Menu
I've just finished my first ever code-signing for my app, thanks to the help from Jeff Wilcox's blog, with his step-by-step instructions, I was able to finish the whole thing in less than 36 hours. But now I start to wonder why I spent the money, because I just can't see how it helps software publishers:
There are hackers out there trying to break the protection mechanism in the program by reverse-engineering and modifying the code. But signing the file doesn't prevent this from happening, they still can modify the file's content at will.
Sometimes some anti-virus programs may falsely believe my .exe file contains virus. Signing the file doesn't help with that either.
Code-signing can only tell the users that this file comes from me, but they still don't know if I'm a good or bad guy. So it's not helping for the users either.
My conclusion is that code-signing is not designed to help software publishers or users. It only tries to keep track of where a file comes from, if it contains a virus, people'd know who planted it, and that's it! (This is true only when hackers are unable to piggy-back a virus into a signed .exe file.)
My question is: Is my understanding correct? Or did I miss something? Thank you.
574
3.2 Benefits of code-signingHelps authenticate the identity of the developer, promoting trust on both sides of the transaction. Provides proof that the software has not been tampered or meddled with, and is being consumed in the way it was meant to be consumed.
Digital signatures ensure software integrity and authenticity. Digital signatures enable end users to verify publisher identities while simultaneously validating that the installation package has not been changed since it was signed.
Code signing is a process by which the software developer signs the applications and executables before releasing them. It is done by placing a digital signature onto the executable, program, software update or file. The certificate ensures that the software has not been tempered and the user can safely download it.
Code signing your app assures users that it's from a known source and hasn't been modified since it was last signed. Before your app can integrate app services, be installed on a device, or be submitted to the App Store, it must be signed with a certificate issued by Apple.
Signing confirms the authenticity of the code, i.e. that this is the code you released, and it has not been tampered with along the way. This has nothing to do with silly code protection, it's a protection for users from imposter software — a single byte modification in the image invalidates the signature. Trust is a whole different matter altogether (AV scanners might trust signed executables a bit more than plain unsigned ones, but it's something to discuss with AV vendors).
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
