Trust and Verify 
 
by Mike Zyskowski 
         

As our product, and the industry as a whole, has matured, and as Microsoft has mandated stricter security requirements around all of its products, the user must be made aware of external code that runs as part of Flight Simulator.  To accomplish this, we have implemented a robust and user-friendly method of allowing the customer to ultimately decide if add-on code should be allowed to run.  We aren't trying to limit or prevent the execution of add-on programs – what we are doing is giving the customer the knowledge that an add-on is trying to run code on their machine.  They have the choice to allow this action, and even to indicate their desire to allow this behavior on a regular basis without additional input (we use the Trusted Publisher mechanism that is standard in the Windows security model).

We felt an obligation to the add-on development community to explain this behavior and how best to deal with it. 

If FSX loads add-on code in the form of a dll or exe, (i.e., SimConnect client), or an add-on aircraft that has C-code gauges (.gau or .dll), then you'll see a dialog similar to this:

     
     
   Figure 1:  Dialog for Add-on Program With Signed Certificate  

Or this:

     
     
   Figure 2:  Dialog for Add-on Program Without Signed Certificate  

 
Normally, the user will click Run.  They would then see a dialog like this:
 

     
     
   Figure 3:  FSX-specific Trust Dialog  

The customer will only need to do this ONCE for every add-on code module they choose to add to the FSX trust list. After that, they won't see these dialogs again unless they delete the FSX.cfg file, alter the entries in its [Trusted] section, or install an update to this add-on.

We recommend that add-on developers consider having their add-ons digitally signed through a certified trust authority.  We've provided links at the end of this document to organizations offering this service.  This service is not free (nor cheap), and realize there are many add-on developers who are "hobbyists" and may not feel inclined to pay for a service like this.  This is fine – we are not preventing non-signed add-ons from being executed.  We are, however, going to provide the user with the information that an unsigned add-on is attempting to execute and further provide them the opportunity to allow or disallow this action.

We have made every attempt to strike a good balance between customer security and add-on development.  As our hobby (and cottage industry) grows, so together we must grow in our efforts to provide the highest quality and satisfaction to our mutual customers.

Links to Some Signing Authorities: