Re: "The Publisher could not be verified. etc."

Tech-Archive recommends: Fix windows errors by optimizing your registry


> > You can buy an authenticode digital signature and sign
> > your downloads, like the spyware companies do. :)
>
> Is that enough ? Don't you need MS certification wish cost
> arm and a leg ?
> Have you or anybody try it ?

No, you don't need MS certification. The certificate
requirement is not about software quality. It's about
potentially risky downloads being identifiable. I'm fairly
certain that a digital certificate is adequate to stop
the warnings, but I don't know how much is involved.
That is, I don't know how a company demonstrates that
they're sufficiently official to have a certificate. I imagine
that you probably have to at least be incorporated.

I wouldn't do it, in any case. It was a bold move on the
part of Microsoft to decide that they'd put their browser
in charge of what's "safe" and what's not online. Authenticode
started out as a way to certify ActiveX controls. Microsoft's
move to extend that to all downloads was really quite a
radical step. Among other things, it aims to filter out the small
players and corporatize the Internet. Their authenticode
scheme goes a long way toward reshaping the Web as
a commercial venue. It redefines *all* downloads from
private or "mom and pop" sources as being suspect.
So to buy a certificate is to play into Microsoft's
strategy. It would actively support the notion that only
corporate entities - with commercial motives - should be
operating online.

>> is to include a small explanation on my download page.

> You can't when you are linked from a shareware site.

Yes, that's a good point. There's nothing that can be
done about that. On the bright side, the people who
don't know what a zip is also usually don't pay much
attention to security warnings. :)


> Firefox is going to fall also, they are following the
> foot steps of Netscape, where you have to fetch for
> your Plug Ins or Add Ins, and they link you to them.
> While most Add Ins have huge bugs, one ruined my IE Favorites,
> lucky had a backup.

It does seem that most of the Firefox plugins
are half-baked and/or superfluous....and I'm not
wild about the default setting to check for updates....
I don't like that assumption that software can go
online without asking. (Much less the assumption
that it's OK for a software program to be some
kind of permanent beta on a drip feed of updates.!)
But mozilla.org doesn't have any motive to be
exploitive, while Microsoft, Apple and AOL/Netscape do.


.

Relevant Pages

  • RE: [Full-Disclosure] MSN Webcam / Chat Spoof
    ... It's problem of Microsoft who made this "authenticode" verification so ... Why can't an Authenticode certificate present the ... Browser Plugin is ADULT DIALER - it connects via modem to telephone ...
    (Full-Disclosure)
  • Re: Verifying a Signed Executable before running it on a remote machine.
    ... That exe is Authenticode signed using a commercially-issued Class 3 code signing certificate ... Therefore, technically, the signature and cert (according to default Microsoft Authenticode ...
    (microsoft.public.platformsdk.security)
  • Re: Programmatically Signing DLL
    ... Authenicode signing adds ~ 1 kbyte of data, it wouldn't be a big deal to ... > What kind of certificate do we need to buy to allow programmatic ... IE5+ can properly verify the validity of an Authenticode signature (build into ... As I mentioned before, the CAPICOM install is a no-brainer, fast install, no reboot ...
    (microsoft.public.security)
  • Re: possible firefix security problem??
    ... > downloads some random music files ... > And the java applet was, as far as I could see, started within the ... a rewuest whether to honour a certificate from some certificate issuing ... certificates from all kinds of web sites -- Firefox itself does that ...
    (Debian-User)
  • Re: "The Publisher could not be verified. etc."
    ... > potentially risky downloads being identifiable. ... > certain that a digital certificate is adequate to stop ... > wild about the default setting to check for updates.... ... > kind of permanent beta on a drip feed of updates.!) ...
    (microsoft.public.vb.general.discussion)