1. Technical Field
This disclosure relates to distribution of digital content. More particularly, the present disclosure relates to protecting a software installation after certification.
2. Related Art
The conventional Microsoft Windows Installer (previously known as the Microsoft Installer) is an engine for the installation, maintenance, and removal of software on Microsoft Windows computer systems. The installation information, and often the files themselves, are packaged in installation packages, loosely relational databases structured as OLE (Object Linking and Embedding) Structured Storage Files and commonly known as “MSI files”, from their default file extension. The acronym MSI is derived from Microsoft Installation package.
During an installation process, the target system uses an executable file, sometimes called the bootstrap, to start the process of installing an MSI file. The bootstrap can facilitate the downloading and installing of the Windows Installer engine files. Then, the bootstrap can pass the necessary information to start the Windows Installer service and install an MSI package. The bootstrap may also contain the MSI files themselves, which can be extracted and run when the bootstrap is run. This allows the MSI and bootstrap to be carried together as a single file.
Typical computer system security procedures demand that some kind of validation be performed on the bootstrap and MSI files prior to installation. Un-validated installation files can damage a computer system on which they are installed. MSI validation rules are designed to prevent entries in the MSI database records that may be valid when examined individually, but that may cause incorrect behavior in the context of the entire MSI database.
It would be beneficial to be able to certify that MSI files meet certain pre-defined standards of validity. This is important because poorly created MSI files could affect the stability of a computer system and/or cause software conflicts with other software on the computer system. A certification process for MSI files could also be used to detect spyware, viruses, or other malware in an MSI package. Ideally, the MSI file certification could be performed by the software creator/publisher, without the need for a 3rd party vendor. This process would allow the software creator/publisher to quickly fix any certification errors and release their products to the market much faster. This process would also allow the software creator/publisher to certify multiple versions of their product without having to constantly go back to a 3rd party provider for verification/certification.
One problem with certifying an MSI file is that the MSI structure and process is an open standard. Anyone can open and edit an MSI database with freely available tools (e.g. Microsoft's Orca.exe). Thus, the MSI files and the related MSI certification rules used to validate those MSI files are vulnerable to unauthorized modification.
Thus, a computer-implemented system and method for protecting a software installation after certification are needed.