code signing - do I need to do it?
Author
I just recently learned about code signing certificates, CAs, and the like. I am close to commercially releasing my game CellZenith, and I'm concerned that all this might be important to me.
I understand that in some situations, code that is not signed validly will not run. Or it may cause a security warning to appear (this happened when I ran my game on a school computer, though I was still actually able to play the game.)
I also understand the Windows Vista will refuse to run anything that is not validly signed.
But does all this only apply to running web programs (or running programs from within a browser)? Would it apply to a user who downloaded my game (choosing the "Save" instead of the "Open" option) and ran it manually? What if the user were to disconnect his internet? Would he be suddenly able to run any program he liked, signed or unsigned?
Should I just write in my Readme file something like "If the program doesn't start, lower your computer's security level"?
The reason I ask all this is that getting a code signing certificate seems like an extraordinary inconvenience. AFAIK, it used to be possible to buy one for $20, but I've heard that this is no longer true. Now, a code signing certificate seems to cost around $400 _anually_. That is far too high for me to consider.
Thanks for any help,
synth_cat
Your code will run fine on Vista.
No, no, no, no, no, no, no, NO. Don't ever do this. That's basically saying, "To run this game, you need to make your whole PC more vulnerable to spyware, adware, viruses, worms, hackers, and just generally nasty stuff."
As a related aside, I really, really hate it when games require administrator priveleges to run. Loads of them do it, too, but it's an incredibly bad thing to do, and nothing but sheer laziness on the developers part. Sounds like Vista is going to sort a lot of this out, happily.
Quote:Should I just write in my Readme file something like "If the program doesn't start, lower your computer's security level"?
No, no, no, no, no, no, no, NO. Don't ever do this. That's basically saying, "To run this game, you need to make your whole PC more vulnerable to spyware, adware, viruses, worms, hackers, and just generally nasty stuff."
As a related aside, I really, really hate it when games require administrator priveleges to run. Loads of them do it, too, but it's an incredibly bad thing to do, and nothing but sheer laziness on the developers part. Sounds like Vista is going to sort a lot of this out, happily.
Windows Vista so far has ran everything I told it to.
The only thing it does is give this:
It pops that up the first time I run almost anything that Vista doesn't like. Unchecking '[x]Always ask before opening this file' skips this message next time you run that app. You should be fine.
The only thing it does is give this:
It pops that up the first time I run almost anything that Vista doesn't like. Unchecking '[x]Always ask before opening this file' skips this message next time you run that app. You should be fine.
Author
So code signing isn't really necessary at all for me?
How come I keep reading about situations where unsigned programs simply fail to execute because of computer security? Does this actually never happen (or does it only happen to unsigned programs run from within Internet Explorer)?
From what I understand, Internet Explorer plays a major role in the Authenticode verification process. This is the reason I'm wondering if the whole code signing thing only has to do with internet programs.
How come I keep reading about situations where unsigned programs simply fail to execute because of computer security? Does this actually never happen (or does it only happen to unsigned programs run from within Internet Explorer)?
From what I understand, Internet Explorer plays a major role in the Authenticode verification process. This is the reason I'm wondering if the whole code signing thing only has to do with internet programs.
Those programs will fail not because they are unsigned, but because they assume they can write to C:\Program Files or something like that. Stick to the rules and your program will be fine.
Author
Quote:
Those programs will fail not because they are unsigned, but because they assume they can write to C:\Program Files or something like that. Stick to the rules and your program will be fine.
So if I package my game into some kind of installer file, I will definitely have to sign it?
If you package your program in an installer or if you program tries to do something it probably shouldnt then Vista should popup a UAC dialog to ask for permission. Vista also has some automatic redirection that goes on for some common tasks that programs shouldnt be doing.
You wont need to sign your program or the installer.
You wont need to sign your program or the installer.
Author
Thanks guys - I feel very relieved!
Why would Microsoft insist on signing all .exes if it weren't really necessary? Is it actually true that a computer on High security level will refuse to run an unsigned .exe, or is that just a rumor?
Why would Microsoft insist on signing all .exes if it weren't really necessary? Is it actually true that a computer on High security level will refuse to run an unsigned .exe, or is that just a rumor?
I wouldn't be surprised. At the very least it would repeatedly ask you if you're sure until you punch the computer.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
