what is signing exe in windows?

Question

I heard many people talking about signing exe in windows platforms. I have following questions,

1. What is signing exe?
2. Is there any rules i have to follow for signing my application?
3. What are the advantages i can get when my application got signed?
4. Is it free?

Thanks,

Santhosh

Answer 1

For extensive information you can search for Authenticode signing format. To answer your question:

1. the procedure of applying PKCS#7 digital signature to PE File format as defined in Microsoft Authenticode specification.
2. Buy a code-signing certificate from one of Certificate authorities and sign the application using signtool.exe , the tool which is part of modern Windows (and .NET?) SDKs.
3. Some antivirus and firewall solutions handle such applications differently then unsigned apps. Also, afaik there's a policy to forbid execution of unsigned EXEs, but I can be wrong here.
4. code-signing certificates are not free.

Answer 2

Code signing is not free. This is "5 Reasons for Code Signing" article from Verisign, kind of code signing FAQ:

http://www.verisign.com/code-signing/information-center/why-sign-your-code/index.html