InstallSite Blog

Video: Windows Installer and Application Compatibility

Microsoft's Channel 9 posted a video interview with Robert Flaming, program manager on the Windows Installer team. Robert talks about topics like User Account Control (UAC), chainers, restart manager, nested install custom actions, digitally signing setups and patches.

Watch the video or download as video or audio podcast:

• Application Compatibility - MSI Installer Issues

New Security Vulnerability in FLEXnet Connect

New reports about security vulnerabilities in Macrovision's FLEXnet Connect (formerly called InstallShield Update Service) have been published on January 15, 2007 2008. The vulnerability would enable an attacker to remotely run malicious code on a users machine. The following files are affected:

• isusweb.dll version 6.1.100.61372
• ISDM.exe version 6.1.100.61372

Other versions may also be affected.

Sample exploit code is available on the web.

Macrovision has not yet replied to my request for a confirmation of these reports. As a workaround you should set the kill bit for the affected ActiveX controls (see below articles for details).

Setups created with Macrovision's InstallShield often ship the FLEXnet Connect/Update Service client by default, even if the author isn't actually using it. I recommend that you review your setup packages and inform your customers, if your setup installed the vulnerable files on their machines.

• Secunia Advisory SA28496
• Secwatch.org Advisory SWID1020062
• SecurityFocus Bugtraq ID 27279

[edit 2008-02-25: corrected the date]

Suggest improvements for KB article about Windows Installer Error 1603

Microsoft is planning to improve knowledge base article 834484 which discusses Windows Installer error 1603 "A fatal error occurred during installation". Robert Flaming of the Windows Installer team requests suggestions for the new article. Please submit your feedback via the Windows Installer team blog.

VMware to acquire Thinstall

On January 15, 2008, VMware, Inc. announced plans to acquire Thinstall.

VMware is well known for its operating system virtualization products, both for desktops (VMware Workstation) and for servers.

Thinstall Virtualization suite is an application virtualization solution which is unique because it doesn't require a server or an agent installation on the client. Therefore it can also be used by ISVs as an alternative to setup programs.

More information:

• Announcement and FAQ from VMware/Thinstall (PDF)
• www.thinstall.com
• www.vmware.com
• Application Virtualization information at InstallSite.org

InstallShield Support for Visual Studio 2008, .NET Framework 3.5 and VC++ 9

Macrovision released updates for InstallShield 2008 to support integration with Visual Studio 2008 and redistribution of the .NET Framework 3.5 and VC++ 9 runtime files:

• HOTFIX: Beta Support for Visual Studio 2008
• UPDATE: InstallShield 2008 Basic MSI, InstallScript MSI, and Express Support for .NET Framework 3.5
• UPDATE: InstallShield 2008 Basic MSI, InstallScript MSI, and Express Support for Visual Studio 2008 Merge Modules

These updates are only available for InstallShield 2008, but not for previous versions (although the .NET 3.5 prerequisite and the VC++ merge modules may work with other InstallShield versions)