I am new in windows logo test . I heard this process from my friend . I created a application which consist of some drivers . so I need to sign from Microsoft for trusted installations of my software . I heard the windows logo process for sign my driver through some test conducted by me and need to send this report back to windows . So I have some doubt to setup this process .
How to setup this process ? (how many system needed ? and which OS I should install for testing) and what are the requirements ?
I think there is a server and client machine (So 2 system is needed ?) . How to setup this system ? can you provide step by step tutorials ?
Your understanding is correct. The testing goes by a few names, WHQL, hardware certification, logo test, etc. Just to give a few more keys words to google.
Microsoft outlines the steps that you need to take https://msdn.microsoft.com/en-us/windows/hardware/hh833792. Honestly, the process is not that bad all things considered:
Buy a code signing certificate. Microsoft lists who they support and there are plenty of discussions on the OSR forums that discuss signing requirements in great detail. We use Digitcert and have no issue. I recommend reading up on this article to make your life easier: http://www.davidegrayson.com/signing/. The whole cross-certificate detail is glossed over in the Microsoft docs.
Setup your company in the hardware dashboard. Pretty straightforward here; just follow the directions for uploading your code cert. Sign all the legal stuff and setup any other developers on your team if they need access.
Install the HCK. We bought the MSDN OS pack ($800 USD) just for the WHQL and it has been awesome. I used Server 2012 to run as the HCK server and installed it as a virtual machine on a pretty beefy PC. Runs great, no problems installing it, and configuration is intuitive. More details are here: https://msdn.microsoft.com/en-us/windows/hardware/jj123537.aspx
Configure your test PCs. I used a mix of VMs and physical PCs for this part. Going through the provisioning process is automated for the most part. I recommend taking VM snapshots once completed in case something goes south during testing.
The HCK server walks you through the tests you need to perform depending on the type of driver you are testing. For example, we are working on a printer so all of our testing involved printing.
We tested against XP SP3 all the way through Windows 8.1, both 32 and 64 bit though your needs may differ. We needed the driver in Windows update, not necessarily the hardware logo. Once completed we simply uploaded the passing report through the hardware dashboard and that was that.
It seems like a huge task but it is not the worst thing in the world so keep at it you will get it done!
Related
Microsoft SmartScreen, well-known for its message:
Windows Defender SmartScreen prevented an unrecognized app from starting
is useful for end users to avoid malware, but can also harm indie developers because when they distribute binaries: the end users see frightening messages, and that is a problem for the developer's reputation (see someone's comment "My customers often think that I am purveying a virus, malware or something illegitimate and they tell their friends and I lose sales"):
Smart-Screen filter still complains, despite I signed the executable, why?
Even with a paid certificate, if software-release1.0.1.exe is finally whitelisted, when you release software-release1.0.2.exe update, the messages will come again:
Transferring Microsoft SmartScreen reputation to renewed certificate
The only solution seems to be Extended "EV code signing" which can be 300-500$ per year (this fixed fee makes the tax % higher for small indie developers).
Question: is there a way to get a .exe whitelisted immediately (or a few days) for all users - and not only on my own computer - by submitting it to Microsoft for analysis?
I have seen this link: https://www.microsoft.com/en-us/wdsi/filesubmission, has someone been able to use it successfully to avoid further SmartScreen alerts? (it seems that no).
Are there other methods? Such as automatically deploying 100 VMs via an automated script, and let each VM download and install the .exe automatically? But this would probably be from the same IP, then Microsoft will probably increase the reputation counter by +1 instead of +100?
As you said in your question, the first solution for having trusted software is code signing with EV certificate But, another tricky solution is increasing reputation of your software. As Microsoft said here :
Reputation-based URL and app protection
If a URL, a file, an app, or a certificate has an established
reputation, users won't see any warnings. If, however, there's no
reputation, the item is marked as a higher risk and presents a warning
to the user.
So in the last paragraph of your question, you mentioned about creating mass docker containers or virtual machines for increasing trust and reputation. I complete it with a solution for same IP address in each VM or container.
The solution is using TOR as a proxy in all of your VM's or containers.
With using tor you can create proxy which is connected inside TOR network and hide your real IP address in your virtual machines or containers. Tor is free for use and you can connect your nodes to it's network as many as you want and change your IP address frequently. Also it is better to have different version of windows in some of your VM's. Remember before that you must submit your software for malware analysis,
If anyone can help us I would be very grateful!
Every week we have multiple pc's to distribute to new clients. The machines have to be heavily customised with quite a few specifics:
Removal of most extra "spam" apps - Dell, Asus, Acer add icons we don't want.
Change desktop background
Add 2 specific user accounts, one of which is named according to machine name.
Set 2 specific passwords on the new accounts - site specific
Set Custom icons for each login
The machines are never setup for a domain, so Active Directory technologies can't be easily applied.
The volume and budget is such that the machines are not usually business class devices and we are not setup for any of the technologies used by much larger IT companies like group policy driven MSI updates etc.
Our current process is Donkey powered. On windows 7, deploying a new machine, fully installed with our software will take up to an hour if SQL Server is put on it or 55 mins if not. This is a totally manual endeavour that I'm itching to reform. As the machine make/model changes month on month, I can't rely on what will be installed.
I've looked at Ghost, but it won't work as each machine has it's own specific license key-rather than volumne license.
This process has been bugging me for a long time but it's not been my own department to sort out; however, having worked in schools where I could deploy software packages en masse, I can't believe my colleagues when they say this is the only way to do this job.
Can anyone help? We've done the google dance quite a lot with Windows 7 to solve this and now with Windows 8 but nothing quite fits what we do.
If this is NOT the place for this question, apologies-I did look for a Stack site thats more OS specific but didn't see one! :).
Thanks for any advice offered!
This is not an easy task. I can only give you a high level overview.
Look for the Microsoft tool SYSPREP - with it you can reset a machine you have previously installed with all the software and drivers you require to a state where it boots running a "mini-setup" including driver discovery.
Example:
Sysprep /oobe /generalize /shutdown
The programs remain installed. Shutdown the PC after sysprep ran and take an image using Ghost or any other imaging tool of your choice.
Note:
All essential hardware drivers such as chipset, harddisk, cpu etc. for the target hardware need to be registered using PNPUTIL before you are using SYSPREP, otherwise the prepared and applied image boots into a bluescreen on the target PC. Registering more drivers than you need does not harm as Windows detects the hardware and only installs the drivers it needs.
Simply put all driver packages in C:\drivers, then run the following command in a command window to register them for plug and play (note that using -a -i installs them, but here you need just -a, which advertises them). It will run recursively through all directories where *.inf files are contained:
for /f "tokens=*" %i in ('dir /b /s "C:\drivers\*.inf"') do pnputil -a %i
Hint: If you put this command in a batch file, you need to use %%i instead of %i.
You have to activate windows after the "mini-setup" ran if the firmware does not contain a windows key installed by the vendor. Regarding Windows activation, I found at least some information, however not in too much detail here.
This is how hardware vendors are preparing their PCs.
You can find a lot of information about it at Microsofts TechNet sites,
check this out: Deliver and deploy Windows 8
I hope this helps.
We're building a plug-in for Outlook that should work on multiple Windows versions (XP, Vista, 7) and also with different Outlook versions (2003, 2007, 2010).
The testing problem I am facing right now, is that I can't figure out a good/convenient/thorough way to test the application on multiple Windows and Outlook versions.
At the moment, I have a VirtualBox which runs many virtual machines, with different Windows versions and Outlook versions. So I would have a virtual machine with Windows 7 testing Outlook 2010, and another one with Windows 7 testing Outlook 2007, Windows Vista with Outlook 2010 and so on, going through some of the possible combinations. It kind of gets the job done, although it is cumbersome and takes a long time to test.
Some of the testing included in the application is unit testing, but this is also rather tied in with the machine I test it on (windows 7 with outlook 2010). For example, I was using ManagementObject recently, which worked fine on my system (and thus passed the unit test for that method), however, using that object threw an exception in another person's system, which crashed the application.
I work on Visual Studio 2010 Ultimate.
The questions: Is there a more elegant way to make the testing process more streamline and more efficient? Any other testing methods you recommend? How would you deal with this problem?
Thanks! Looking forward to your replies.
I've worked on similar situations (in my case is to test 20 different languages of Windows). The basic idea is the same: each virtual machine maps to a specific condition that you need to test.
The cumbersome part comes from inappropriate tool usage. AFAIK, there are several ways to achieve automation (to a certain degree):
Use VMWare ESX which supports nice scripting. It costs a little fortune unfortunately.
Use some screen record/replay tools to automate what you are doing by hand right now. There are quite a few on the market and the price difference is huge. Only you can tell what fits you best.
VirtualBox can be reverted via command-line. Therefore, if you can setup a bunch of machines hosting VBox, each configured to revert VBox during reboot, and each guest image is scripted to load your test, then the problem is to reboot these machines as you wish. This is an easier problem since there are quite a few ways to reboot machine remotely.
I know that I can code on one machine and have it build on a different machine (ie. a build server). Now I have also heard that you can have visual studio run a build on a virtual machine (i think it requires Virtual PC). Now my question is if anyone has been able to code on machine A, have it compile on machine B and run a debugging sesion on machine C?
This is pretty common in enterprise development and just about the de facto standard way of doing things.
Typically, a dev works locally. Once s/he is happy with their changes, they'll check it into a source control system.
From that point there are a couple of options ranging from automated building to having someone push the button to cause the remote build.
Once the build is complete there are a host of options available for deploying the app to one or more other servers. And yet other options for kicking off automated test suites.
Concerning remote debugging, you can do that independently of whether you are using a build/deployment/automated testing. It's just a matter of getting the right stuff installed and configured (see ho1's answer for a link).
All of that said, I highly recommend you never enable remote debugging on a production server. Some people might disagree with me but I personally think it's dangerous for security reasons and can certainly lead to site outages.
Finally, the only reasons you would need a virtual machine is if the servers aren't available or if you just want to sandbox everything.
You can do remote debugging, so if you had an automated process to copy the compiled code from B to C, I suppose you could do what you're asking.
See this MSDN article for more details: How to: Set Up Remote Debugging
Let's say I am developing a program that needs a bit more power than a netbook can provide and I have a good computer at home connected to the internet.
Is there any easy way to code in the netbook while I'm not at home and then when building, making it go and run on the computer at home?
I know running programs on other computers isn't a problem, but I'd like to know if it is possible to have an easy experience (it's still possible to debug, etc).
Thanks
It is definitely possible for Java code and Eclipse. But there are issues as well.
It helps a great deal if you have a fixed IP.
You need to open up ports on your firewall to be able to
copy your code into your PC
remote debug and upload your application
The last step will create issues with security that you need to address. I use ssh and public/private key to secure my connections.
In general, what you are asking is not much different to releasing a code to a server and debugging it. And normally servers sit somewhere on the internet or cloud.