir?resid=6C3DB03FFFF7E19F!427&authkey=!AHjzkH-r8K7x3mw
https://skydrive.live.com/redir?resid=6C3DB03FFFF7E19F!428&authkey=!AL1e4khLkbsyxQc
Thanks!
Kosh
P.S. I'll bet the Twitter responders didn't see the thread and the reply from MSFT in my prior post and are "assuming" based only on the report of having troubles that it's me and I somehow fixed my problem without realizing they've already acknowledged them and know it's on their end. Try giving them that link and the above links and say "no change."
Thanks for the follow-up. If I had a W7 or W8 machine handy, I'd test the download on it - but getting to one is not practical. Note this ONLY applies to Vista with IE9. W7 and W8 are apparently fine (or so they say). Suggesting I overlook a Certificate warning on a Microsoft application dedicated to improving security seems like a contradiction. They aren't seeing complaints because it's limited in Vista (view only) and I'll bet few if any people besides me have even tried the download using Vista SP2 and IE9. My guess is that the fix is not on the stove let alone the back-burner because the impact is too minimal and they're assuming it's just a reporting glitch and not a real problem so it's not worth the effort.
Has Sysnative Forums helped you? Please consider donating to help us support the site!