A few corrections and security enhancements are included in DriveSort v1.230:
- Some code related to command line usage which was included in the previous versions by mistake has been removed because it's not finished yet. It was producing weird validation messages when trying to use it and did nothing, so no big loss there.
- The drive selection dialog now refreshes more consistently when a drive arrives or is removed, even when Windows doesn't send a WM_DEVICECHANGE message for it. I've noticed this happens when mounting and unmounting TrueCrypt volumes while testing but it may also apply to other devices, so the drive selection dialog now both polls the drive letter mask and listens to WM_DEVICECHANGE messages as long as it is displayed to detect these changes.
- The version update dialog now offers you a way to skip a specific version without having to disable the periodic version check if you don't want to be reminded about one particular version. When a new version is available, you can now choose to open the download page, ignore the new version, or decide later when the next version check occurs (yes / no / cancel). If you chose No, the next time you'll be notified will be about the version after that one and offered the same choice.
- The HTTP user agent which DriveSort uses when checking the latest version changed from "DriveSort Updater" to "DriveSort/1.230" to better respect the RFC. This doesn't change much as the current version was already present in the version check URL, but it looks better on the wire.
- DriveSort now attempts to enable the following Windows security features and exploit mitigation policies for its process when its running on a Windows version which support them: DEP, ASLR, Stack protection, Control flow guard, Terminate on heap corruption or invalid handle use, Disable non-system font load, Disable legacy extension points, Prefere loading DLLs from system32, Avoid loading DLLs from current directory. I haven't noticed any issue with these enabled on either Windows 10.1709 which supports them all or Windows XP SP3 which I think only supports DEP. If you notice any incompatibility with Windows versions in between please mention it to me and I'll see what I can do.
I've also signed the DriveSort executables with some certificates I've generated myself so the file integrity can be checked easily in the Windows file properties dialog / digital signatures tab, although Windows will complain about trust issues because my certificates haven't been issued by a certificate authority it trusts. I've applied both an SHA1 and a SHA256 signature so older and newer versions of Windows each have something they understand.
User Account Control will still display the same orange warning as before when there was no signature when asking for administrator rights (which are required because DriveSort needs full access to disks to do its job). The warning is perfectly normal because my self-signed certificates are not trusted to be mine by Windows as I haven't paid any reputable certificate authority to verify the fact, so the signatures offer very little additional trustable information by themselves as they could have been added by someone else to a modified executable using a certificate which looks like mine. I may eventually purchase a verified code signing certificate from a Windows approved certificate authority, though they're a bit pricey for a pet project. For now if you want to check that the signatures were indeed mine, my certificates both have f63a19f489360788049e2f7945ce4381ce644777 as subject key identifier, the SHA1 signing certificate has 8272dfdaf3af740c6ead49dfb08dcc92a74c43f1 as thumbprint and the SHA256 signing certificate has f73185df917d9ae5382db34a5ad0edaa0417ff20 as thumbprint.
While I was testing how the signatures behaved, I was a bit surprised to see that the Windows UAC prompt displays the same warning message for an untrusted
certificate whether the exe contents matches the signature or not though, I would have expected an invalid signature to trigger a red UAC error and prevent
execution as it makes little sense to try to run a corrupted executable file, whether it's the signature or the code which is wrong.
The message displayed in the digital signature properties dialog from the file properties is more informative, and clearly distinguishes both cases:
- When the signature certificate is not trusted but the signature matches the executable file contents.
- When the executable has been tampered with regardless of whether the signature is trusted.
I've also displayed an SHA1 digest above some download links to allow more users to verify their downloads. It is mostly intended for those who don't want to install GPG4Win to verify the digital signatures of the downloads with my GPG public key. An SHA1 digest can be computed by a variety of programs such as 7Zip, sha1sum.