tags:

views:

251

answers:

3
+8  Q: 

How important is it to digitally sign our executables?

We produce a content management system. It's a DB-based system, used only by businesses and organizations, and never downloadable from the Internet. I.e., it's not the kind of software someone might stumble upon and wonder what it is and whether it's safe to run. Over the 20+ years our system is being sold, it's executables have never been digitally signed. I'm wondering if it is time for us to start signing them.

For starters, I can think of a few pros and cons:

  • Pro: If using Verisign certificates, Windows Error Reporting can be used
  • Pro: When Vista/7 show one of those annoying UAC messages, signed apps are presented a bit more nicely
  • Con: Certificates cost money. Not a lot, but if they're useless it's too much
  • Con: Signing has some maintenance overhead, how much I don't know. Would love to here from you...
A: 

Signing has some maintenance overhead, how much I don't know.

I believe if you distribute signed executables, all dependent libraries have to be signed as well. If you're using some third-party modules over which you have no control, you can get an issue.

Developer Art  2010-02-22 09:16:26
Do you mean signed using the same certificate, or signed by any certificate? The former is not possible (can't sign kernel32.dll), but the later seems like a problem as well. Can an unsigned 3rd party executable be signed by us, given it's deployed with our app?
eran  2010-02-22 11:18:19
+2  A: 

Pro: If using Verisign certificates, Windows Error Reporting can be used

Actually, to use Windows Error Reporting you need Verisign or other code accepted signing certificate, but you need the certificate only to access the WinQual system. The exe itself does not have to be signed at all, the error reporting works absolutely fine on unsigned exes as well.

Con: Signing has some maintenance overhead, how much I don't know. Would love to here from you...

The maintenance overhead highly depends on the quality of your build pipeline. If you build your application manually, then yes, it means a few more steps. However, if you have a build pipeline and your builds are automated, code signing means adding a few lines into the build scripts and storing the private key of the code signing certificate so that the build can access it (if you have a build server, your code signing certificate will most likely need to be stored on it).

Pro: When Vista/7 show one of those annoying UAC messages, signed apps are presented a bit more nicely

As for UAC prompt - does you application really need elevated or admin privileges to run? The best way to avoid this prompt is not to require any elevated privileges at all.

Suma  2010-02-22 09:57:10
You're right about the UAC messages - after putting some work into it, our app now runs with user privileges, so it those messages should not appear anyway. But if others do (firewall, for instance), they'll probably be nicer if the app is signed.
eran  2010-02-22 20:23:22
Firewall messages and other things like that can be handled by a setup (providing you are using a setup). Running setup with elevated priviledges is usually considered reasonable, but running the application is not.
Suma  2010-02-22 20:33:52
+1  A: 

From the tech side you already stated the pros/cons.

From the business point of view it depends on your users, maybe if you are selling B2B it wouldn’t matter as if you were selling B2C or to less savvy users whom would appreciate more a nicer UAC message.

Honestly, I wouldn’t worry.... If you haven’t had the urge and can't find a really good reason, then it’s not important yet.

I'd rather spend those efforts improving something else.

 2010-02-22 16:43:09

related questions

Overwrite executable in C:\Program\MyProg on Windows Vista
Java: export to an .jar file in eclipse
Determining application path in a Python EXE generated by pyInstaller
Calling executable using Process with CSharp crashes intermittently.
Modify/Replace Exe On the Fly
IDA Pro and editing executables
How to find out which version of .NET Framework executable needs to run?
C# - How to call an exe added into project solution
How to statically link an existing linux executable?
Determine target architecture of binary file in Linux (library or executable)
Tiny python executable?
php executing an executable (that writes to the serial port) and freezes
Creating self-contained python applications
How can I wrap a call to an .exe (with arguments) with another .exe?
Trying to get a Windows Service to run an executable on a shared drive
Combining two executables
How to get the executable path from a Managed DLL
Vista not allowing one .exe to call another .exe
Force IIS7 to suggest downloading *.exe files in "Local intranet" zone
How can I package my Perl script to run on a machine without Perl?
What is the best way to make an EXE file from a Python program?
Python deployment and /usr/bin/env portability
Creation Date of Compiled Executable (VC++ 2005)
Final managed exception handler in a mixed native/managed executable?
Packaging Java apps for the Windows/Linux desktop.