|MTNCOMP | List | Table|
For the past 2 weeks I have been trying to work with code signing the GoGreen PC TuneUp™ software and utility so that the software is trusted during installation and download detection by Microsoft operating systems, browsers, and antivirus programs.
The odd thing is that there are two versions of a certificate to code sign. The Basic / Standard or EV (extended verification) versions of a code signing certificate. The standard one is less expensive than the advanced EV edition. Instead of $500 for an EV edition, the $200 edition for 1 year. The EV is about 2-3 times more expensive and slow to order, slow to process, yet once received works with with immediate reputation on the operating systems and antivirus programs.
So why is the Standard not fully trusted and requires lots of installations and overrides to get it trusted?
Could it be the time stamp switch being included or not during the code signing? probably.
It also basically comes down to money and vendor profiteering. There are non-profit was for open source code signing, but not for profit ways.
As a side note, time stamping was not stressed enough in any of the documentation of a basic code signing process. I realize now time stamping is vital in part to be trusted.
More to come.
© 2023 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.