Until today people downloading my software were confronted with the standard security warning as shown in the image at the left. To be classified as an “Unknown Publisher” has always annoyed me because it looks so very unprofessional. Besides, it could scare potential customers off and that is the last thing I want of course.
The release of Vista made things even worse by introducing the UAC (User Account Control) by popping up the scary warning shown in the image at the right. I really understand the necessity of being trusted by your customers when they download your software – I do also! -but that comes with a price.
Code signing is widely used to protect software that is distributed over the Internet. Code signing does not alter the software; it simply appends a digital signature to the executable code itself.
The size of the Sailsoft business however did not allow for the recurring costs of a code signing certificate. VeriSign for example charges $499 USD for a one year certificate. With the introduction of NemaStudio I felt I could no longer ignore the need for signing the code. Hence I purchased a 3-year digital code signing certificate from Comodo for a reasonable price.
In order to go successfully through the verification process to obtain a code signing certificate the verification organization extensively checks out your credentials. You need to send in various documents to prove who you are and if you are a registered business before you are allowed to buy a certificate from them.
But now customers that download my software can be assured that the software really comes from me (Sailsoft) and that the software was not altered or corrupted since it was signed.
The “Unknown Publisher” download pop-up has been replaced by the pop-up as shown above. From now on downloaders can click on the link to check out the certificate. Even the UAC pop-up shows a more decent warning!
Ger Rietman's blog 
Leave a Reply