On Saturday 13 November 2010 00:19, David H. Lipman wrote: > From: "Michael Adams" <[email protected]> > > < snip > > > | NOTE: During the install process Windows may spout some bull about the > | program being untrusted. This is because companies have to pay Microsoft > | to be a "Trusted" developer of programs. This payment does not really > | ensure that a trusted companies programs are any safer than others. > > Not True! > > The software is not trusted because the software has no digital signature > (read digital certificate) or it is digititally signed but there is a break > in the certificate chain such as the end user not having the root > certificate in their certificate store. > > It has nothing to do with "paying Microsoft."
Thanks for this information. I thought a Verisign certificate was a website SSL authentication certificate only. Seems i now have more research to do. What is the specific name of this type of install certification? - Code Signing Certificate Will it work for offline installation? - Sometimes I think (more research required) What do they cost a company? - Around $500 per year. http://www.verisign.com/code-signing/microsoft-authenticode/index.html?sl=productdetails Are these certificates per company, per product or per install number? - Per company Are they proven? Have there been any problems? - Yes, Yes http://www.amug.org/~glguerin/opinion/revocation.html It seems my research has turned up that Verisign is one of the third party companies to the "Microsoft Authenticode" process[1], among others[2]. The software issuing company being the first party and the user being the second. Microsoft is the fourth party in the "Microsoft Authenticode" process, as the tool (signtool.exe) for creating the signatures themselves is part of the Microsoft Software Development Kit (SDK) and the OS is Microsofts. There is another party, Dun and Bradstreet who audit applying commercial software companies[3]. So my original statement still has some measure of truth to it as regards "Microsoft Authenticode" certificates. I have no idea if OpenOfice.org is certificated under a "Microsoft Authenticode" certificate or under one of the other certificate authentication schemes. [1] http://msdn.microsoft.com/en-us/library/ms537361.aspx http://www.verisign.com/code-signing/microsoft-authenticode/index.html?sl=productdetails [2] http://www.verisign.com/code-signing/index.html [3] http://msdn.microsoft.com/en-us/library/ms537361.aspx -- Michael Now my head hurts! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
