Skip to content
May 5

Why You Should Use Extended Validation Code Signing

  • 5/5/2018

The difference between extended validation code signing and standard code signing certificates is all about security. This is why ev code signing is better.

Why EV Code Signing Certificate Use

Does your company use online downloads as a source of revenue?

The total number of downloads each year is in the billions. With tools like SmartScreen, if your site isn't as secure as it could be, your reputation will plummet, and so will your sales.

Investing in extended validation code signing could help you make more money and increase your online reputation.

The Basics

Extended Validation (EV) code is the latest advancement in code-signed security. Although traditional code signing is still considered very secure, there is always a hacking risk.

Once a certificate is stolen, malware can be code signed and camouflaged from the OS. EV code signing, alternatively, uses a hardware token and PIN code - a higher level of security.

The private key of the digital certificate is stored on the hardware. Even a hacker cannot access it.

Microsoft has officially unveiled their support for extended validation code signing certificates. It was chosen for its higher security and hardware usage.

Similiar to EV SSL certificates, EV code signing requires rigorous vetting, testing, and authentication. Comprehensive identity verification combined with a full authentication process for every developer creates unmatched security.

An additional protection is the hardware requirement, providing protection against theft.

Signed programs can establish a higher reputation with SmartScreen services even without prior existence for a particular file or publisher.

Features

Along with added security, EV code comes with a large list of features.

  • EV authentication with stipulations by CA/Browser FOrum and Microsoft specs
  • Trust from all major OS's, browsers, and devices
  • Eliminates automated warning messages from Windows when users install software
  • Boosts software reputation in Windows SmartScreen
  • Two-factor authentication
  • Supports 32 and 64bit formats including Microsoft Authenticode, Adobe Air, Apple, Java, and more

Supported Tools and Formats

Along with those mentioned above, more supported tools and formats include:

  • MS Office 2000+, Firefox, ToolSign.sh, Key Manager, Jarsigner, SignTool, SignCode, and Visual Studio Express
  • .docm, xlsm, .pptm, .xpi, .jar, .war, .ear, exe, .dll, .ocx, .cab, .msi

Benefits and Recommendations

EV code signing certificates help to increase downloads and a company's overall revenue.

Recommended protected assets include program code, ActiveX controls, drivers, libraries, and binary code.

Is Extended Validation Code Right for Your Business?

EV code signing can be expensive to implement. With a plethora of options like Symantec and Comodo, your factors vary.

For a small business, it may not be necessary. As stated before, traditional code signing is still considered very secure.

As a small business owner, if you feel as though it may be out of your budget range, it's not worth your time or effort. For larger companies and those who can afford it, however, you gain added security and increased sales.

If it's in your price range, there's no reason not to implement EV code signing. It can only help grow your business revenue and reputation.

If you're new to this, we've built a simple guide to code signing certificates to help.

Need further support? Visit our support page and feel free to browse through our many guides. Scroll to the bottom and fill out our contact form if you have any questions, comments, or concerns.