Windows ODBC driver 7.0.9 not signed

IngoM2
Contributor

Hi,

it appears that the ODBC Driver EXASOL_ODBC-7.0.9-x86_64.msi is not properly signed, and Windows Defender will prevent installation. Can someone have a look into this?

On Windows devices that have their security policy managed by the organization, you are not even able to bypass the Warning so people are not able to use tools such Tableau Desktop. 

IngoM2_0-1619006790251.png

 

1 ACCEPTED SOLUTION

exa-ChristianK
Team Exasol
Team Exasol

Windows 7.0.9 ODBC drivers are now reuploaded and signed

View solution in original post

8 REPLIES 8

exa-ChristianK
Team Exasol
Team Exasol

Windows 7.0.9 ODBC drivers are now reuploaded and signed

View solution in original post

IngoM2
Contributor

Hmm, I just downloaded this file

260b80b059255015f24c6ea132dbe880  EXASOL_ODBC-7.0.9-x86_64.msi

from https://www.exasol.com/portal/display/DOWNLOAD/Version+7.0.9  and I still get the Windows warning that the driver is not signed...

exa-ChristianK
Team Exasol
Team Exasol

I think there is a difference. Because when you click on it it now has a digital signature. Need to check it on monday. Maybe they sent us the wrong signature. Usually a app needs to gain a reputation. But right now you can at least trust that it is from Exasol AG as it is shown now instead of unknown publisher.

"There are two solutions: either wait till the application has a large user base and its reputation will be adjusted by the Smart Screen. However, the current working status might prevent users from installing and trusting the application. The second option is to sign it with an EV (Extended Validation) code signing certificate. Applications signed with an EV certificate establishes its reputation right away. To quote Microsoft:

Programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher."

exa-ChristianK
Team Exasol
Team Exasol

So I digged a bit more into it, we definetly had the same type of certificate before the new one. We do not have a EV certificate which would require that they are shipped on YubiKey FIPS USB tokens.

@IngoM2 you said you get a warning it is not signed, but when you right click on it I can see a signature, don't you? You should get the blue window which is normal but it shows that it is signed by Exasol AG.

"The fact that Windows asks for permission to install is normal. If the installer is signed, you get a blue window. If it is not signed, you get a yellow window with a warning."
If that is hindering in daily businey one can also trust a provider and then it should go away. But I think that can only be done by an admin.

IngoM2
Contributor

Hello @exa-ChristianK , yes the file is signed by Exasol AG by Sectigo RSA.

However, Windows Smart Screen will still throw up a warning, and you have to explicitly bybass it to proceed with the install.

That's not a problem if it's your own machine, but basically in all corporate environments the device is managed by IT - and there it is not possible to bypass the warning. I am currently at a client where the Tableau developers cannot install the Exasol ODBC drivers and bypass the Windoes Smart Screen,, even if they have a local Windows admin account.

Using JDBC is a doable workaround, but it's it's a bit more difficult and technical to set up in Tableau which only support Generic JDBC connections. Non-technical users struggle with JDBC-connect strings..  They just prefer to pick "Exasol" from the list of data sources and be done with with, but that requires ODBC.

 

exa-ChristianK
Team Exasol
Team Exasol

Hi,

it is indeed not signed. We will upload a new signed driver as soon as possbile. (our certificate just expired and I missed it).

exa-ChristianK
Team Exasol
Team Exasol

The signing provider is a bit unresponsive right now but we are on it. Will take a couple more days.

jens_areto
SQL-Fighter

Hey Ingo,

 

is it working now? I tried the same today and I got the same screen like you share here when I open the downloaded file via Browser. If I close the Browser after downloading and then open the installer inside the downloads folder it worked. Could be that they already fixed it.

 

Best regards

Jens