|
#1
|
|||
|
|||
Possibly provide a checksum for the SuperDuper download?
Can Shirt-Pocket possibly provide a checksum, such as a SHA-1 digest, for the SuperDuper! download disk image file? This would be for individuals who want to verify the authenticity of the file, so that they can be reasonably sure the file was "not fooled around with" either on your server, or in-transit, or on their own computer. I notice Apple provides a SHA-1 digest for some support downloads.
|
#2
|
||||
|
||||
I'll see what I can do, Redd. In general, though, our users wouldn't have any idea how to use a checksum...
__________________
--Dave Nanian |
#3
|
|||
|
|||
Checksum...
The type of folks who have discovered and are considering SuperDuper! may be more knowledgeable than you think, but yes, not everyone would appreciate the value of a checksum. The fact that Apple supplies a SHA-1 digest for public downloads indicates they appreciate it, so maybe we should too. At least it appeals to me, as someone who has spent too many years using Winders, where the security vendors scare us into a spyware/malware mindset. Regarding the presentation of the info, here is a cut-and-paste example from an Apple update. Perhaps you could include the same references/links for the "About..." and "How to Verify..." to satisfy the educational and instructional requirements:
Security Update 2007-005 v1.1 (Universal) SHA1 Digest: SecUpd2007-005Univ.dmg= 539f872ac444dc707d73991a914c58ed32d51677 25490: "Mac OS X: About SHA-1 Digest and Software Downloads" http://www.info.apple.com/kbnum/n25490 75510: "Mac OS X: How to Verify a SHA-1 Digest" http://www.info.apple.com/kbnum/n75510 |
#4
|
||||
|
||||
I'll consider it, Redd. Thanks again for the suggestion.
__________________
--Dave Nanian |
#5
|
|||
|
|||
One thing that I never understood about providing a hash for software distribution verification is: If an attacker is able to gain access to the distribution servers and modify the application distribution, then doesn't it stand to reason that they could also replace the webpage or file that gives the hash sting with a modified hash of the altered distribution...?
What am I missing here? |
#6
|
||||
|
||||
You're absolutely right, Timmy: it's something I've wondered about myself.
__________________
--Dave Nanian |
#7
|
|||
|
|||
Checksum...
Posting the checksum might also require a note/disclaimer that this method provides a "reasonable" (or even a "high probability") means of verification, but is not a guarantee. I don't know that you could quantify the terms "reasonable" or "high probability", other than that they mean "better than nothing".
Any further steps would add to the Shirt-Pocket personnel task list. For example, they check their web site at least daily to verify the posted checksums. Or develop a process where the user optionally supplies his email address at the time of download; this will cause a checksum to be dynamically generated from the production library authentic copy of the file and sent to the user, bypassing problems from web page hacking. |
#8
|
|||
|
|||
ReddSmith, you mentioned having experience with Windows.
Is there an app like SuperDuper that you can recommend for copying an entire volume (Windows system files, application files, user files, etc.) SuperDuper lets us make a 'bootable' clone to an external drive which can actually be used to boot the system. Does this concept exist for XP/Vista? |
#9
|
|||
|
|||
Your question is a little off-topic from checksums, but for your info, I use Norton Ghost from Symantec Corporation. Among the many features is the ability to "copy a drive" (think "volume" in Mac terminology) which will create a bootable clone. One site from which you might start your Ghost education is http://nortonghost.radified.com/ . Now, I hope we won't be banned from the SuperDuper! board.
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SuperDuper! and massive download problems | Rasheed | General | 1 | 06-19-2007 04:58 PM |
SuperDuper stops in download | LingScot | General | 5 | 02-17-2007 02:45 PM |
A word of praise for SuperDuper! | MMM | General | 3 | 06-21-2006 10:08 PM |