Most new software is designed to be downloaded and upgraded directly from the Internet, allowing developers and web publishers to offer more choice and customization than ever before.
These innovative applications enhance websites, mobile devices, and desktop software for work and play. Everyone wants the latest application, but no one wants his security or functionality compromised.
Malicious code, or “malware,” infections are on the rise, jeopardizing the ability to safely deliver software and updates via the Internet. Software and hardware vendors want to support innovation without compromising their products. Network operators must protect their wireless assets and “zero fault tolerance” networks at all costs, while offering subscribers the latest options. How do end users, software platforms, and networks know which code to trust? How do you, the developer, ensure that no one is using your application to compromise customers in your name?
One answer is code signing. An industry-recommended and widely-used defense against tampering, corruption, and malicious infection, code signing allows end users to verify the identity of the company responsible for the software and confirm that it hasn’t been modified with unwanted code after it was signed by the developer. It's like a digital "shrink-wrap," enabling customers to download and install software on their computers with confidence.
With code signing, you use a “private” (encryption) key to add a digital signature to your code or content. Software platforms and applications use a corresponding “public” key to decrypt the signature during download and compare the encryption hash used to sign the application against the hash on the downloaded application. Using a public key issued from a reputable third-party Certificate Authority (CA) adds robustness and improved usability to the security provided by code signing. Signed code from a trusted source—like you—may be automatically accepted or require the end user to decide whether or not to trust the code. The user may choose to trust the code once or always. In all cases, the end user knows who the author of the software is, and that it hasn’t been tampered with since being signed by the developer. This is particularly important, for example, if you are offering downloadable solution for merchants.
Self-Signed or Third-Party Backed Code Signing?
Some software publishers opt to self-sign their code as an alternative to using a third-party CA. As the name suggests, self-signed code is signed by its creator. No third-party authentication that the developer is, in fact, the publisher is performed with self-signed code. Consequently, the end user is left to wonder if the software that they’re downloading is tamper-free. Additionally, digital certificates issued with self-signed code cannot be revoked. So, a hacker who has already gained access to an end user’s system can monitor activity (i.e., think data theft, like credit card information) and inject malicious code into a connection to spoof an identity if a private key has been compromised.
End User Benefits
In addition to helping establish trust with end users—your customers—code signing that uses a reputable CA can help mitigate error messages and security warnings. This enhanced user experience helps increase adoption and distribution of downloadable software. When end users encounter unsigned or self-signed code, they are interrupted and the application fails to download or a warning screen requires their input. Reducing security warnings and error messages ultimately drives up trust between the application and customer, thus increasing customer confidence, satisfaction, and subsequent downloads.
Forewarning customers of compromised code can also foster trust. As previously mentioned, digital signatures contain proof of the content integrity of a piece of software so customers know that the code has not been altered. If the hash used to sign the application does not match the hash on a downloaded application, a security warning will alert the end user or access will be denied. In other words, if a single bit of the code is modified, code signing digital certificates will detect the change and warn the user.
Conclusion
Code signing with a reputable CA may help you create a trust-based relationship with your ecommerce customers by assuring customers that the downloadable software has not been tampered.
Editor's note: Jay Schiavo is a product manager for VeriSign.
