Digital Signatures

In general, digital signatures and identity certificates assure you that the software you are downloading is genuine. It verifies that it has originated from the publisher who signed it and that the package has not been altered or corrupted since it was signed.

To view digital signatures of an executable, right-click this file in Windows Explorer and select Properties, then go to the Digital Signatures tab.

Digital Signatures in Windows Explorer

The dialog box provides information regarding the Publisher, Certification Authority that issued the certificate and date the code was signed (timestamp).

Microsoft Authenticode

Authenticode is a code-signing technology built in Microsoft Windows operating systems and Internet Explorer. Authenticode certificates can be issued by trusted Certification Athorities (CA) such as Verisign, Thawte, Comodo and others.

If you are using Internet Explorer, you will see the difference when running signed and unsigned components downloaded from the Internet.

IE dowload dialog

Unsigned Applications

If Windows cannot verify the publisher of a given executable downloaded from the Internet, it interrupts the execution with a dialog box that requires user confirmation to run the software.

Running an unsigned executable

After that, you will be promted with the following UAC dialog:

UAC - Unidentified Publisher

Digitally Signed Applications

Attaching a certificate that meets Authenticode guidelines satisfactorily establishes the publisher’s identity. So you can ensure that the file you are running has not been altered by third parties.

When you run a signed application, no warnings are displayed. UAC verifies the digital signature and identifies the software publisher.

UAC - Signed Application

A signed code is not necessarily a safe code, but a digital signature does provide accountability – something that is often missing in a world of anonymously distributed software.

As of 1 March 2007, all newly released software versions downloaded from this website will have a digital signature attached. For this purpose, NTWind Software uses the established Comodo Code Signing solution.

More Information

You can find more technical details here:

Sponsored Links