Historically, some 7% of all downloaded and Web based software contained malware. While the numbers have declined somewhat in recent years, the attacks have grown a lot more sophisticated. Every vulnerability is sure to be exploited by cyber criminals who seek to compromise both government and corporate websites and software systems.

Business valuations access mission critical information on your or your client’s company. This makes your Web based or desktop valuation software a high value target for the cyber crooks. If the software is compromised, you could experience some serious setbacks:

  • Loss of proprietary information such as trade secrets
  • Becoming a victim of blackmail and extortion by the cyber criminals
  • Commercial theft due to computer systems and network breach
  • Unauthorized sale of business critical information to the highest bidder

So how has the software industry responded to this ever evolving threat? As major computer systems seek to warn users against potential risks, what has your software vendor done to establish and protect its reputation, and your computers and network?

Code signing technology has been around for years now. A digital signature identifying the product and its publisher is included with your software product. The encryption technology is then used by the major computer systems, such as Microsoft Windows and Apple Mac OS X, to verify the integrity of the software, check its authenticity and confirm the publishing company as legitimate.

As cyber crooks became more resourceful, the computer security industry responded with the latest Extended Validation (EV) code signing technology. The goal is to prevent private key encryption from being compromised by clever criminals. In addition to applying a rigorous vetting process to weed out ‘fly by night’ outfits posing as bona fine software companies, the EV code signing requires a hard token device and associated PIN for code signing. In other words, no one other than the business in physical possession of the officially issued certificate can sign and distribute its software products.

The idea is quite simple. If you intend to block malware threats from infecting your computers and network, you need to stop them at the door. The most dangerous malware operates ‘under the radar screen’, silently eroding your business computers, stealing valuable data, or siphoning off your resources without your knowledge.

As Microsoft and Apple seek to protect their users, false positives abound. A good software product could become the proverbial baby thrown out with the bath water. Erring on the safe side seems like a reasonable thing to do. But what about the disruption of your software systems and the need to call upon your IT experts to put out the false fires?

That’s where the Extended Validation code signing for your software products really shines. Microsoft works with well established Certificate Authorities, such as Symantec, to establish a white list of known companies whose software is known to be malware-free.

Apple issues its own Apple ID code signing certificates limited only to its Apple Developer Program members. No shady outfit can obtain an Apple ID and any attempted compromise is swiftly detected and stopped by the Apple security teams.

The EV code signing was developed by the Certificate Authority / Browser Forum (CABF) to serve as the software industry security standard. CABF requires a lengthy vetting process for software corporations to ensure the company is legitimate and trustworthy before the EV certificate is granted.

This reputation is then checked by Microsoft using its SmartScreen authentication technology. SmartScreen is standard on all Windows 8 and 10 computers. If you are an Apple Mac user, the Gatekeeper does the same job.

The reputation building demanded by SmartScreen protects you as the software user against newly released malware threats while doing away with false positive warnings for software products with well established reputation.

According to Microsoft, EV code signing technology has helped prevent over 20 million cyber attacks each month in recent years. At the same time, legitimate software programs are checked by the SmartScreen and then approved for installation without false alerts.

With the introduction of EV code signing technology, software industry has upped the ante in its fight against cyber criminals. You benefit from solid assurance that the legitimate software companies are in your corner, every step of the way.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *