Post Format

My Very Own Digital Signature

10 comments

One of the effects of User Account Control on Windows Vista is that whenever you run a software installer you are asked to confirm if you really want to run it and if you agree, you are either elevated to the mighty powers of an Administrator or you’re asked to enter the credentials of one. The idea behind this is to make sure that you don’t accidentally install something dodgy or some evil software doesn’t manage to install itself without you knowing about it.

It can be quite annoying although it is a useful measure against spyware and malware. However, when launching my installer for John’s Background Switcher I would get this rather scary dialog:

Unidentified Publisher Warning

Windows Vista cares a lot more about digital signatures than previous versions of Windows. To obtain a digital certificate to sign your software you have to go through an authorisation process to verifiably identify your company or yourself. If you’re a malware author you’re not likely to get a digital certificate because it costs money, you’d have to identify yourself to an issuing authority and as soon as you’re reported for making malware your certificate would be revoked. So if the installer you run is digitally signed with a valid certificate Windows Vista can be pretty sure it’s not likely to be evil software that’ll take over your computer. In this case it presents a much prettier dialog that’s far less likely to scare any normal user into cancelling. And there’s no orange in sight.

For this reason (and because I thought it would be cool) I decided to stump up a bit of cash and buy my own digital certificate in my name (since I don’t have my own company). After sending a copy of my passport to the issuing authority I can now sign any software I create so that it’s uniquely identified as coming from me. So now when you run my installer you’re shown this:

JBS Installer Signed Warning

It’s a far friendlier dialog and I hope that people being presented with it are much less suspicious that my software has some evil, ulterior motive. Also, if someone tampers with my installer, the signature will become invalid and Windows will complain.

It’s a bit of a pain having to pay for a digital certificate to stop Windows from scaring off potential users but I guess that’s thanks to all those dodgy malware authors out there exploiting the formerly trusting nature of Windows. Grrrr.

Posted by

Creator of John's Background Switcher. Scotsman, footballer, photographer, dog owner, risk taker, heart breaker, nice guy. Some of those are lies.

10 Comments Join the Conversation

  1. ah, I see, that explains the two nearly identical but visually different prompts

    I was wondering what the difference was as they both seemed to do the same thing (except as you said, on being scarier looking)

    Reply

  2. It’s a much more marked contrast than in Windows XP where you could hardly tell the difference between the signed and un-signed dialogs. And I think the un-signed one is definitely scary enough to make a lot of people think the software might be dodgy and cancel installing it. The thought of people not installing JBS and sticking with boring, corporate backgrounds would have kept me awake at night! 😉

    Reply

  3. I know all too well the pains of digital signatures in Vista. And it’s not just the installer, either. If any part of your program requires “administrative” rights for any reason (and you properly ask for those rights via a manifest file, for example), you’ll get that scary privilege elevation dialog. If your program isn’t digitally signed (the .EXE file itself), you get the scary orange one. If it IS signed, you get the gray one (though frankly, I think in that case you shouldn’t get a prompt at all).

    Of course, the colors are nice, but my experience hath shewn that most people just click “Continue” no matter what the warnings say. You sort of get conditioned to it, since the prompt comes up so often. (Which again, is why I think it *shouldn’t* come up if the file is digitally signed.)

    But that’s neither here nor there. Good on ya for digitally signing your installer. (You might consider digitally signing every EXE/DLL file included with it, as well – just in case.)

    Reply

  4. Can you tell me what organization and what the process was for obtaining a signature? Thanks in advance!

    Reply

  5. Since I’m an individual and not a company I went with GlobalSign as their application form didn’t assume I was a company (unlike all the others I tried)!

    Once you follow their application form you’ll need to send them proof of your company’s existence (or a scan of your passport if you’re an individual). When they have all that they send you a link to download the digital certificate you can use to sign your software (I use signtool.exe that comes with the .NET framework SDK).

    One change I had when renewing my certificate this year was that I had to get the application notarized – again it’s all about proving who I am to GlobalSign so they know I’m not some dodgy character who’s going to abuse the certificate.

    Update (Feb 2009): GlobalSign no longer give certificates to individuals so this time I got a certificate from Comodo via Tucows. It’s all explained here.

    Reply

Leave a Reply