Process Lasso v8.9.1.5-beta – Dual-signing, again

SHA1 and SHA2-256 digital code signing

SHA1 and SHA2-256 digital code signing

Shortly after the release of Process Lasso v8.9.1.4, we noticed that our binaries ended up with only the newer SHA2 signature. Now, for patched users of Vista and above, this was no problem, *except* for the fact that it appears a segment of the security industry does not yet recognize these SHA2 signatures and/or (also possible) our SHA1 digital signature has been white listed by many companies. If you got the first build, before our QA team caught it, then you may have received false positives, or see (in the case of XP) unsigned code warnings.

The net effect was that a short time after v8.9.1.4 was issued, we refreshed the build with SHA1 only signing (as before).

We have now issued v8.9.1.5 beta that again adds dual-signing, but correctly this time. Needless to say, we are now proceeding much less cavalier with this ‘simple’ change.

For users who had any trouble from their security software or unsigned code warnings with 8.9.1.4, you can simply download it again and install over-top. Your settings will be retained. Alternatively, you can now update to this beta. Most of you got the newer installer, so won’t have seen any troubles.

Small mistakes like this to keep us on our toes, and maybe that’s a good thing. The only difference between Bitsum and a larger company is that they wouldn’t publicly disclose this short-lived build mistake. It was, at least, non-critical for most all users who did get the early SHA2-only build.