How to Avoid Security Warnings for Our Access Application

[Rod Wright]

Background:
We developed a program to integrate a large amount of data for National Air
and Space Museum (NASM) volunteer use. The program works fine, but our users
are relatively unsophisticated volunteers. They get confused by the warnings
issued by Access when opening our program. Our users run at multiple Win2K
and XP machines and load our program and the data over the Smithsonian
intranet.

In Vista, the popup warning is:
----------------------------------------------------
Open File - Security Warning
Do you want to open this file?
Name: \\Server\Public\UHC_Frms.exe
Publisher: Unknown Publisher
Type: Microsoft Office Access MDE Database
From: \\SERVER\Public\BLAST\UHC_Frms.mee
| Open | | Cancel |
______________________________________
Note that the path shown above is when I'm testing on my home network, not
at NASM. Also, that warning was from Office 2007 but at NASM they are still
using Office 2003, so the dialog box is different.

Also, the error message is different under Office 2003 (and a lot more
confusing for users.) I'm not at NASM now, so I can't see the exact text of
how the error appears there. I'll post that tomorrow when I go there.


Question:
How can we avoid these warnings? Would it work for us to obtain and publish
a certificate for the program code? If so, does it need to be reissued each
time we make a change? (Since we have only been up and running for users
since January, the code is still being modified as we gain experience.) How
do we do that?

What do you recommend?

 

[Jesper]

You should definitely digitally sign the application no matter what. However,
that will not remove the warning. It just will have your (or your company's)
name in the dialog and won't say "Unknown Publisher."

Technically, there is a way to get rid of this warning, but it is there as a
warning to end users. If you remove it here, you would also remove it for all
other executables. That would put your users at significant risk. If you
programmatically remove that warning, you would be responsible for putting
them at significant risk; a responsibility that I am pretty sure you do not
want to accept.

Rather, I would suggest that you take the opportunity to educate your users.
Teach them that the warning is there so that they can assess whether they
want to accept the risk involved in opening applications off the Internet. In
this case, you have digitally signed the application so they can trace it to
you and have assurance that they are, in fact, opening a trusted application.
Anytime they get a dialog like this they should evaluate it and see if they
really want to accept that risk or not. If the publisher is unknown, they
have no way to tell who wrote the application, and should consider it a
higher risk.

 

[Jesper]

Garbage --- MS Word doesn't generate a warning everytime I start it.

Neither does Excel, Powerpoint, or Outlook.

MS Word, Excel, PowerPoint and Outlook are (a) not applications you download
and run from the Internet most of the time, (b) not applications that will
run potentially untrusted contect when you launch them. It is a completely
invalid analogy.

What does OP need to do so his
application doesn't generate a Vista warning at runtime.

One of us clearly misunderstood OP. My understanding was that the warning
was generated at run-time because the application was not installed. It was
downloaded as a stand-alone executable, not as an installer. If you wrap the
application in an installation file Vista will warn you when you execute the
installer, but not when you execute the application that is installed.

I may have misunderstood OP, but the warning that was in the original post
was perfectly consistent with the Mark of the Web. IE adds the Mark of the
Web to all downloaded files by setting a flag in an Alternate Data Stream.
The flag can be removed on a download by download basis by unchecking the box
for "Always ask before opening this file." However, OP seemed to want to
remove all such warnings for a particular file. Doing so is highly
inadvisable because it would remove the warning to the user that s/he is
about to execute arbitrary content.