1

I looked recently into signing my application. The price is AT LEAST one hundred euros/dollars per year for EV (anything less than EV seems pointless anyway).

My application uses a basic installer (self-extracting WinRar) that requires no admin password. But the drawback of this is that I cannot install the app in Program Files.

The actual problem here is that you will find lots of resources that tell you how to sign your app but not so many (at all) that tell you if there is any real advantage. For example: do the regular PC users care when they install and app and Windows shows "Publisher: unknown" or they just quickly hit the OK button to have the installation process done as soon as possible? Honestly, I don't think that the user reads and cares about "unknown". That might stop him is actually the yellow color (instead of blue). enter image description here enter image description here

So, my question for those that already did code signing for their apps is: have you seen an improvement (downloads, installations, sales) after signing your app?
Should I invest any time/money/energy in this?

Update: It seems that having the app signed is not enough. After that, you have to keep fighting to improve your reputation factor, otherwise, Microsoft SmartScreen might pop-up: https://mkaz.blog/code/code-signing-a-windows-application/

For those interested in prices, here a few random offers sorted by price. I will also post the documents required: Signing a Windows EXE file

Gabriel
  • 20,797
  • 27
  • 159
  • 293
  • 2
    1) I write software for the Windows market that I give away (open source) and professionally for other companies. I purchased my own certificate. To create a Windows installer that does not get blocked or display scary warnings, you need Code Signing for both the installer and your binaries. This is a trust factor decision. The benefit to the customer/user is that if I put a trojan in my software, Microsoft can trace that back to me. As a customer that gives me a bit more confidence in the software. Just the cost of doing business that you must decide for yourself. – John Hanley Nov 19 '19 at 15:59
  • 1
    2) Another benefit is that my copyright and the date signed cannot be removed/changed in the software if it is code signed. This helps to protect my rights. Another factor to consider. – John Hanley Nov 19 '19 at 16:00

1 Answers1

0

For those interested in prices (and few extra tips), here a few random offers sorted by price.

The documents required (by Sectigo, in my case) for obtaining an OVL are:

  • company's registration certificate
  • a photo of you holding your ID close to your face
  • a phone landline so they can call you for verification (it as actually a robot calling you to give you a number, that you have to enter then into the browser).

The whole verification process (especially phone) took like 2 months because they involved some kind of automatic calling that did not work on my line/phone?.

I will post soon the number of downloads necessary to get reputation for your newly signed exe file. At this point, I can tell you that 1000 downloads are not enough.

Gabriel
  • 20,797
  • 27
  • 159
  • 293