undefined | Better HN

0 points_2uwr3y ago0 comments

As to Code signing, if you have a Dunn and Bradstreet number for you business, its fairly straight forward getting a coding signing cert and there's different types which you can buy for your app, but it just means you have passed an identity check, the reports I've seen of the hurdles you have to go through are reduced the more you pay, ie Digicert is purportedly less time consuming than cheaper code signing CA's.

Considering things like GDPR and other data protection legislation around the world, I'm not aware how these CA's can verify identification documents because the companies or entities that make the documentation used for identification purposes cant give out your data, ergo they cant confirm or deny if the identification document is genuine or not.

And even if you did codesign your app, the end user company would probably hash your app and restrict its ability to use certain things on the computer in much the same way sandboxes do for web browsers.

Group Policy is one of the ways to lock an app's abilities down, but that's a job in itself if special GPO templates are not purchased to save on time.

eg https://learn.microsoft.com/en-us/windows-server/identity/so...

If you want the appearance of being genuine, I'd probably get a code signing cert, at the very least your users wont get the orange UAC prompt, especially if your app uses certain api's which required UAC elevation and/or also depending on your manifest file.

0 comments

textman3y ago

The current release of my product is code signed, both installer and .exe inside it, but my 5 year cert expired (Comodo) and am evaluating the cost benefit of renewing, which is same as getting a new one, at least with Comodo they start you over from scratch. I am in USA and am incorporated in my state, so Comodo required a copy of my registration which has both company and my name and phone. They telephoned me with a couple basic questions. They also required I list my business a free online yellowpages business directory. That was it. Not too bad, but they stretched out their processing time line and were initially a bit misleading: at first they implied I had to go the dunn and bradstreet route, which is pricey, but when I objected they backed off.

What documents were you referring to regaring identity verification?

moremetadata3y ago

> What documents were you referring to regarding identity verification?

Digicert has a different process where you get put through to someone in India if you are in the US. Drivers licences things like that, but the Indian's cant really tell if the documents supplied are genuine or not.

If you go on the dark web, some marketplaces have identification documents for sale, and I was shocked to learn that the Vatican city is an excellent source for fake identification for any country!!!

j / k navigate · click thread line to collapse