Is it worth signing a Windows executable to send free applications to friends?

Hello,

After signing my mac applications, since Apple tend to require that, I’m thinking about signing my Windows apps as well. I’ve searched thru this forum.
Apparently, certificates with the same price as the Apple developers program are “a joke”: the SmartScreen window still appears with such a “certificate” (and finding the hidden “Open anyway” button is far more difficult and non-intuitive for “standard” users than the yellow or blue dialog showing explicit choices). Other certificates are much more expensive.

I don’t sell my apps. Buying my Apple developer program account once per year is already something I’d prefer to avoid, but, well…
I may purchase a Windows certificate with the same price as ADP; the price would be OK for me. On the other hand, if SmartScreen is still preventing my apps to open and, given the fact that I know the users of my apps (so they would agree to open them even if Windows shows the yellow dialog), also considering signing isn’t mandatory (as of now) on Windows, I have troubles justifying the purchase… I give my apps directly, not using random stores; I don’t expect my apps to become compromised. Back on the other (first) hand, security is a serious thing.

What’s a proper way in this situation?

All apps should be signed nowadays.
Just to be able to check if someone modified them on the transport.

I was just doing a bit of fresh research myself to find a new Code Signing provider. My employer usually buys the higher end certs, but for myself I also wanted to start using my own for my personal projects (using just my name), without costing too much - if I ever get any of my projects finished, that is.

I came across this tidbit, about how to apparently build up your SmartScreen “reputation” to minimize the warnings. Maybe this will help? https://support.ksoftware.net/support/solutions/articles/215894-what-is-this-file-is-not-commonly-downloaded-and-could-harm-your-computer-message-smartscreen-

I like the price from https://www.ksoftware.net/code-signing-certificates/ as well, compared to some others. Though I haven’t bought anything yet so I can’t speak for ease of use.

That’s what I think too.

[quote=471924:@Christian Schmitz]All apps should be signed nowadays.
Just to be able to check if someone modified them on the transport.[/quote]
Yes, it’s one argument I consider. But buying a 500 € certificate for one year when you don’t sell your apps and you give them to friends… that’s a bit expensive…
Thanks.

You can get a standard certificate for a reasonable price from quite a few resellers. The developer entry point for affordable DigiCert certificates seems to be disabled, so right now it looks like the best price is the KSign certificate.

Interessant article, thank you. I’ll try some techniques listed there (not sure I’ll be able to teach my friends to use them…).

Yes, I also saw this page. I’ve stopped reading early, when two problems came to mind:
1: the version for independent developers just “aids” against SmartScreen; I guess users saying “SmartScreen is still preventing my apps to launch” are in this boat. If I want my friends to try my app and they give up because of this SmartScreen window, only “aiding” my reputation will fail.
2: no secure token is required for the cheaper option; the other one provides a secure token out of the box. Can Windows accept better a signed app that has no token at all?

Thank you.

Yes; on this forum, IIRC, users reporting SmartScreen still wanting to prevent launching signed apps were used KSign certificates, actually. As I said, once my friends (not necessarily good with computers) are seeing SmartScreen, they may give up. It already happened.
Thanks.

Yes.

The SmartScreen dialog will display without the scary red warnings. It just displays to provide information about who the verified publisher of the software is, meaning it will display your name - instead of “Unknown”.

I hope that helps.

[quote=471933:@Scott Cadillac]Yes.

The SmartScreen dialog will display without the scary red warnings. It just displays to provide information about who the verified publisher of the software is, meaning it will display your name - instead of “Unknown”.

I hope that helps.[/quote]
Now, I’m confused.
There’s the UAC dialog (can be yellow or blue and both buttons are obvious to see) and the SmartScreen dialog (the one like a ribbon: covering the entire screen horizontally; the “open anyway”, as a text link, is hidden, shown using a kind of “Learn more” button).
I’m referring to the latter and am thinking you’re referring to the former. I haven’t ever seen a red warning on my SmartScreen windows (well, I haven’t tested since perhaps 5 months, but, anyway…).

Thank you.