| ||
|
This community works best when people use their real names. Please register for a free account. Links:
» Joel on Software discussion Movie:"Make Better Software" is a 6 movie course designed to help you as you grow from a micro-ISV to a large software company. Moderators:
Eric Sink
Bob Walsh |
The whole process is very badly documented and thought out. I have corresponded with a couple of other mISV who agree, so it isn't just me being thick. -You have to buy a $99 verisign cert, but they state that you are not allowed to use it to sign your app/installer, what a rip-off. -The Winqual and Partner websites give me "certified by unknown authority" warnings. -The Winqual website doesn't work at all in FireFox. -There is a complete lack of clear guidance about what you need to do next at each stage. -The documentation is very poor, with broken links and much of it completely out of date (i.e. "more information will be available in 2006"). -It took me about an hour of rummaging around on the Winqual site and an email to tech support to work out that you can 'sign' the legal documents online (you have to tick a permissions checkbox on a separate page and do a few refreshes). -You have to download a signing tool. Its in a zip file with a password. They don't tell you what the password is! Luckily I already had singcode.exe installed. -I get an entry into Windows marketplace, but it turns out I already had one without. Gah! -The "works with vista" logo is really ugly. Even now I am not sure whether I am entitled to use the logo or whether I have some more badly design and poorly documented hoops to jump through. I really wish I hadn't bothered. You have been warned. (I am staying anonymous, in case they take away the ugly logo that took so much grief to get! Also I don't anyone asking me for help - the sooner I forget about it the better.)
Anonymous coward Tuesday, March 20, 2007
See: http://www.codinghorror.com/blog/archives/000818.html Much cheaper and more straightforward procedure.
Codger Tuesday, March 20, 2007
I took the Certified For Windows logo path. The problems are encountered are listed below: 1) I tried to collect my VeriSign certificate using Windows Vista. VeriSign told me their website has issues with Vista and I should start the whole process again using Windows XP. This was annoying as the process requires manual intervention and it took a couple of days to get hold of one of their customer service representatives. 2) My application failed the VeriTest testing on 3 very minor points that were the fault of Visual Studio 2005 Professional producing installers that don't meet Microsoft's own requirements. It took me a couple of all night sesssions to find out how to modify my code and project settings to meet the requirements. Nothing was documented properly. I had to fish around in forum posts and rely on my own experience. Because my application failed first time around, I had to cough up 500 USD. Microsoft won't pay for all the testing if you fail first time around. So all in all, VeriTest are hanging on to 1500 USD of my money for a whole month. In a month's time I will get 1000 USD refunded. The thing is a rip-off. 1000 USD of Microsoft's money should pay for all the testing. There is no real need to rip off 500 USD for 3 very small points where my application failed. Actual functionality was never affected. The failures were in academic areas which don't seem to matter. 3) Microsoft's Marketplace tools are not working at the moment so my application can't get preferential treatment in Windows marketplace.
CertifiedForWindowsLogo  Tuesday, March 20, 2007
Someone should feed this back to Microsoft. The whole process should be simpler, and to be penalised for issues with Microsoft's own compiler seems rather unfair. At the end of the day the more apps that are tested and certified the better it is for Microsoft. Maybe Michael will see this and feed back. I also found the works with vista process rather clunky. I'd forgotten until I read the last post but I had the same issue with the Verisign cert. As I was running Vista, I had to fire up XP in Virtual PC to obtain it as Verisign's site was incompatible with Vista. So to get a cert to verify my app for Vista I had to use XP! Next issue was I didn't seem to have a password for the winqual site. So I clicked the "forgot password" link and received an email. The email told me to log in and then select the account management link so that I could change my password. Come again? I have to log in with my password, to change my password. Rrright. So I had to resort to emailing the winqual people and waiting for a manual response. After that it all went ok, but it wasn't exactly an intuitive process, and I know others who were foxed by the process and terminology also.
>Someone should feed this back to Microsoft. Part of the reason I posted here is that I hope someone from MS notices. I also just felt like having a bit of a rant. I feel a bit better now. ;0)
Anonymous coward Wednesday, March 21, 2007
So you have to buy a Verisign certificate as part of the "Works with Vista" program. Then you have to buy another certificate to sign your app/installer. And then you run smack bang into this: http://www.tweak-uac.com/the-first-bug-in-vista-uac/ Now throw in the complete shambles that is per-user installation - for example, no official location for per-user app code (yup, they recommend you install to Program Files even for standard-user installs where the user has no permission to write to Program Files). And add the extra spice of Vista automatically asking for elevation of all setup/installation programs. Then combine some strange ramblings from the much respected Mark Russinovich, trying to claim that because no security boundary is breached, potential avenues of attack around ILs and elevations can never be security bugs: http://blogs.technet.com/markrussinovich/archive/2007/02/12/638372.aspx The final result is that MS have shot themselves in the foot via a very precious object indeed. How can sophisticated ISVs take Windows security seriously when MS seems to be so confused about it?
Someone from Microsoft is listening...me. I'm trying to find the proper person to give this feedback to who can actually do something about it. Please contact me directly by email so I can get further information from you.
Michael, I am delighted someone at MS is listening, but I am not sure I have really got much to add to the above. Just try 'eating your dogfood' - get some of your own developers (who don't work in this area) to apply for the logo and have some of your useability experts watch their pain. It should soon become obvious how broken the website/tools/documentation/process is.
Anonymous coward Thursday, March 22, 2007
Michael, I would also like to know: -the digital cert I use to sign my app is good enough for Windows, why do I need to buy another one for Winqual? -having shelled out $99 for a new certificate, why can't I use that to sign my app/installer? It really feels like we are being ripped off and I know that I am not the only developer that resents it.
Anonymous coward Thursday, March 22, 2007 | |
Other recent topics
Powered by FogBugz