Reply to post: Code Signing

Microsoft programming chief to devs: Tell us where Windows hurt you


Code Signing

Windows used to be the easiest and cheapest platform for independent software developers wanting to self-publish, but it's now one of the worst. If you're not a limited company, it's very hard and extremely expensive to get a code-signing certificate, and without one, Windows throws up such alarmingly over-the-top warning messages that most casual users are left convinced that your software must be malware.

In reality, certificates don't actually prove that software is safe at all, but just who the publisher is. If I was morally-deficient enough to stuff my software full of lovely money-earning spyware, I wouldn't have any trouble at all in getting a certificate.

If Microsoft truly wants to become more developer-friendly, why not allow developers to self-certify their releases without having to go through an expensive certificate-seller. (eg. have Windows compare a file's certificate with a public key in the root of your website and display the web address to the end user - it would certainly be more meaningful than the personal name my certificates currently display).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019