Can't run GPG --recv-keys under Windows Vista.

Henry Hertz Hobbit hhhobbit at securemecca.net
Wed May 30 06:52:09 CEST 2007


All:

This seems to be going out of the realm of GnuPG.  What I was attempting
to point out was the problems may be far deeper than just the internal
code changes you have already made in GnuPG. I hope the new install
program of both GnuPG and GPG4Win have that patch in place - most
Windows users don't have development systems. I assumed the patches
were in place, which makes the initial question that started all
this even more baffling.  If they were using the patched version of
GnuPG, then why are they still having problems?

Firefox and many other programs had to be recompiled for Vista and
in addition to the reasons you have found (code changes), here are
the reasons why the other programs had to be remade.  The major reason
is that the new Vista programs needed that expensive certification
from Microsoft. You will also have to replace almost all of the
programs you use when you move to Vista for these same reasons.
In other words, the problem is not just peculiar to GnuPG. Here are
some of the reasons for the why software that used to run on
Windows won't run on Vista:

1. Vista considers the %ProgramFiles% area as semi-protected.  Since
   GnuPG is installing into this area, it is a reason for concern.
   Even such programs as Firefox couldn't be installed on Vista for
   a while.  The reason why it is only semi-protected is because if
   it is fully protected, it causes problems for anti-virus,
   anti-spyware, firewalls, and other security programs that need
   to be updated.
2. Vista considers the %Windir% as a protected area.
3. Vista considers certain areas of the registry (HKLM primarily) as
   protected areas.
5. There are some other areas that Vista considers protected areas,
   but I gave you the three major areas.
4. Any program or script that begins to access (not just modify) the
   protected areas frequently needs to be licensed by Microsoft.
   The only way I have observed of getting around it is to run
   that elevated Command Prompt and run the program from there.
   That is the only way my ckdupe.exe program I provided on the back
   end for other people that make blocking hosts files will run.
   When they saw my ckdupe program checks their files for duplicates
   and does it in less than 1/4 of a second (the heapsort is the key
   to the speed) they all started using it. Vista broke the running
   of that program. The only way it runs any more is in that elevated
   privileges Command Prompt. There was no tricky code in it that
   would have caused a problem either. And checking a hosts file some
   place else other than in the protected file system areas doesn't
   help either. So the code changes you are making to GnuPG are in
   addition to this new way of running programs on Vista.  You need
   to understand our blocking hosts file is smack dab in the middle
   of one of their protected areas. It is also why I installed both
   Homer and our PAC filter at the top of the drive (they are in
   unprotected file space).  It doesn't help because Vista still
   blocks the scripts unless run from an elevated privilege Command
   Prompt.  There were things being blocked on Vista that still
   leave me baffled.  They weren't going into any of the protected
   areas and they were still having problems.

Now any changes to GnuPG code in either installer or the run programs
is on top of this new way of doing things which is different from
previous versions of Windows.  As a test, you could TRY to install
my blocked cookie list into Firefox (a binary is included). You
SHOULD have no problems on any version of Windows including Vista:

- Microsoft Windows Version
http://securemecca.com/Firefox.msw.zip
- Unix version (you must compile it yourself)
http://securemecca.com/Firefox.unx.tar.gz

But I will wager that you will have problems running it on Vista
(report in group if you choose but also tell me directly if you use
Vista and either had or didn't have problems - you may not be able
to get it to work at all) unless you run the program that installs
the domains not allowed to set cookies in that elevated privileges
Command Prompt.  BTW, the add2ffox.exe only runs in a Command Prompt
anyway. If you use SpyWareBlaster or similar programs I would run
the program each time after you run their updates since they may
remove what I have identified are the most prevalent tracking
cookie domains on the Internet. The only thing that should be in
the blocked cookie list are those domains you hit most of the
time.  That is all it does too, blocks cookies. If you want to
restrict domains, your only option in Firefox is NoScript. PAC
filters, blocking hosts files, and Ad Blockers BLOCK entirely,
not just restrict.

So what does all of this have to do with GnuPG? I think any changes
or attempts to make GnuPG work on Vista need to have these things
kept in mind.  Vista is not just a minor twist in the way of doing
things coming out of Redmond. It is entirely new in many ways. It
is why I finally abandoned the idea of Vista. Others upgraded and
after seeing the headaches they had I am staying with XP Pro, XP
Home, and 2003 server.  It makes it impossible for me to test
anything with Vista, but those are the breaks.  Once support for
XP is abandoned by Microsoft I may not be working with Microsoft
Windows any more. I am NOT going to install Vista!  We have had
too many problems with it.  I am also not going to pay Microsoft
approximately $1500 year ($1000 for the certificate, and
approximately one version of the build software for $500 which
needs to upgraded at least once per year) for some programs that
I am giving away free.  Microsoft must believe the rest of us
are all millionaires like they are.

There are going to be more changes in Vista as time goes on.
I think you can count on every one of them affecting you
adversely.  I can't believe that one simple patch of the software
has fixed all the problems you have when I have had so many more
with other programs.  In exasperation I told somebody else nothing
but Microsoft programs run on Vista.  That isn't true, but it
illustrates the depth of the problem.

If you have handled all of this, please ignore me.

HHH

-- 
Why hack in when you can drive in on Hwys. 80, 110, 194, 220, 443, 993,
994 & 995?



More information about the Gnupg-users mailing list