Another Possible Workaround for Error 1330

When installing Visual Studio 2008, you might run into an error dialog that reads, Error 1330.A file that is required cannot be installed because the cabinet file D:\cab1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. The path and name of the cabinet may be different, but might often… Read more

How to Workaround Error 1330 During Visual Studio 2008 Installation

When installing Visual Studio 2008, you might run into an error dialog that reads, Error 1330.A file that is required cannot be installed because the cabinet file D:msdncab2.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. The path and name of the cabinet may be different, but might often… Read more

KB928365 for MS07-040 Leaves Some Managed Applications Sluggish

After installing Security Update KB928365 for the Microsoft .NET Framework 2.0 to fix MS07-040, some users are noticing some managed applications – especially those developed using the Windows Presentation Framework (WPF) – are running sluggish. The apparent problem is that native images, which are assemblies already compiled to native code, do not exist for all… Read more

Immediate Custom Actions Always Impersonate

Windows Installer is a client/server application. When you install a package using msiexec.exe – which is executed by default in response to shell verbs such as Install – or APIs like MsiInstallProduct the package is initially processed under the user’s credentials. This means, of course, that in over-the-shoulder elevation when administrative credentials are provided it’s… Read more

Impersonating the Right Token in Vista

In The NoImpersonate Bit Mistake, Robert Flaming of the Windows Installer team discusses how some custom actions may fail because they impersonate the non-privileged client token and won’t be able to perform some actions. Such a scenario is described in Custom Actions under UAC on Vista. For administrative users on Vista, a client token would… Read more

Potential Legal Risks with Unauthorized Wi-Fi Access

Bruce Schneier pointed out an interesting article that got me thinking and even made me laugh a little. From the article: Suppose you turn on your laptop while sitting at the kitchen table at home and respond “OK” to a prompt about accessing a nearby wireless Internet access point owned and operated by a neighbor…. Read more

Thawte Notary

I’m now a Thawte Web of Trust (WOT) notrary and am able to make assertions in person of your identity in order to get your own name on a free Thawte Freemail S/MIME certificate. This is a certificate that allows you to encrypt and sign email message using most email applications available. How does it… Read more

The Dangers of RunOnce and Run Registry Keys

A recent project I worked on was to replace functionality for part of our patching process that runs commands after reboot, a task not too uncommon for installers – most notably because files were in use when the installers ran. Typically when files are in use installers such as Windows Installer and many proprietary installers… Read more

Security Improved…then Destroyed

Michael Howard – our Sr. Security Program Manager here at Microsoft – blogs about how the improved security features in XP SP2 were effectively destroyed in an article in PC Magazine, “Making Windows XP Start Faster“, by turning off the Automatic Updates and Internet Connection Firewall (ICF) services. Great improvements have – and are still… Read more