Abstract:
"Microsoft introduced their Authenticode code signing mechanism in 1996, in answer to an increasing number of
malicious web (ActiveX) controls and executable programs on the Internet. Code signing attempts to authenticate
authorship by applying a digital certificate to the control or program.
Internet downloads have become the preferred delivery mechanism for small Independent Software Vendors (Micro-ISVs).
Authenticode should help to verify that these products are genuine and have not been tampered with, but some
Micro-ISVs are reluctant to purchase or use Authenticode certificates.
This paper analyzes Authenticode from the point of view of the Micro-ISV, including both the positive aspects
and the perceived flaws. Micro-ISV attitudes and experiences with Authenticode are surveyed."
Interesting read, from
Winwaed Software Technology. Full article
here.