Extended Validation (EV) Code Signing in Windows 8 / Windows 10
Extended Validation (EV) Code Signing is a new code signing method that is supported by Windows 8, Windows 8.1 and Windows 10, and by web browsers like Edge, Internet Explorer, and Chrome. Also Windows 7 supports it, if you have installed the latest update of Windows 7.
EV code signing is considered to be more safe than the traditional method of code signing. In this article we will discuss the new EV code signing method.
Code signing is important
It is very important to code sign (digitally sign) your software. That's for two main reasons:
n Increased level of security. A code signed program can normally not be altered without the system discovers it. A checksum (hash value) is stored with the code signing information, and if somebody makes any changes in the program file, the checksum will not be the expected one and Windows will warn the user and refuse to start the program.
n Fewer warning messages. Windows will very likely warn the user if a program is not code signed. A code signed program will not get so many warning messages. And the warning messages that are shown will not be so deterrent.
The traditional code signing method
Software developers have code signed (digitally signed) their software, for example applications, components, drivers etc., for many years now. The traditional way of code signing software has been considered as a very safe method for a long period of time, but lately there have been reports on that there are security gaps. Stolen code signing certificates (digital certificates) have been used to code sign malware, and the operating system has thought that the software is "friendly" because it was code signed.
One famous malware that was code signed in this way was the Stuxnet computer worm. Stuxnet was code signed by using keys of two certificates that were stolen from two well-known companies in Taiwan.
Extended Validation (EV) Code Signing
There is now a new method available to code sign software. The name of the new method is Extended Validation (EV) Code Signing and it is considered to be safer than the traditional method. That's for the following two reasons:
n More rigorous vetting. A more comprehensive identity verification and authentication process is used.
n Hardware is used. A password protected hardware token / USB token is used to increase the security.
The hardware token / USB token adds a physical factor to the signing process which increases the security level a lot. The digital certificate’s private key is stored on the hardware, so even if the computer is hacked it is impossible to steal the private keys. Without the private keys it will not be possible to code sign any application, driver, or other type of software. The EV code signing method is hacker safe.
And if the hardware token / USB token itself is stolen or lost, it is impossible to access the contents of it without the correct password or pin code.
The code signing process and the verification process
The images below show how the EV code signing process and verification process is made. The first image shows the EV code signing process and the second image the verification process:
EV Code Signing
EV code signing certificates / EV digital certificates are issued by certificate authorities. Some common certificate authorities are DigiCert, Comodo or GlobalSign. If you need a EV code signing certificate for your software or website you can buy your certificate from any of them.
An EV code signing certificate costs more than a traditional code signing certificate, but the security will be stronger and you will have less warning messages etc. in Windows and web browsers.
The Extended Validation (EV) Code Signing co-operates with SmartScreen (the SmartScreen Application Reputation technology) in Windows 8, Windows 8.1, Windows 10, Internet Explorer, and Edge. An application signed with an EV Code Signing certificate can immediately establish a good initial reputation with SmartScreen even if no prior reputation exists for that application or publisher. In Windows 8, Windows 8.1, and Windows 10 this means that a warning message like the one below will very likely never be shown for the user, not even the first time the application is run:
The more stringent developer authentication and the more secure hardware-based code signing will make Windows threat the application differently than an application with a traditional digital signature.
More about Windows SmartScreen
Windows SmartScreen is a reputation-based security system from Microsoft. Currently it is included in Windows 8, Windows 8.1, Windows 10, Internet Explorer, and Edge. Downloaded files are automatically assigned a reputation rating based on different algorithms that consider many objective criteria, such as antivirus results, download traffic, download history, and URL reputation. A downloaded application that has no positive reputation (no positive download history) will result in a warning message is shown for the user when he/she try to start the application. No such warning message is shown if the user try to run an application with an established reputation.
EV Code Signing is not required for SmartScreen
It is not required to use EV code signing certificates to build and maintain reputation for the files that you distribute. Also traditional code signing certificates can be used, but it will take more time for SmartScreen to accept the files. But if your files have a positive download history for a period of time, no warning messages will be shown in Windows 8, Windows 8.1, Windows 10, Internet Explorer and Edge, after a while.
More articles are available from the article index page.
|Article written by: Mika Larramo|