Understanding Digital Certificates, Code Signing, HTTPS, and Malware
Digital Certificate
A digital certificate is an electronic “passport” that allows a person, computer, or organization to exchange information securely over the Internet using the public key infrastructure (PKI). A digital certificate may also be referred to as a public key certificate.
Code Signing Certificate
Internet users increasingly need assurance that they can trust websites and downloads. A Code Signing Certificate allows developers to add a layer of assurance that tells users that their software can be trusted and does not come from a malicious hacker.
A Code Signing Certificate allows IT developers to digitally sign their software before distribution over the Web. End users downloading your digitally signed 32-bit or 64-bit program can be confident that the code has actually come from you and has not been modified since it was signed.
Features of Code Signing Certificate:
- Verifies publisher’s identity
- Creates a trusted sales outlet
- Maintains content authenticity
- Protects software from tampering
- Improves customer confidence
- Improves software downloads
- Creates a trusted distribution outlet
- Protects the integrity of software publisher
- Compatible with all major platforms
What is a Code Signing Certificate?
When customers buy software from a store, the source of that software is evident. Customers know who published the software and also see whether the package has been unsealed. These factors enable them to make decisions about what software to buy and how much to rely on those products.
Customers downloading applications signed with a Code Signing Certificate from your website can be confident that the code comes from you and has not been altered since its creation and signing. A Digital ID acts as virtual “shrink-wrap” for your software. If your code is tampered with in any way after it is signed, the digital signature will break and caution customers that the code is not credible.
When customers download software signed with a Code Signing Certificate they can be assured of:
- Content Source: End users can confirm that the software really comes from the publisher who signed it.
- Content Integrity: End users can verify that the software has not been modified since it was signed.
Features & Benefits of Code Signing:
- Customer Confidence: They assure customers that you are trustworthy enough to do business with.
- Authenticity: After downloading, end users can be sure that the code they obtained really came from you, helping you preserve your business reputation and intellectual property. Digital IDs allow customers to identify the author of digitally signed code and contact them should an issue or query arise.
- Widely Supported: Code Signing Certificates are compatible with all major formats, including Microsoft Authenticode (including kernel-mode signing), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files, and Microsoft Silverlight applications.
- Seamless Integration with Industry-Standard Technology: Most browsers will not accept action commands from downloaded code unless the code is signed by a certificate from a trusted Certificate Authority.
- Ease of Use: Code signing certificates are easy to use in conjunction with the vendor software tools that developers use to create products, macros, and objects.
What is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms. Web browsers such as Internet Explorer, Firefox, and Chrome also display a padlock icon in the address bar to visually indicate that an HTTPS connection is in effect.
How Does HTTPS Work?
HTTPS pages typically use one of two secure protocols to encrypt communications – SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. An asymmetric system uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
As the names suggest, the ‘private’ key should be kept strictly protected and should only be accessible to the owner of the private key. In the case of a website, the private key remains securely ensconced on the web server. Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.
Malware
Malware (short for “malicious software”) is considered an annoying or harmful type of software intended to secretly access a device without the user’s knowledge. Types of malware include spyware, adware, phishing, viruses, trojan horses, worms, rootkits, ransomware, and browser hijackers.
1. What is spyware?
Spyware is a type of malware that’s hard to detect. It collects information about your surfing habits, browsing history, or personal information (such as credit card numbers), and often uses the Internet to pass this information along to third parties without you knowing. Keyloggers are a type of spyware that monitors your keystrokes.
2. Where does spyware come from?
Spyware is often bundled with other software or downloads on file-sharing sites (e.g., sites where you download free music or movies) or is installed when you open an email attachment. Because of the secret nature of spyware, most people don’t even know when spyware is on their computer.
3. How to recognize spyware?
New and/or unidentifiable icons may appear in the taskbar at the bottom of your screen, while searches may result in you being redirected to a different search engine. Random error messages appear when you perform operations that previously worked fine.
4. How to remove spyware?
Antivirus software can find and remove any spyware on your computer since these usually include antispyware protection. You can also check Programs and Features for items that don’t belong on your computer.
5. How to prevent spyware?
- Ensure that your browser, operating system, and software have the latest updates and security patches.
- Set your browser security and privacy levels higher.
- Use extreme caution if you frequent file-sharing sites.