Who's code-signing his/her applications?

[esposito]

One thing that really disturbs me when my customers download and install my software is the fact that, at the beginning of the installation procedure, they get a "terrorist" message warning them that the author of the application is unknown and so there's no guarantee that the software being installed is free from viruses.

As the code-signature package is quite expensive, I'm not using it. To me, it's just business and does not guarantee anything about the quality of your applications.

I wish the EU considered it an abuse of power and took measures to oblige MS to remove that hateful warning message!

Just out of curiosity, is there anyone in this forum who is code-signing his or her own applications?

[Shaggy Hiker]

Yeah. Signing .NET manifests may not be quite as expensive, but fortunately, I don't need to think about it. In fact, I only remember that it was a bit of a hassle getting the certified key for the signature, not what steps I had to take.

The theory is good, but I tend to agree that MS should make it easier/cheaper if they are going to put up some nag screen over it.

[szlamany]

I do not code-sign my apps...

But if you think about it the message is not a lot different then a pop-up blocker message you might get when downloading something you are going to install. Usually the instructions tell you to "ignore the message".

I understand the negativity of that message - but I also understand the importance of protecting low-end users from bad installs.

[dilettante]

The addition of the "unknown publisher alert" to programs trying to modify system state isn't that big a deal and even some Microsoft downloads trigger it. I assume the reason for the "yellow alert" instead of a cool, blue one is meant as some sort of due diligence on Microsoft's part. After all, laymen and untergeeks both blame Microsoft and Windows for tons of things caused by stuff out of their control.

Be glad these certificates are as easy to obtain as they are now. The entire process is very watered down and little more than a show of willingness to fork over some bucks any more.

[szlamany]

How much $$ does one of these certs cost?

[dilettante]

Anywhere from $150 to $500 USD depending on where you shop. But the cheapest ones may have limitations (i.e. a given user's machine may not "trust" the CA).

[Shaggy Hiker]

I understand the negativity of that message - but I also understand the importance of protecting low-end users from bad installs.

I would say that I am skeptical as to whether anybody even reads those, but then it dawned on me that there are people I know who would freak out and be reduced to a paralytic state if they saw such a message. I guess those people would be protected.