One last thing…
The phone rang in that way it has. “I’ve got a problem, Jon, maybe you can help?” This call was from a friend in the village. He’s a nice chap, but his follow-up statement of “the Wi-Fi doesn’t appear to be working” inspired an immediate sense of sadness and gloom, not helped by the follow-up of “could you pop round and take a look?” I did my very best to sound joyful whilst agreeing a time through gritted teeth. There was an upside, though – hopefully a beer or two at the pub.
I trundled round to his house and fired up my Dell rugged laptop, chosen for this task because the shoulder strap and waterproofing meant I wasn’t bothered if it started to spit with rain on the walk to and from his house. The main router was working fine, I soon established, so I enquired as to the problem.
“Ah, that’s in the shed,” came the reply, so we trudged off down the garden to the man cave. Here I found the utter delight of an aged 802.11ac Wi-Fi repeater from said unnamed company. It has an Ethernet port, so it allowed for a desktop computer to be used in the man cave, presumably for research purposes into how to correctly grow your tomato plants. Or, more likely, to watch football away from the family. There was, of course, a kettle in residence.
I decided the best thing to do was to download the configuration app for this extender. So I went to the website and downloaded the latest version. I ran the setup program, and was, shall we say, perplexed to discover that the installer wasn’t digitally signed. Being of a cautious nature, I checked my Dell carefully – I ran Windows Defender to see if anything unpleasant had landed on my disk. I ran some DNS lookup tests to ensure nothing was poisoning my download.
I continued onwards to run the application itself. To my delight, I found that this wasn’t digitally signed either. Muttering rude things under my breath, I did a hard reset of the extender and set it up again. After this, it was working as adequately as such a device can manage. We retired to the pub for a couple of pints of Doom Bar.
That part should have been a pleasant enough experience, but I couldn’t shake off the feeling of deep annoyance that a very well-known vendor is shipping out configuration tools that aren’t digitally signed. Sure, this is an older product, perhaps even end of life. But the configuration tool is there for the customer to download and use.
We have spent years trying to tell users that they should not just randomly click OK when presented with the Windows security dialog box. That this is the way by which malware gets into their computer, often from apps that have been compromised and then recirculated via a dodgy source. Or pushed to the user through a less than clean website.
And yet here we have an example of a big-name vendor that simply can’t be bothered to keep its estate of apps up to date. Which evidently has no meaningful process for auditing the app library, and keeping a proper check on what is public-facing.
I can just about accept an unsigned installer for a beta product, when the development is rushing to get a fix out to a particularly nasty issue. You know what you’re getting, it should be plastered in appropriate warnings and it’s acceptable in exceptional circumstances.
But there is too much of that rubbish out there, and it really is time that we called them out on it. Microsoft can’t ignore this, either: the warnings inside Windows simply aren’t strong enough. A casual user should not be able to install something unsigned just by clicking the OK button. Instead, there should be pages of red warning screens, followed by a final scream of “You really should not be doing this!” onscreen. In fact, just make it impossible to install unsigned applications on the platform.
The legacy and history of the personal computing platform is a joy to behold, and something we should treasure. In doing so, we must accept that for every shining example of good work, there’s some nastiness lurking in the shadows. However, the larger companies, with their billiondollar revenue streams, don’t get a free pass on this.
It’s time for such behaviour to be stamped out. I should be able to return a product to the manufacturer for a full-ticket refund in such a situation, on the grounds that it’s simply not fit for purpose. And for this to apply until the vendor stands up and formally says that this product isn’t supported, and pulls everything associated with it. Then companies might start to take lifecycles seriously.
Still, the Doom Bar was excellent. As always.
A casual user should not be able to install something unsigned just by clicking the OK button. There should be pages of red warning screens