Security Warnings Installing Software - Business

‘Windows Protecting your PC’ message when installing or updating our applications

All of the products produced by Rons Place Software are digitally signed with something called a Code Signing Certificate (see below). Every few years our Code Signing Certificates needs to be renewed and our applications re-signed. As a minor consequence, the new code signature sometimes triggers Microsoft Defender Smartscreen (or potentially other security software) when installing or updating our applications. The cloud-based security feature warns users that a new unknown application has been detected.

Microsoft (or other) keep track of Code Signing Certificates and their trustworthiness back at headquarters, which unfortunately gets reset every time a new one is created. It can take some time for Microsoft (or other) to accumulate enough approvals for this message to stop being displayed, but eventually it will.

Allegedly, a software vendor can pay extra money to circumvent this whole process, however we have been assured by many parties that this does not work and the only real solution is 'weight of numbers'.

What is a Code Signing Certificate?

A Code signing certificate is a digital certificate that contains information that fully identifies an entity and is issued by a Certificate Authority. Rons Place Software applications have their Code Signing Certificate issued by Sectigo (https://www.sectigo.com) after full company verification.

How do they work?

Code signing certificates allow software publishers to digitally sign their code, including applications, executables, scripts and libraries, to confirm that the software has not been tampered with by any outside source. The code signing process works by using public key cryptography and code hash functioning to digitally sign data, verify identity, and confirm the software code’s integrity is valid. The end user will receive an error or warning if the code does not have a valid digital signature.

Why Code Signing Certificates Matter

Ensuring Code Integrity
- Code signing certificates verify that a piece of software has not been tampered with or altered after it was digitally signed.
Building Trust
- A valid code signing certificate signals to users and operating systems that the software is authentic and safe to run, boosting trust and reducing security risks.
Compliance with Industry Standards
- Many platforms and operating systems, like Microsoft Windows, require code signing for software distribution and deployment, particularly for drivers and applications.
Protecting Against Malware
- Code signing helps prevent malware and malicious software from being disguised as legitimate software, enhancing security.

If the application and company are verified, then why does the installation trigger a warning message?

While a proper security system will detect immediately an application that has no code signing certificate and warn clearly the user about it, the changes made by the new code signing certificate in an application sometimes also triggers the security system. After some time, when many users will have ignored the message and installed the application, somehow the applications will be fully recognized as safe, and the message will not appear anymore.

How to proceed with the installation?

When the downloaded install file is opened Windows will display a message as follows warning of the dire consequences of continuing with the install.

Clicking 'More Info' will show some details about the install file and the authors (us). Ironically, it displays some comforting details about who we are which shows that we can actually be trusted.

Click on 'Run Anyway' to install our product.

As mentioned above, this will actually send a notification back to Microsoft that all is OK with Rons Place Software, which will eventually stop this from happening.