Deploy your new Certified Application or Script to ALL your Corporate Users' PCs!

Imagine if you will a way to publish a Certified Application or Script to Thousands of your Corporate Users' PCs within an Hour without needing complex management software or an expensive in-house IT staff. How much value would there be to have an application that can push out a zero-day exploit fix to all of its users or scale to millions of new users instantly? Columbia Data Products is looking to achieve exactly that with its new [insert program name] product line.

Here are just a couple real world PC scenarios you could be fixing:

Lenovo’s software contained three vulnerabilities that allowed hackers to exploit and run their own code on an affected Lenovo computer. Lenovo’s immediate solution was to have users uninstall their own program! With Snapback-Apps fixes to these types of issues can be issued and published to every snapback user and run with elevated permissions fix these issues, without needing to uninstall!
Window’s 10 update notifications on Win 7 and 8 PCs can be pesky and annoying with frequent pops alerting people to update or in other instances instantly and without notifying the user would force the update of their OS. Reports circulated the internet of many unhappy customers who didn’t want to update and / or had their update fail and made their PC experience and unpleasant one. With Snapback apps a certified application could be downloaded to PCs with a fix near instantly.

A few other highlights:

SnapBack can execute anything that runs on your client's PC, which includes compiled full executable applications.
When executing these, you often need to be able to enable normal users without administrative rights to execute limited actions. Snapback will elevate to execute your script without handing them the administrator's credentials.
SnapBack provides you the ability to safely publish and distribute your app by providing a "Trusted Service" user interface that executes your certified script.
SnapBack's "Trusted Platform" packages your script and the user interface, which is signed and certified by CDP before it is distributed.
Now you can publish your script confidently, knowing that users can't modify your certified script or the user interface, since it is always re-verified before execution, can be updated within the hour, and disabled nearly instantly by administration.

Below is a sample of the UI that your application / script run in:

Got Questions?

We know that you have more questions about this process. We invite you to read through our F.A.Q. listed below to help you get a better understanding.

Q: How can I safely and easily install an application or script to all users, or a select group of users, in my company?

Simple-- Send your script or application to Columbia Data Products who will certify your script, application, and user interface messaging and interaction. CDP will then publish and distribute it to all your users that you’ve designated.

Q: Why is this safer than using Active Directory and/or Group Policy to distribute my application?

SnapBack's "Trusted Platform" ensures that every byte of the UI and the code was written by you, was signed by CDP, and has not been modified. There are no "mistakes" in misconfiguring AD or GPO possible.

Q: What can my users do if my App is published by Snapback, that they couldn't do if I distributed my own script or application?

Ordinarily, users without admin privileges aren't able to execute "administrator only" tasks or resources without you doing extra work or exposing security loopholes. With SnapBack's "Trusted Service" you can specify elevated user permissions for tasks that you designate. You can also specify or change any individual button or application as “admin only”.

Q: If I need to de-authorize an application that was already distributed to my users, how can I control this?

SnapBack provides three settings for all SnapBack App's buttons; "Disable", "Admin only", or" Run Temporarily with a User Warning". These settings can be changed at any time by a new SnapBack update that CDP can distribute within an hour. Alternatively, any administrator can push their own changes out to the HKLM registry. In a worst case, CDP can cancel your specific code signing certificate and none of the apps you signed with it will be able to be run again.

Q: How can I control apps written by individual developers?

Each of your app developers can be assigned a separate certificate. In the event of problems with a specific developer’s apps, you can request that CDP cancel that specific code signing certificate to prevent those apps from running.

Q: Our Application or Script is "company confidential", and we don't want any of these scripts to be viewable by any other users or companies. How can we keep these, "company confidential"?

When you send CDP your code, you can encrypt a container with all of your code. CDP only needs the list of file names with their MD5 hashes, and a list of commands/settings to execute your script or application. When the user executes your application, SnapBack uses your certificate (that is already stored on your users' PC) to unencrypt and re-validate your files, and then SnapBack's Trusted Service will and run your app that we've published to all your users.

Q: How can you ensure that only code that is signed by CDP runs or is downloaded?

SnapBack's "Trusted Platform" has two main components:

Only Download Trusted Files signed by CDP --- We ensure that nothing is downloaded or placed on the local file system unless CDP has signed and certified every byte. This includes not only the actual software or script, but also the user interface. The originating location for each file does not have to be secure, since all files are validated before they are allowed on the client's local system. This originating source for these files can be on any server, network share, local folder, or any combination of these.

SnapBack's secure download platform first downloads the manifests that are to be used, to a Quarantine folder. Any and all files downloaded by SnapBack's Secure Download platform* are kept in a special Quarantine folder where they must pass all security checks before being run or moved into their final destinations.
Then, SnapBack's service validates that CDP has signed the manifests that contains all the validation information for all the files that will be downloaded next, and verifies that the manifests have not been modified. The first files that are always downloaded are Manifest XMLs files. These contain the Remote Source server locations, Local Destinations, and MD5 hash values for every file. These Manifests are signed, ensuring their contents were certified by CDP for SnapBack, and that they are unmodified. Any modification of the Manifest will invalidate the signature, causing it to fail security checks.
Snapback downloads all the files from the servers designated in the manifests and places them in the Quarantine folder, using BITS. (BITS ensures that users' internet or network speed will never be preempted by SnapBack's operations).
Each file in the manifest is compared with the MD5 signatures in the manifest. Each file in the Manifest must match it's signed MD5 hash contained in the Manifest before being able to leave Quarantine. Any files that fail to match are deleted.
The files are moved to the folders specified in the manifests. If After all files in the download pass the signature and MD5 security checks, then they are moved to the Local Destination where they can be run safely.
Post-processing scripts are executed, which take specified actions, after SnapBack is updated. SnapBack's platform will not only securely download your files but can also execute or run commands on, or from these new files.
So nothing runs until CDP has verified the files as a match and ensured that nothing has been modified. (I think this is covered by my new wording) ALAN-- Agree, but would be nice to close with a simple conclusion.

Only Execute Trusted Files, signed by CDP --- Just because files are safely placed on the clients' PC, does not mean that they are necessarily safe for either users or administrators to execute.

Q: We have 200,000 PCs and we need to instantly distribute our app to these PCs. How long will it take before everyone has a copy of our app or update?

SnapBack is designed to scale to allow literally millions of copies of each file to be distributed at once, so it is always fast, safe and available. Here is how it works:

We've designed it so that no matter what, SnapBack is always safe, even if our "server" was hacked. By validating all the files on the clients' side, there is no possibility of getting the "wrong or corrupted files" on your system, or running anything not certified.
Each client is set to check for updates once per hour. If there are no new updates, then there is nothing downloaded.
If there is an update needed, first the manifest is downloaded that specifies which other files need to be downloaded and or executed, and the source of where they are to be downloaded from.
Each file in the manifest is compared with the MD5 signatures in the manifest. Each file in the Manifest must match it's signed MD5 hash contained in the Manifest before being able to leave Quarantine. Any files that fail to match are deleted.
After the manifest containing the server location sources is validated, the download jobs are started.
Before downloading a large file, a small "taste" download validates that the download job is likely to succeed. (This prevents downloading an entire file from a source only to discover the contents of the file had since been replaced. This is more common when downloading application updates, such as Chrome from Google, which changes the source file version without notice). If the small "taste" fails, it will attempt the next download source.
If you are behind a firewall, or even if you are just a home user, you can set SnapBack to check to see if a local client or server already has any of the files required. So, rather than download over the internet, files are efficiently copied over the local network, or run from a folder on the client's local PC. In a corporation, this can save over 99% of your internet use. This location can be a synced local folder, or a network share can be set to provide a primary source for potential downloads or updates. This location can also be a specified local folder using Microsoft OneDrive, Box, DropBox, Google Drive, Sync or other folder sync solutions.
This alternate folder location would take priority over the internet source. Still, Snapback treats this source as untrusted, and re-verifies any files, treating them the same way as if they were downloaded from the internet.
(This same SnapBack shared folder can also be used for an administrator to securely manage and control a few, or thousands of other PCs. Status and logs are securely sent back to the administrator using the same folder.)
SnapBack uses Amazon S3 as the designated file repository for all our files, which means there is no traditional "server" per se, required to process file requests. So all your clients can be updating at the same time. SnapBack will provide edge servers' services such as CloudFlare , which will dramatically increase the speed of Amazon's S3 to any place on earth.

Q: What Scripts or applications can you publish, as part of my SnapBack app?

SnapBack can execute any type of program or scripting languages or interfaces, including CMD, PowerShell, JavaScript, VB Script, Python, Ajax, Pascal, PowerBuilder, cscrpt, wscript, batch, AutoHotKey, MacroCreator, AutoIT, JQuery, WinBatch, iMacros, perl, Java, CSS, HTML, etc. SnapBack can also execute any type of "Automation Robotic Programs", such as FoxTrot.

SnapBack is designed to enable you to control both who can run your app, how it is executed, and to certify that you wrote your app and that no one has modified it. SnapBack can elevate normal users to execute admin-only commands and will enforce that the user has read the re-certified user interface, and is executing your app from the console, without breaking Windows security model.