As someone famously said, "I have a bad feeling about this."
(Please note: My comments are based on the information available here about AE, not from experience on my system. I have not and will not allow this program to dl and install itself on my computer.)
I feel very strongly that this software has been written using some very bad practices, ones which will cause users serious problems and compromise their systems' security.
1. The install procedure compromises security. AE does not allow the almost universal method of dl and install: Dl a file to a location of your choice on your computer, and then run it to install. This is done w.o having to change the security settings on your computer, wit the possible exception of disabling automatic virus checking during the install itself. No changes in IE security settings are required. AE, OTOH, requires permanent changes to IE security that seriously degrade a system's security when it is connected to the Internet. a. Install method one requires that Nikonians be added to ones' trusted sites list. While I don't question that Nikonians can be trusted, that setting should be reserved for sites that are verified secure (https). Nikonians is an http site, not https. By adding an http site to the trusted sites zone, you increase the chance that a spoof (making a malicious site look like a trusted one) could put malware on your system. I realize that the instruction says to do this only temporarily, during the install. But, if Nikonians has to be in trusted sites for the dl to work, how can the automatic update function if Nikonians is removed? b. Install method two is even more problematic, as it depends on disabling Authenticode verification. Here's what Microsoft says about this: From IE help: "Authenticode technology checks to see if the program has a valid certificate, that the identity of the software publisher matches the certificate, and that the certificate is still valid. Note that this does not prevent a poorly written program from being downloaded or run on your computer, but it helps reduce the chance of someone misrepresenting a program that is intended to be malicious or intentionally harmful." From MS Support: "Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process." Again, the implication is that this change must be permanent if automatic updates to AE are to work. I believe this to be quite simply an unacceptable risk.
2. The idea of automatic updates over which the user has no control or choice in their install is unacceptable. Sooner or later, there will be an update that causes problems. Almost every sw vendor that I've had experience with, large and small, has at sometime issued an update they shouldn't have. If the user has the options of when and whether an update is installed, then (as some of us do), we can wait a few days after an update is available to see if it works. Not to allow this runs a great risk that at some point some serious damage will be done to users' systems by a flawed update.
3. AE is installed in a folder that users normally don't have access to. I believe this is bad practice also. This would seem to indicate that the folder is in some basic way different from a normal Windows folder. (Else why couldn't a reasonably savvy Windows user get access to it?) If so, this raises questions about whether other Windows operations would have difficulties when they try to access the folder. What of disk defragmentation programs that try to move files? What about backup programs - will they have access? Will such a folder impact the integrity of the Windows file system? What will happen with various disk checking/repair programs? Finally there's a philosophical issue for me: If it's on my disk, I want to be able to get to it it for some reason I believe I need to. I'm more than irritated by programmers that think I'm too inexperienced (dumb?) to know what to change and what to leave alone.
#1. "No risk for harm using Annotate" In response to Reply # 0
Thanks for your note. First of, the application is not harmful and I am truly sorry to hear that you feel fear.
I can guarantee that Annotate was NOT developed using bad engineering practices. While we honor your feelings, we should make certain here and now that your statements are your very personal ones and are not necessarily reflecting any facts.
Let me now come to the facts:
Regarding your fears with installation: The install procedure does NOT require you to execute the steps that you described. Few users have their browsers configured at such a high security level that the level needs to be adjusted.
This is absolutely the same problem as that we are using cookies for authentication here at Nikonians and if you turn cookies off due to whatever security scare issue, you will not be able to login to Nikonians. So, it is possible to disable most internet sites and most software by setting your security settings to paranoid high.
A vast majority of users who install Annotate do not have to alter their IE settings at all, because they have these settings already set at a reasonable security level. Several thousand users have installed the application without any security level changes reported.
Even those users who have to adjust their security settings in order to install Annotate have to do so only temporarily.
Regarding installing the application from the Internet: You will download the setup.exe (or annotate.application) file that is then performing the installation from our server to your application cache (see below for exact location).
>> How can the automatic update function if Nikonians is removed? Updates can work even after IE security settings are set back to their previous values, because updates use a different principle. While during installation user interacts with his web browser, during updates, the user interacts only with the application.
Annotate is signed by the publisher (enprovia software engineering) with an authenticode signature. This protects you, the end user since Annotate refuses to run if it is infected from a third party application, malware or similar! Many applications on the net are not signed and they are not having this additional security.
Annotate uses ClickOnce technology (http://en.wikipedia.org/wiki/ClickOnce) to install itself and maintain updates. ClickOnce is widely used by .NET application vendors, because it is safer and simpler to the end user than any other installer technology. It also uses very well tested components developed by Microsoft that ensure its reliability and security. ClickOnce applications are fully isolated on the target system and do NOT in any way influence any other program installed on the system, or the system itself.
Regarding your fears with updates: If an update is available, user is notified and can choose whether he want to install the update. The application only provides a notification that the update is available. It will NEVER install any update by itself. You can wait as long as you wish before you will accept the issued update.
ANY update of Annotate can be rolled back to previous version from the Control Panel.
Regarding your fear with install location: “AE is installed in a folder that users normally don't have access to.” This statement is for the normal (beginner) computer users without any knowledge about computers.
In terms of accessibility, the folder is as normal as any other folder. It is only special in its location. There is no reason for any user (even any experienced user) to need to access files located in this folder.
The exact folder location for a specific application is managed by ClickOnce technology. Not even the vendor of the application can determine the exact location where his application is installed. This is a security feature to protect end users.
The folder is called Application Cache and is located at “C:\Users\<your profile name>\AppData\Local\Apps\2.0” (on Windows 7/Vista) or at “C:\Documents and Settings\<your profile name>\Local Settings\Apps\2.0”
All defragmentation, backup, disk checking and repair programs have normal access to the folder.
#3. "RE: No risk for harm using Annotate" In response to Reply # 1
While I do not share Bill's concerns with security of the program, the install, folder setting or location, I do have to express my PERSONAL OPINION regarding the AE program. I am an avid photog for well over 40 years and a very long-time computer user with some coding experience. I have used a wide variety of software starting back in the DOS days and extending through accounting systems, vector drawing, photo rework, spreadsheets, and of course word processing. Currently, in retirement, I do research and writing all day most days on computer. This said only to qualify my point ...
I love the resource this Nikonians site affords in shared experiences, but if it were possible, I would seek a refund of my $49 for Annotate Expert. Only FaceBook manages to exceed the confusing, non-intuitive, seemingly non-functional level of this program. I have used no fewer than 3 net-based free programs that work far better, and have since purchased a full-featured annotation program that provides considerably more for $20 less. I hate it, but the AE program falls far short of many programs available today for less or no money.
#5. "RE: No risk for harm using Annotate" In response to Reply # 4
>>I have used no fewer than 3 net-based free >>programs that work far better, and have since purchased a >>full-featured annotation program that provides >considerably >>more for $20 less. > >and what might those programs be?? > > >www.broadwallphotography.com
I have provided several URLs you may explore. They include a number of free and/or moderately priced programs. Of the free ones I have tried in the past, all worked quite well.
Please let me know if there is any other part of my post I need validate.
#7. "RE: No risk for harm using Annotate" In response to Reply # 3
I hope you have received your refund and that that has been settled by now.
In general: The new release of Annotate Expert allows the user to select the location where to install the program. It further supports tethered shooting and annotations on TIFF and PDF in addition to the previous support of RAW and JPG.
Most annotation programs on the market are nothing but drawing programs, making it possible for you to draw text and symbols on the image (and thus destroying it). Annotate Expert does not destroy the original, but rather writes on top of a layer, like a glass sheet, without affecting the original. Furthermore, the annotations are made into IPTC keywords and are all searchable.
We understand if the concept of annotating images this way may seem new to some, but we truly believe it has some direct advantages.
Thanks to all of you who are supporting the community by using and buying the software and giving us feedback on it - that way we are able to make the software even better!