738733 - [TB] Updater.exe: Need to improve UX of win7 user account control security confirmation dialogue when updating TB

Status: RESOLVED WORKSFORME

(Thunderbird :: Installer, defect)

Description

[Thomas D. (:thomas8)]

Attachment: Screenshot 1: Win7-UAC: TB's untrustworthy update confirmation dialogue (default)

STR

1a) on Win7: TB > Help > About > Update (tested for EarlyBird)
2a) observe TB UX of Win7 User Account control (UAC) security confirmation dialogue in terms of "trustworthiness"

And for comparison:
1b on Win7: FF > Help > About > Update
2b observe FF UX of Win7 User Account control (UAC) security confirmation dialogue in terms of "trustworthiness"

Actual result

2a) TB UAC dialogue UX is that of an untrusted application, and user cannot even find the name of our product nor the publisher's name on the dialogue - basically, it could be any program trying to do bad things on my computer (see Screenshot 1 attached):

[User Account Control]
(!) Do you want to allow the following program of unknown origin to make changes to this computer?     (exclamation mark icon on yellow background, read: Warning! This is untrusted and potentially harmful stuff!)

Program name: updater.exe     (updater of what???)
Publisher: Unknown            (not exactly a certificate of trust; I'm not sure what this is about and if it's safe to proceed)

2b) For comparison, FF (tested on beta channel) does the right thing:
FF UAC dialogue UX is that of a trusted application, and user can find both the full name of their product and the publisher's name on the dialogue:

[User Account Control]
(?) Do you want to allow the following program to make changes to this computer?                          (Question mark icon on blue background, read: This is trusted content from verified origin, it's safe to go ahead)

Program name: Firefox Software Updater     (yes, I know that one)
Verified Publisher: Mozilla Corporation    (and it comes with a certificate of trust, so I feel confident to proceed)

Expected result

In the same manner as FF (see 2b), TB's updater.exe should ensure that updating TB on Win7 creates the UX of a trusted application (see Screenshot 2, attached in my next comment):

[User Account Control]
(?) Do you want to allow the following program to make changes to this computer?                          (Question mark icon on blue background, read: This is trusted content from verified origin, it's safe to go ahead)

Program name: Thunderbird Software Updater     (yes, I know that one)
Verified Publisher: Mozilla Corporation    (and it comes with a certificate of trust, so I feel confident to proceed)

Ideally, use DailyBird, EarlyBird, Thunderbird Beta as applicable in the program name string, followed by "Software Updater".

Comment 1

[Thomas D. (:thomas8)]

Attachment: Screenshot 2: Win7-UAC: FF's trustworthy update confirmation dialogue (default)

(In reply to Thomas D. from comment #0)
> 2b) For comparison, FF (tested on beta channel) does the right thing:
> FF UAC dialogue UX is that of a trusted application, and user can find both
> the full name of their product and the publisher's name on the dialogue:

See attached screenshot of updating Firefox. This bug requests that Thunderbird updater should look like this.

Comment 2

[Thomas D. (:thomas8)]

Can somebody confirm for TB *release channel* on Win7 if you get the untrusted confirmation dialogue of attachment 608790 [details], too?

Comment 3

[Ludovic Hirlimann [:Usul]]

It looks like something goes wrong as this is unsigned software. I didn't notice this on latest beta testing. I'm not sure we are signing nightlies and maybe firfox is.

Comment 4

[Mark Banner (:standard8)]

We just haven't picked up signing yet for nightly or earlybird. Not sure when that's coming, but when it does this will be fixed automatically (I'll try and find some bug refs soon).

Comment 5

[Wayne Mery (:wsmwk)]

Are nightlies signed?

Comment 6

[Rob Lemley [:rjl]]

The nightlies are signed. It appears to be the same key that Firefox uses.

$ wine sigcheck.exe -i thunderbird-61.0a1.en-US.win32.installer.exe

Sigcheck v2.60 - File version and signature viewer
Copyright (C) 2004-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

Z:\home\rob\Downloads\thunderbird-61.0a1.en-US.win32.installer.exe:
	Verified:	Signed
	Link date:	5:12 PM 5/5/2017
	Signing date:	7:33 AM 5/7/2018
	Catalog:	Z:\home\rob\Downloads\thunderbird-61.0a1.en-US.win32.installer.exe
	Signers:
	   Mozilla Corporation
		Cert Status:	The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
		Valid Usage:	Code Signing
		Cert Issuer:	DigiCert SHA2 Assured ID Code Signing CA
		Serial Number:	0C 53 96 DC B2 94 9C 70 FA C4 8A B0 8A 07 33 8E
		Thumbprint:	B6B24AEA9E983ED6BDA9586A145A7DDD7E220196
		Algorithm:	sha256RSA
		Valid from:	8:00 PM 6/22/2017
		Valid to:	8:00 AM 6/28/2019
	   DigiCert SHA2 Assured ID Code Signing CA
		Cert Status:	The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
		Valid Usage:	Code Signing
		Cert Issuer:	DigiCert Assured ID Root CA
		Serial Number:	04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
		Thumbprint:	92C1588E85AF2201CE7915E8538B492F605B80C6
		Algorithm:	sha256RSA
		Valid from:	8:00 AM 10/22/2013
		Valid to:	8:00 AM 10/22/2028
	   DigiCert Assured ID Root CA
		Cert Status:	The revocation status of the certificate or one of the certificates in the certificate chain is unknown., The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
		Valid Usage:	All
		Cert Issuer:	DigiCert Assured ID Root CA
		Serial Number:	0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
		Thumbprint:	0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
		Algorithm:	sha1RSA
		Valid from:	8:00 PM 11/9/2006
		Valid to:	8:00 PM 11/9/2031
	Company:	Mozilla
	Description:	Firefox
	Product:	Firefox
	Prod version:	4.42
	File version:	4.42
	MachineType:	32-bit

Comment 7

[Wayne Mery (:wsmwk)]

(In reply to Mark Banner (:standard8) from comment #4)
> We just haven't picked up signing yet for nightly or earlybird. Not sure
> when that's coming, but when it does this will be fixed automatically (I'll
> try and find some bug refs soon).

Thomas, do you agree this is now resolved?

Comment 8

[Rob Lemley [:rjl]]

I realized last night that the issue wasn't with the Thunderbird installer, it's with the updater. So with that in mind, I just checked all of the EXE files in our nightly install. They all check out.

Z:\home\rob\tmp\thunderbird\crashreporter.exe:
	Verified:	Signed
	Signing date:	7:13 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Foundation
	Description:	.FileVersion
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\maintenanceservice.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Foundation
	Description:	.FileVersion
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\maintenanceservice_installer.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Corporation
	Description:	Mozilla Maintenance Service Installer
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\minidump-analyzer.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Foundation
	Description:	.FileVersion
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\pingsender.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Foundation
	Description:	.FileVersion
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\plugin-container.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Corporation
	Description:	Plugin Container for Thunderbird Daily
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\plugin-hang-ui.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Corporation
	Description:	Plugin Hang UI for Thunderbird Daily
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\thunderbird.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Corporation
	Description:	Thunderbird Daily
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Z:\home\rob\tmp\thunderbird\updater.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Foundation
	Description:	Thunderbird Daily Software Updater
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit


Z:\home\rob\tmp\thunderbird\WSEnable.exe:
	Verified:	Signed
	Signing date:	7:14 AM 5/7/2018
	Publisher:	Mozilla Corporation
	Company:	Mozilla Foundation
	Description:	Thunderbird Daily Windows Search Integration Handler
	Product:	Thunderbird Daily
	Prod version:	61.0a1
	File version:	61.0a1
	MachineType:	32-bit

Comment 9

[Thomas D. (:thomas8)]

(In reply to Wayne Mery (:wsmwk) from comment #7)
> (In reply to Mark Banner (:standard8) from comment #4)
> > We just haven't picked up signing yet for nightly or earlybird. Not sure
> > when that's coming, but when it does this will be fixed automatically (I'll
> > try and find some bug refs soon).
> 
> Thomas, do you agree this is now resolved?

Looking at comment 8, yes.