Why Do I Need EV Code Signing?
EV Code Signing is the only way to gain instant trust in Microsoft SmartScreen
What's the difference between an EV Code Signing Certificate and a regular one? The difference is twofold, one is better private key security. The other, more important difference is only an EV Code Signing certificate can get you trusted immediately by Microsoft SmartScreen.
What is Microsoft SmartScreen?
Microsoft SmartScreen is a browser filter for Internet Explorer 10 and Edge users that protects against:
- Malware Sites
- Malicious Downloads
That last item, malicious downloads, is what gives software developers headaches. Just like any other filter, SmartScreen is distrustful by nature. What's different from other browser filters is that SmartScreen uses a metric called Application Reputation. It takes time to establish Application reputation. You start from zero.
Building Application Reputation in MS SmartScreen
Building Application Reputation with SmartScreen is a challenge. First, it checks your software against a list of malicious programs. That's no problem for you, you're legitimate. Then it checks against a list of "trusted," regularly downloaded programs. This is where the trouble starts. If you're not "trusted," SmartScreen warns its users.
You want to drive your downloads car in the 4th gear, but Microsoft's warning speed breakers don't let you move past 2nd.
EV Code Signing Establishes Reputation in MS SmartScreen
Because of the level of validation required to acquire an EV Code Signing certificate, Microsoft SmartScreen is willing to afford those developers with a considerable degree of trust up front. Comodo is essentially vouching that you're a good actor and will be distributing safe software.
How Does EV Code Signing Offer Better Private Key Security?
With any code signing certificate the private key is like the holy grail. It's what applies the digital signature that allows your software to be trusted by the browser. If it gets compromised, you open yourself up to a number of risks. EV SSL prevents this by storing your private key on an external hardware token so unauthorized network access can't occur.
EV Code Signing Gives you the Competitive Edge
You can't afford to lose almost 20% of your potential customers. And that's what will happen if you aren't trusted by Microsoft SmartScreen. You could spend months trying to gain reputation and stop having your downloads flagged. Or you could skip to the front of the line. Why wait?
Shop Extended Validation Code Signing Certificates