Inno Setup

Inno Setup
Original author(s) Jordan Russell
Developer(s) Jordan Russell and Martijn Laan
Initial release 1997 (1997)
Stable release 5.5.7 / December 28, 2015 (2015-12-28)
Written in Embarcadero Delphi
Operating system Microsoft Windows
Type Setup Creator
License Free software[1]
Website jrsoftware.org/isinfo.php

Inno Setup is a free script-driven installation system created in Delphi by Jordan Russell. The first version was released in 1997.

History

Since Jordan Russell wasn't satisfied with InstallShield Express which he had received upon purchase of Borland Delphi, he decided to make his own installer.[2] At first, Inno Setup was little known. The first public version was 1.09..

To make an installation package with version 1.09, an “ISS.TXT” file needed to be created in the installation directory. In the file, the user needed to supply variables and values which are still used in Inno Setup today. These variables served as the configuration of the installation package but many other features could not be changed. The installation compiler had no editor and was more of a shell to compile scripts.

Throughout Inno Setup's development, it was becoming more widely used. Since Inno Setup was and still is free and open source, many software companies started switching to the open source solution in software installation. Since Inno Setup was based around scripting, fans of Inno Setup started ISTool and ScriptMaker to aid in visual and simpler ways to make installations for Inno Setup.

Inno Setup has won many awards including the Shareware Industry Awards three times in a row - from 2002 to 2004.

Many people have taken Inno Setup source code and used it to develop third-party versions of Inno Setup. An example is My Inno Setup Extensions by Martijn Laan, which has been incorporated into Inno Setup in June 2003.

Features

Key features

Security

Installers created with InnoSetup have vulnerabilities which result in arbitrary code execution and due to their interaction with Windows' user account control additionally in privilege escalation. When run from a user's Downloads directory where an attacker has placed one of the DLLs these installers load per drive-by download this vulnerability results in remote code execution. A proof of concept was published by Stefan Kanthak. [5]

See also

References

  1. "Inno Setup License". JRSoftware.org. Retrieved 18 January 2010.
  2. Why was it created?
  3. "About Inno Setup". JRSoftware.org.
  4. "Inno Setup change log". JRSoftware.org. Retrieved 18 January 2010.
  5. FullDisclosure: Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup

External links

This article is issued from Wikipedia - version of the Monday, February 15, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.