Tell me more ×
Answers OnStartups is a question and answer site for entrepreneurs looking to start or run a new business. It's 100% free, no registration required.
up vote 10 down vote favorite
5

My small software company ships both SaaS and downloadable versions of software. I was wondering if signing the "downloadable" apps with a code-signing certificate will improve conversions?

Well, I know it will (at least by removing the Windows' warning messages), but the question is - how much? Is that improvement worth chasing?

share|improve this question
I don't know the conversion rate but considering it'a more secure and professional and only costs about $50-$200 you should definitely do it. – the dictator Feb 10 '11 at 16:42
Although it is likely a good idea it may depend on who you are marketing to. If I asked anyone in my family what code-signing was they wouldn't have a clue (nor care). If your software is mission critical financial software for business I would expect the customer to care. – scunliffe Feb 12 '11 at 3:19

2 Answers

up vote 11 down vote accepted

We have been code signing all of our executables for years. Windows warnings on non-signed executables grow more dire with each new release. Windows 7 warns you every time you start an installed program (that isn't signed)!

Comodo lets resellers handle their code signing certificates and you can find great bargins out there. We paid under $200 for a 3 year certificate. And when you code sign an executable you always time stamp it, so the signing stays valid even after your certificate has expired.

Finally, code signed programs have a hidden advantage. Once you code sign a file, if that file gets modified, the code signing for that file is invalid. So if your customer claims he installed your program and it gave his computer a virus, trojan, or another related problem- you ask them to right click on the file and check the code sign status. If the file is not code signed- their computer modified your program. If it is still code signed, you can easily scan it for a problem.

Note you need to code sign all executables in your package. You code sign the program itself, the installer, and if you deilver it on a CD with a menu system- that program too.

Note added Oct 1, 2011- Windows 8 will have a new feature (that also requires new hardware). Basically in Windows 8 a user will have the option to have the computer hardware check the digital certificates of every module, dll, and exe that loads at boot time. No signature means no boot.

share|improve this answer
Thanks for the answer! Found a good deal on this, preparing to sign... One more question - if the program comes with some DLL-files installed - they should be signed as well, right? Thanks in advance – jitbit Feb 10 '11 at 20:52
None of our programs use dll's - so I don't know the answer to that! – Gary E Feb 10 '11 at 22:43
On your original question, does a code signing improve conversions- you know at least some people get scared off by Window's warnings. No one I know who bought a certificate is willing to run an A/B test to see just how bad it gets. Once you start, you just keep going. – Gary E Feb 10 '11 at 22:46
up vote 0 down vote

Code signing is a great idea and should be done wherever possible (including enforcing SSL for access to your website - certainly any parts that can be accessed after login). It limits the opportunity for your application to be used as an infection vector for a start. Even if you self sign (not using a known and registered CA) the benefit is great.

If you have an application that may be included in an SOE it may not be acceptable unless it is signed.

Regards, ShaneG

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.