We have added security checks which will examine any add-on dll, exe or gau file that is being loaded by FSX. These checks are first and foremost intended to inform the user that code is attempting to run, and provide them with the opportunity to allow or disallow this behavior. We realize this is quite different than the historical behavior of the Flight Simulator franchise, in that previously we would simply load any gauge or dll that properly associated itself with Flight Simulator with no opportunity for user intervention. This feature is meant to provide a higher degree of confidence for the end user in the security our platform provides.
As our product, and the industry as a whole, has matured, and as Microsoft has mandated stricter security requirements around all of its products, the user must be made aware of external code that runs as part of Flight Simulator. To accomplish this, we have implemented a robust and user-friendly method of allowing the customer to ultimately decide if add-on code should be allowed to run. We aren’t trying to limit or prevent the execution of add-on programs – what we are doing is giving the customer the knowledge that an add-on is trying to run code on their machine. They have the choice to allow this action, and even to indicate their desire to allow this behavior on a regular basis without additional input (we use the Trusted Publisher mechanism that is standard in the Windows security model).
We felt an obligation to the add-on development community to explain this behavior and how best to deal with it.
If FSX loads add-on code in the form of a dll or exe, (i.e., SimConnect client), or an add-on aircraft that has C-code gauges (.gau or .dll), then you'll see a dialog similar to this:
| |
|
|
| |
 |
|
| |
Figure 1: Dialog for Add-on Program With Signed Certificate |
|
Or this:
| |
|
|
| |
 |
|
| |
Figure 2: Dialog for Add-on Program Without Signed Certificate |
|
Normally, the user will click Run. They would then see a dialog like this:
| |
|
|
| |
 |
|
| |
Figure 3: FSX-specific Trust Dialog |
|
The customer will only need to do this ONCE for every add-on code module they choose to add to the FSX trust list. After that, they won't see these dialogs again unless they delete the FSX.cfg file, alter the entries in its [Trusted] section, or install an update to this add-on.
We recommend that add-on developers consider having their add-ons digitally signed through a certified trust authority. We’ve provided links at the end of this document to organizations offering this service. This service is not free (nor cheap), and realize there are many add-on developers who are “hobbyists” and may not feel inclined to pay for a service like this. This is fine – we are not preventing non-signed add-ons from being executed. We are, however, going to provide the user with the information that an unsigned add-on is attempting to execute and further provide them the opportunity to allow or disallow this action.
We have made every attempt to strike a good balance between customer security and add-on development. As our hobby (and cottage industry) grows, so together we must grow in our efforts to provide the highest quality and satisfaction to our mutual customers.
Links to Some Signing Authorities: