Extended Validation (EV) Code Signing (in Windows 8)
Extended Validation (EV) Code Signing is a new code signing method that is supported by Windows 8 and Internet Explorer 9 and Internet Explorer 10. It is considered to be more safe than the traditional method for code signing. In this article we will discuss the new EV code signing method.
Code signing is important
It is very important to code sign (digitally sign) your software. That's for two main reasons:
n Increased level of security. A code signed program can normally not be altered without the system discovers it. A checksum (hash value) is stored with the code signing information, and if somebody makes any changes in the program file, the checksum will not be the expected one and Windows will warn the user and refuse to start the program.
n Fewer warning messages. Windows will very likely warn the user if a program is not code signed. A code signed program will not get so many warning messages. And the warning messages that are shown will not be so deterrent.
The traditional code signing method
Software developers have code signed (digitally signed) their software, for example applications, components, drivers etc., for many years now. The traditional way of code signing software has been considered as a very safe method for a long period of time, but lately there have been reports on that there are security gaps. Stolen code signing certificates (digital certificates) have been used to code sign malware, and the operating system has thought that the software is "friendly" because it was code signed.
One famous malware that was code signed in this way was the Stuxnet computer worm. Stuxnet was code signed by using keys of two certificates that were stolen from two well-known companies in Taiwan.
Extended Validation (EV) Code Signing
There is now a new method available to code sign software. The name of the new method is Extended Validation (EV) Code Signing and it is considered to be safer than the traditional method. That's for the following two reasons:
n More rigorous vetting. A more comprehensive identity verification and authentication process is used.
n Hardware is used. A hardware token and an associated PIN code is used to increase the security.
The hardware token and the PIN code add a physical factor to the signing process which increases the security level a lot. The digital certificate’s private key is stored on the hardware, so even if the computer is hacked it is impossible to steal the private keys. Without the private keys it will not be possible to code sign any application, driver, or other type of software. The EV code signing method is hacker safe.
The code signing process and the verification process
The images below show how the EV code signing process and verification process is made. The first image shows the EV code signing process and the second image the verification process:
EV Code Signing
Symantec and DigiCert
Currently EV code signing certificates are only issued by the two certificate authorities Symantec and DigiCert. An EV code signing certificate costs more than a traditional certificate. Currently Symantec charges $995 (US dollars) for a 1 year EV code signing certificate, $1,790 for 2 years and $2,585 for 3 years. DigiCert sells its 3 year EV code signing certificate for $331.67 for 3 years, but with the hardware token included the price is $995. The price is higher, but the security will be stronger.
The Extended Validation (EV) Code Signing co-operates with SmartScreen (the SmartScreen Application Reputation technology) in Windows 8, Internet Explorer 9 and Internet Explorer 10. An application signed with an EV Code Signing certificate can immediately establish a good initial reputation with SmartScreen even if no prior reputation exists for that application or publisher. In Windows 8 this means that a warning message like the one below will very likely never be shown for the user, not even the first time the application is run:
The more stringent developer authentication and the more secure hardware-based code signing will make Windows to threat the application differently than an application with a traditional digital signature.
More about Windows SmartScreen
Windows SmartScreen is a reputation-based security system from Microsoft. Currently it is included in Windows 8 and Internet Explorer 9/10. Downloaded files are automatically assigned a reputation rating based on different algorithms that consider many objective criteria, such as antivirus results, download traffic, download history, and URL reputation. A downloaded application that has no positive reputation (no positive download history) will result in a warning message is shown for the user when he/she try to start the application. No such a warning message is shown if the user try to run an application with established reputation.
EV Code Signing is not required for SmartScreen
It is not required to use EV code signing certificates to build and maintain reputation for the files that you distribute. Also traditional code signing certificates can be used, but it will take more time for SmartScreen to accept the files. But if your files have a positive download history for a period of time, no warning messages will be shown in Windows 8 and Internet Explorer after a while.
More articles are available from the article index page.
|Article written by: Mika Larramo|