You can verify that a program has been code signed by running a single command
Having a Code Signing certificate from a trusted certificate authority is practically a requirement nowadays. Most modern browsers won’t let a user download an unsigned piece of software without clicking