Check that MSI digital signature!
The final release of the Windows Live client suite still does not support Windows XP x64 and Windows Server 2003. As expected, some folks have gotten their hands on the MSI installer itself and started making it available for download. Of course, I can’t officially condone this behavior, but more than enforcing EULAs I’m concerned about malicious programs being distributed as part of modified versions of the Windows Live Writer installer.
If you’re going to use any MSI that’s supposed to have originated at Microsoft, check for a digital signature first. In Windows Explorer, right-click on the file and choose Properties, then on the Digital Signatures tab. There should be a signature by Microsoft Corporation–click on it and hit Details to show a dialog like the below. Make sure it says "This digital signature is OK."
And if you hit View Certificate, the certificate path should show "Microsoft Root Authority > Microsoft Code Signing PCA > Microsoft Corporation".
You can also check the MD5 hash. The English build of Windows Live Writer 2008 has an md5sum value of 4912b32726dba27d37cf557797c8b8ee.
Filed under: Windows Live Writer | 7 Comments