InstallSite Blog

Security patch for FLEXnet Connect

Today, Macrovision Corp. notified customers of FLEXnet Connect® (formerly called InstallShield Update Service) of a security vulnerability in the FLEXnet Connect client version 6.0. Customers using the FLEXnet Connect functionality that is bundled with some editions of InstallShield and AdminStudio are also affected. The problem only exists in the Windows client, not the Universal client. Also, version 6.1 is not affected.

Macrovision has released a patch to fix the vulnerability. If you are using FLEXnet connect and distributed the client to your customers, you need to take action as soon as possible. After updating the Connect SDK on your development machine you have to create an update for your application setup and ship it to your customers in order to update the Connect client on their machines.

Macrovision knowledge base articles:

• Q113020
• Q113602

Side note: End users can't update the client dircetly from Macrovision because it was installed by your setup as a merge module. This servicing limitation is making merge modules less popular these days, see Rule 43 in the Tao of the Windows Installer.

Weird MSI problems on Vista caused by InstallShield bug

Recently, I've seen posts about some problems that really sounded weird to me. From the forum posts I was unable to tell what the setup authors might have done wrong. Here are some of the symptoms that have been reported in setup communities:

• After a Major Upgrade, you have two entries in Add/Remove Programs control panel.
• Error message "1: ALLUSERS property is not 1 - this MSM cannot be used for a per-user or fallback-to-per-user install" during installation, although ALLUERS had been set to 1.

When attempting to uninstall the application you may also see the following error messages:

• "Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel." (Windows Installer error code 1638)
• "This action is only valid for products that are installed". (Windows Installer error code 1605)

As it turns out, this can be caused by a problem in InstallShield 2008. If a Basic MSI setup includes a custom action written in InstallScript, the script engine changes the value of the ALLUSERS property.

Macrovision has released a hotfix to address this problem, and also documented some workarounds:

• HOTFIX: InstallScript Initialization Code Modifying ALLUSERS Property

Application Virtualization

Applicaton virtualization aims to combine the best of both worlds: the efficiency of locally installed software and the convenience of virtual machines. While the techology has been around for quite some time, it was almost unnoticed. But recently the market is evolving, and you can read about company acquisitions and strategic partnerships frequently.

Application virtualization works by placing an application in a "semi-transparent petri-dish". The application runs on the local operating system, but its access to the file system and registry gets filtered and redirected to a virtual store on a case-by-case basis. This means that the program can load system DLLs from the real machine, but if it requests a DLL that's specific to the virtualized application, this read access is redirected to the virtual file system. The same is true for registry access.

Benefits compared to operating system virtualization:

• No need to include the whole operating system in the package, thus saving space and avoiding licensing hassles.
• Application has physical access to devices like printers, USB ports or the graphics card, resulting in higher performance.

Benefits compared to local software installation:

• No need to put application specific DLLs and registry entries (like COM registration) on the real machine. Thus no installation program is required, and the application can be easily removed without traces.
• Applications can run from removable media like a CD-ROM or a USB memory stick.

There are various application virtualization solutions available. Some require a client or a server, others are self contained. Streaming support, network bandwidth usage and application startup times are also quite different, as discussed recently in an InfoWorld article.

A related trend is to combine virtualization and Windows Installer (MSI): Microsoft offers a utility which wraps a SoftGrid virtualized application in a .msi file to make it easily deployable with existing systems like SMS. Macrovision's AdminStudio can repackage applications as .msi file or for Citrix Presentation Server, or convert MSI packages to Citrix virtual profiles.

This is part three of my series about virtualization technologies. Here are links to all parts (will be updated when additional articles are published):

• Virtualization Technologies Overview
• Operating System Virtualization
• Application Virtualization (this article)

AdminStudio and Thinstall are available in the InstallSite Shop

IE 7 Re-Release, Administration Kit (IEAK7) now creates MSI files

Microsoft today released a new build of Internet Explorer 7, an Installation and Availability update (IAU) and a new Internet Explorer Administration Kit (IEAK).

Using the IEAK, IT administrators can tailor IE to their organization’s needs and deploy the package to relevant units within their organization. The new IEAK now generates a .MSI file for easier deployment via Group Policy or Systems Management Server (SMS).

Other changes include: WGA validation has been removed, so that IE7 can be installed on non-genuine copies of Windows, too. Microsoft says they did this to help "protect the entire Windows ecosystem" by enabling everyone to use security enhancements like the built-in phishing filter and support for Extended Validation SSL Certificates (which turns the whole address bar green when you log into sites like eBay). To enhance usability, the menu bar is now visible by default.

The new IE build is available for Windows XPSP2, x64 Server and Windows Server 2003, there's no update for Windows Vista.

Update (October 5): Christopher Painter found out that the IEAK just creates an MSI wrapper.