The other day I unpacked my trusty HTA, I use to quickly check JavaScript snippets. It is very simple, but it also uses commdlg32 so that I can save and load these snipets to the local disk.
But to my surprise W8 does not let me use it. And judging by the error message W8 thinks that publisher is unknown. Regardless of the fact that publisher is (was) Microsoft itself. Although, admittedly long time ago.
So, what is the solution? I need to know how to view the publisher info on this file and then think of a solution. I assume I can fiddle with IE10 security tab, since HTA uses IE10 as a ActiveX control through its host, which is mshta.exe.
Ok then, here we go. Doing the proverbial “right click”, and then selecting “Properties” form the context menu , on the commdlg32.cab reveals few more details. First dialogue (the basic W8 file properties dialogue) , “Digital Signature” tab shows that signer was indeed one Microsoft Corporation. There is also a time stamp of signing from a distant past, almost from a primordial soup of computing, 19 August 1997, 17:35:29. Wow!
Of course there is the irresistible “Details” button which reveals the next dialogue. On top of which we can see “This digital signature is OK”. We can also see the name of the signer, no email is given and again this ancient signing time. Then there is this “Countersignatures” detail which after clicking through few more dialogues, reveals that Verisign was indeed a counter-signer it has never accepted any liability beside that and most crucially this favour to Microsoft , was limited in time and has expired 31 Dec 1999.
There you have it, It was indeed a genuine Microsoft signature, but the counter-signer aka issuing body, Merciless Verisign Inc. limited her role in time and thus left this little file in a security limbo. It is genuine Microsoft product but not endorsed by Verisign any more.
All previous Windows version actually did not mind this and this cab was perfectly useful and used. But not any more. Windows 8 is rejecting his ancestry. Apparently :)