Read this on a forum, thought it was a good argument.
# re: Code Signing – It’s Cheaper and Easier than You Thought Monday, December 24, 2007 8:54 PM by BillGoates
It doesn't matter how cheap and easy code signing is, I want to boycott it on principle. Not because of the price, although even 80$ a year is much for a single autogenerated number.
The code signing scheme itself is useless. Anyone can request or share a public a certificate. So mal- and spyware still can destroy your computer, but now 'approved and certified' by Verisign/Microsoft.
The only thing it's good for is annoying end users and (independent) developers.
# re: Code Signing – It’s Cheaper and Easier than You Thought Thursday, December 27, 2007 4:06 PM by Hosebeast
BillGoates, you just don't get it. Why do cars have license plates and police have badges? These don't stop people from speeding thru school zones or impersonating cops. In fact, nothing actually prevents a real cop from going berserk at any moment.
What they do, however, is act as deterrents which form part of a larger security process. A car without plates will draw suspicion; a car with plates which appears suspicious can be checked to see if the plates were stolen. From insurance ID cards to voter registration cards, forms of official identification exist to provide "reasonable" assurance that someone is who you expect them to be, no more and no less.
That's not "useless" because it's a far cry from total anonymity. Why do you suppose that for 99.999% of all spam, the true sender is obscured? It's a simple fact that malicious parties don't like to be identifiable. Sure, there will always be suicide bombers who don't mind letting you know their name, right before they blow you up, but how many suicide bombers exploded today? On the other hand, how many hot checks were written today? Is it totally "useless" for Wal-Mart to ask for ID?
Code signing tells you that you are executing code from someone whose identity has been checked. More importantly, it tells you that the code has not been corrupted since it was signed, neither by virus infection nor by faulty file transfer. Change a single byte in a signed file and it immediately renders the signature broken.
Non-malicious software could be buggy and "destroy your computer" the same as malware, but even if you don't trust a signature to represent the author's identity upon initial receipt of some code, once you have verified for yourself that the code is safe, the signature tells you later that the code hasn't been tampered with.
10 years ago, the industry was skeptical of code signing. Today, code signing is widely used in Java, Linux, and other non-Microsoft environments. Apple's latest Mac OS X (Leopard) fully supports code signing and delivers virtually all of its components as signed by Apple. Certificate issuers from Thawte to VeriSign have repeatedly demonstrated prompt and responsible revokation of certificates obtained for fraudulent purposes. From Safari to Firefox and Opera (all shipped signed), the entire industry has embraced code signing -- not as a total solution to anything, but as part of the solution to many things.
If you're a small developer (which implies you're working with a relatively small user population), you can always self-sign for $0. The catch is that your users must install your certificate authority in their trusted store, a one-time step. Presumably they would do this if they trust you, and presumably they would only trust you if they are satifisfied that they can identify you. The $80 saves them a little hassle by having Comodo do a reasonable check of your identity and issue a certificate from an authority which is pre-trusted by the default installation of common operating systems.
Sure, this system hasn't stopped people from forming malicious companies which were actually and legally named "Click Yes to Continue" but how long do you think they got away with it? About as long as it would take to notice a car without plates or a cop without a badge.