By Bill Pytlovany
Software Code Signing Certificates. Do you care?
I always considered it important to have our program clearly defined as an authentic application. There is a value in proving a file you’re about to install on your computer comes from a reputable company like BillP Studios. This is currently accomplished through the use of a code signing certificate created specifically for BillP Studios and used during the creation of WinPatrol. Before the release of any new version I run a code signing program from Microsoft that uses two encrypted files with uniquely assigned keys to validate and identify our WinPatrol files.
The use of code signing certificate provides anyone who downloads our program proof that their download comes from BillP Studios and isn’t malware created to fool people into thinking they’re downloading WinPatrol. It also prevents any changes to our files.
When someone installs WinPatrol they currently may see this dialog providing proof that the file has been “signed” using a certificate created for BillP Studios. To obtain a code signing certificate BillP Studios must prove it’s a legitimate company. Our name, address, phone, bank account and other assets are validated by a company that is authorized to assign certificates. In our case, the “certificate authority” is VeriSign which is owned by Symantec. For a one year certificate we also have to pay a fee of $499 USD for the validation process. Since our information has remained the same over the years we’re pretty easy.
This post is excerpted with Bill’s permission from his blog