Vista & Security

Code Signing - Cheap and Easy

by Charles Edmonds & Friedrich Linder

13-February-2007: Microsoft's new Vista OS has increased security. If you sell software or provide active downloads, this has also increased the need for code signing.

What is Code signing? Code signing is about verifying the origin of digital content and the fact that it hasn't changed since it was signed. When you buy a code signing certificate from a "trusted source", and use it to sign your code, then Vista (and XP) will show a message to the user that your code is from a trusted source. The idea is if you trust the source, then you can trust the application. Code signing technology basically creates a "digital signature" for your software, and is an important part of your security (and marketing) if your users download and install programs or active content.

Recent operating system updates to Windows XP (Service Pack 2) and the new Windows Vista make it vital to use digital signatures in your application files and installation packages. Vista uses code signing more widely than earlier versions of Windows. With the increased level of warnings in Vista, signing your application and installation files gives end users the reassurance they need to proceed with the installation.

You have to buy a code signing certificate from a source trusted and certified by Microsoft. The usual cost of a certificate is $85-$300 per year. However, you can get one for as low as $66 per year (read on!).

The process of signing your code can be somewhat involved... or it can be an easy part of building your software install, if you use a product called SetupBuilder. SetupBuilder can automatically sign your executables AND your installer with your digital certificate. This makes the entire process absolutely painless and easy for anyone to do -- without even having to think about it.

Next, SetupBuilder can add a Vista Manifest to your installer that allows it to run correctly during an install under Vista. SetupBuilder also has the tools built in to detect the proper location where you should keep your program data in order to be compliant with the increased security in Vista.

If you are not aware of this - Vista is no longer going to allow you to write to folders under "Program Files" and also the way many people ran as "Administrator" is changing. You simply need to "play by the rules" if you want your programs to install and run under Vista.

Finally, SetupBuilder is your gateway to affordable digital certificates. LinderSoft (the company who produces SetupBuilder) has teamed up with Comodo, Inc., a leading WebTrust Compliant Certification Authority, to make Code Signing and SSL certificates available to qualified Lindersoft customers at a discounted price.

Comodo's range of solutions gives businesses the ability to create online trust through proprietary technology that help e-businesses convert more customers, retain more customers and increase lifetime value. From providing certificates that put the trusted padlock on websites to patented technologies that lets internet users verify legitimate web content from faked content, Comodo empowers businesses and consumers to authenticate each other and protect their digital identities.

"I am proud to announce that customers with a current SetupBuilder Maintenance Subscription or a current Lindersoft Community Membership can purchase Comodo Code Signing Certificates at a discounted price," says Friedrich Linder, president of Lindersoft. "All qualified Lindersoft customers are able to purchase code signing certificates for as little as $66 per year (on a three year term). The same certificate can be used to sign application, installation and PAD files."

The Comodo Code Signing Certificate is available at a discounted price of $79 (1-year), $143 (2-years), and $200 (3-years) to qualified Lindersoft customers. For more information, visit www.lindersoft.com.