* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
* Also add a retry in PKI's GetSignatureName()
* This should help with getting a "The downloaded executable is
missing a digital signature" message when launching an update.
* Closes#1130
* Don't duplicate the PrintInfo() from DownloadFile()
* Make sure caret is disabled and displayed text will not appear selected
* Also update MSG_085 and remove unneeded MSG_240
* The process search appears to be blocking on some platform, and we
also don't want users to have to wait too long on format startup
* Also update the update check for Windows XP SSL errors
* MSG_002 doesn't display in RTL
* Update Policy dialog loses RTL setting after the first paragraph
* Some text displayed in native Windows message boxes is not using RTL
(even as the Message Box itself will display the rest of the UI elements as RTL)
* Detect if the relevant language pack is installed and use MessageBoxEx to
display native message box buttons using the selected language.
* All theses issues are part of #621
* Also remove trailing whitespaces
* Also update Bled to latest, as well as build scripts
* Note: Considering that Visual Studio 2015 is both freely and legally
available for anyone who wants to use it to compile Rufus, starting
with this commit, I will NOT be supporting any other version of Visual
Studio but 2015.
* Fix Quick Format option overlapping boot option dropdown
* Fix vertical spacing between "Create bootable disk" and "Create extended label and icon files"
* Fix vertical spacing of progress bar in non advanced mode
* Align and resize Advanced Options button
* Align and resize Select Image button
* Fix vertical centering of Status text
* Add 64x64px icon so that the About dialog looks better at 200% size
* This will randomly produce a message for users of a translation that
hasn't been updated in a while requesting help and pointing them to:
http://rufus.akeo.ie/translate
* Closes#435
* Also fix a WDK compilation issue with strtoll
* Application will start in portable mode if its name contains a 'p'
eg. "rufus_portable.exe" or "prufus.exe"
* Closes#264
* Also fix a couple smaller issues
* With that obscene an amount of pre-releases of 6.03 (seriously, how
many more YEARS pre-release of the same version do you actually need?),
of course the syslinux people have managed to break the last remnants
of compatibility they had between a single major version, so we are now
forced to provide a smorgasbord of pre-release and out of band syslinux
binaries on our server, and make sure we detect and handle incompatible
syslinux versions clientside...
For instance, even after fixing the EFI vs isolinux issue, we find
that tails 1.1 is incompatible with 'pre19'. But it also uses its own
'20131220' extended identifier, instead of 'pre1', its closest
relative. So we have to multiply files and symbolic links to try to
keep everybody happy.
Talk about a MAJOR LETDOWN from the syslinux project...
* Closes#363
* Detect Syslinux version from isolinux.bin (Closes#272)
* Download required Syslinux v5+ files where needed (Closes#165)
* Also fix an issue where using a Syslinux based ISO didn't switch to ISO mode
* Also alter DownloadFile and ExtractISOFile to return a size
* Attempt to remount the drive in case of failure (Closes#270)
* Minor fixes to localization
* Fix errors not being properly reported in DownloadFile()
* Also update ChangeLog.txt for beta
* Fix missing DOS codepages for Asian languages (reported by Kyle)
* Fix wrong label being reported when an USB HDD is present (reported by NaJiyoun)
* Fix potential issue with error message reporting
* Fix ISO button being truncated on high DPI displays
* Improve French and Korean translations
* Improve launch of updated application
* move Spanish translation to its expected location
* set gitattributes for the loc file
* update license, factorize is_x64(), remove unwanted messages
* This is meant to be used by translators for testing the UI
* Also fix the positioning and centering of boilerplate on the new version dialog
* French translation improvements
* As the MSDN doc says, "Failing to properly terminate the (lplpszAcceptTypes)
array with a NULL pointer will cause a crash."
* Also switch to HttpSendRequestA() since we have no use for W there.
* Rufus was downloading c32 files in the last directory browsed, which
meant that the same file may have had to be downloaded more than once
* Closes#154
* update copyright year
* switch relevant files to UTF-8 (without signature).
It's 2013 for crying out loud: if your file editor or file viewer
can't handle plain UTF-8, go back to the 1980s!
* also rename autogen.sh to bootstrap.sh
* Contains the bulk of the code required to address #11
* Tested with Windows 8 Pro x64 (en-gb_windows_8_x64_dvd_915412.iso)
and Arch Linux (archlinux-2013.01.04-dual.iso) against an UEFI 2.1 BIOS
* Also fixes missing status report beta versions check
* Add dialog for new release notification
* Do not check for updates during format or ISO ops
* Add RTF support for parser and security improvements
* Also improve init and exit of progress dialog
