Nullsoft Scriptable Install System

Last updated

Nullsoft Scriptable Install System (NSIS) is a software for creating installation programs for the Windows operating system. It was originally developed by Nullsoft, who used the installer for their media player Winamp, among others. Today, NSIS is free software and is licensed under the zlib/libpng License. The source code of NSIS and the downloads are offered through SourceForge, where NSIS was awarded Project of the Month in January 2006. The installer is a popular open-source alternative to commercial installers like InstallShield. [1]

Contents

NSIS itself consists only of a command-line compiler and a graphical user interface for the compiler, which aids in compiling and simplifies some settings. The installer includes LZMA compression, plug-in support, multilingual features. [1] Several other #third-party front-ends for NSIS are available.

When using NSIS in software products, it is not possible to obtain a certification from Microsoft as "Designed for Windows Vista" because NSIS is not capable of generating the necessary Windows Installer files.

Features (Selection)

Through the scripting language and the plugin interface, almost unlimited functions can be implemented in self-written installers. This includes managing system services, web-based installations, dynamic updates, repair and rollback functions.

Functionality

An installer is based on a script, where each line is an instruction. The script file is compiled into an executable file containing all files (compressed) and the installation program (script commands) by the command-line compiler "makensis.exe", which can then be easily distributed. MakeNSISW is available as a graphical interface for makensis.

; Example scriptName"MyExample"OutFile"installer.exe"SetCompressorlzmaInstallDir"$PROGRAMFILES\example"InstallDirRegKeyHKLM"SOFTWARE\example""installdir"LoadLanguageFile"${NSISDIR}\Contrib\Language files\German.nlf"Pagedirectory Pageinstfiles SectionSetOutPath$INSTDIRFile"myexample.exe"WriteRegStrHKLM"SOFTWARE\example""installdir""$INSTDIR"CreateShortCut"$DESKTOP\example.lnk""$OUTDIR\myexample.exe"SectionEnd

The adjacent images show the result of the above script. Using extensions like the "Modern UI" or specific plug-ins, visually appealing installation wizards can also be created.

Thanks to strong compression algorithms and low overhead, very small installers are possible, making NSIS ideal for distributing programs over the Internet.

Security

Installers created with NSIS have security vulnerabilities when an outdated version is used. [2] [3] [4] [5] [6] [7] Possible security vulnerabilities were closed in versions 2.47 [8] , 2.50 [9] , and 2.51 [10] .

Third-party front-ends

Creation of NSIS installers is supported by several pieces of third-party software:

Related Research Articles

<span class="mw-page-title-main">Cygwin</span> Unix-like environment for Windows

Cygwin is a Unix-like environment and command-line interface for Microsoft Windows.

<span class="mw-page-title-main">Plug-in (computing)</span> Software component that adds a specific feature to an existing software application

In computing, a plug-in is a software component that adds a specific feature to an existing computer program. When a program supports plug-ins, it enables customization.

<span class="mw-page-title-main">Winamp</span> Media player for Microsoft Windows

Winamp is a media player for Microsoft Windows originally developed by Justin Frankel and Dmitry Boldyrev by their company Nullsoft, which they later sold to AOL in 1999 for $80 million. It was then acquired by Radionomy in 2014, now known as the Llama Group. Since version 2 it has been sold as freemium and supports extensibility with plug-ins and skins, and features music visualization, playlist and a media library, supported by a large online community.

<span class="mw-page-title-main">Windows Script Host</span> Automation technology for Windows

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows operating systems that provides scripting abilities comparable to batch files, but with a wider range of supported features. This tool was first provided on Windows 95 after Build 950a on the installation discs as an optional installation configurable and installable by means of the Control Panel, and then a standard component of Windows 98 and subsequent and Windows NT 4.0 Build 1381 and by means of Service Pack 4. The WSH is also a means of automation for Internet Explorer via the installed WSH engines from IE Version 3.0 onwards; at this time VBScript became means of automation for Microsoft Outlook 97. The WSH is also an optional install provided with a VBScript and JScript engine for Windows CE 3.0 and following and some third-party engines including Rexx and other forms of Basic are also available.

Cabinet is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for maintaining archive integrity. Cabinet files have .cab filename extensions and are recognized by their first four bytes MSCF. Cabinet files were known originally as Diamond files.

<span class="mw-page-title-main">7-Zip</span> Open-source file archiver

7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own archive format called 7z, but can read and write several others.

<span class="mw-page-title-main">Nmap</span> Network scanner

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF).

Installation of a computer program, is the act of making the program ready for execution. Installation refers to the particular configuration of software or hardware with a view to making it usable with the computer. A soft or digital copy of the piece of software (program) is needed to install it. There are different processes of installing a piece of software (program). Because the process varies for each program and each computer, programs often come with an installer, a specialised program responsible for doing whatever is needed for the installation. Installation may be part of a larger software deployment process.

<span class="mw-page-title-main">Windows Installer</span> Software

Windows Installer is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. The installation information, and optionally the files themselves, are packaged in installation packages, loosely relational databases structured as COM Structured Storages and commonly known as "MSI files", from their default filename extensions. The packages with the file extensions mst contain Windows Installer "Transformation Scripts", those with the msm extensions contain "Merge Modules" and the file extension pcp is used for "Patch Creation Properties". Windows Installer contains significant changes from its predecessor, Setup API. New features include a GUI framework and automatic generation of the uninstallation sequence. Windows Installer is positioned as an alternative to stand-alone executable installer frameworks such as older versions of InstallShield and NSIS.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

<span class="mw-page-title-main">SCons</span>

SCons is a computer software build tool that automatically analyzes source code file dependencies and operating system adaptation requirements from a software project description and generates final binary executables for installation on the target operating system platform. Its function is analogous to the traditional GNU build system based on the make utility and the autoconf tools.

Active Scripting is the technology used in Windows to implement component-based scripting support. It is based on OLE Automation and allows installation of additional scripting engines in the form of COM modules.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

<span class="mw-page-title-main">CMake</span> Cross-platform, compiler-independent build system generator

In software development, CMake is cross-platform free and open-source software for build automation, testing, packaging and installation of software by using a compiler-independent method. CMake is not a build system itself; it generates another system's build files. It supports directory hierarchies and applications that depend on multiple libraries. It can invoke native build environments such as Make, Qt Creator, Ninja, Android Studio, Apple's Xcode, and Microsoft Visual Studio. It has minimal dependencies, requiring only a C++ compiler on its own build system.

<span class="mw-page-title-main">Inno Setup</span>

Inno Setup is a free software script-driven installation system created in Delphi by Jordan Russell. The first version was released in 1997.

<span class="mw-page-title-main">Self-extracting archive</span> Computer executable program

A self-extracting archive is a computer executable program which combines compressed data in an archive file with machine-executable code to extract the information. Running on a compatible operating system, it does not need a suitable extractor in the target computer to extract the data. The executable part of the file is known as a decompressor stub.

<span class="mw-page-title-main">PeaZip</span> File archive computer program

PeaZip is a free and open-source file manager and file archiver for Microsoft Windows, ReactOS, Linux, MacOS and BSD by Giorgio Tani. It supports its native PEA archive format and other mainstream formats, with special focus on handling open formats. Version 9.4.0 supported 234 file extensions.

XZ Utils is a set of free software command-line lossless data compressors, including the programs lzma and xz, for Unix-like operating systems and, from version 5.0 onwards, Microsoft Windows. For compression/decompression the Lempel–Ziv–Markov chain algorithm (LZMA) is used. XZ Utils started as a Unix port of Igor Pavlov's LZMA-SDK that has been adapted to fit seamlessly into Unix environments and their usual structure and behavior.

<span class="mw-page-title-main">IExpress</span>

IExpress, a component of Windows 2000 and later versions of the operating system, is used to create self-extracting packages from a set of files. Such packages can be used to install software.

References

  1. 1 2 Dey 2021, p. 339.
  2. FullDisclosure: Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
  3. FullDisclosure: Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
  4. FullDisclosure: Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
  5. FullDisclosure: Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13
  6. Gpg4win: Security Advisory Gpg4win 2015-11-25
  7. Intel: Intel Security – Security Bulletin: Security patch for several McAfee installers and uninstallers
  8. Appendix F: Changelog and Release Notes
  9. Appendix F: Changelog and Release Notes
  10. Appendix F: Changelog and Release Notes
  11. https://cmake.org/cmake/help/latest/cpack_gen/nsis.html
  12. https://eclipsensis.sourceforge.net/index.shtml
  13. https://hmne.sourceforge.net
  14. https://packages.debian.org/sid/nsis

Sources

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.