Synthesoft | Products | Download | Purchase | Support | Flashback (New) | ||
Starting in 2024, Synthesoft will modify its distribution method for
Flashback releases. These changes include discontinuing the practice of
code-signing Flashback and shifting from an installer-based distribution to
providing the software in ZIP file format. Code-signing is a security measure
that authenticates the software's source and integrity, but due to the
substantial and increasing costs of obtaining certificates—exceeding $200 per
year over a three-year period—Synthesoft has decided to forgo this process.
Instead of using an installer, users will download Flashback software in a ZIP
file. This approach simplifies the installation process, as users can easily
extract the contents of the ZIP file directly into any folder where they have
permission to modify contents, thus eliminating the need for a separate
installation procedure.
To maintain a level of security in the absence of code-signing, Synthesoft plans
to provide MD5 and SHA256 hashes alongside the download links. These hashes are
essentially unique digital fingerprints for files. Users can calculate the hash
of the downloaded file and compare it to the hash provided on the website to
ensure that the software has not been altered or corrupted. This method is
effective as long as the Synthesoft website hosting the page with the hashes
hasn't been compromised. If an attacker were to gain control of the website,
they could potentially alter both the downloadable file and the corresponding
hashes, thus undermining this security measure.