Authenticode™ is a technology developed by Microsoft that, according to them :


While not guaranteeing bug-free code, Authenticode identifies the publisher of signed software and verifies that it hasn’t been tampered with, before users download software to their PCs -



Authenticode is commonly referred to as Code Signing because a “digital signature” is attached to .EXE and other files that is used to determine if the file has been modified since being “signed” by the publisher.

The way most users have run across Authenticode is likely by downloading a piece of software and seeing a rather nasty “Unknown Publisher” warning from the web browser (or Windows). Does this look familiar to anyone?


That is an example of an Unknown Publisher download warning in Windows Vista.

Now an example of the same warning, but for a file that has been digitally signed (by K Software) :



If you click on the linked K Software text you can see the details of the certificate :



Note the “This Digital Signature is OK” message. If you don’t see that on the certificate details page then you should not run it as the file has been modified since the publisher signed it (it could have a virus or contain some other sort of malware).


What Authenticode is Not


Authenticode (Code Signing) is not a guarantee that the software that has been digitally signed is bug free or even virus/malware free. All a digital signature says is “this file has not been modified since it was signed by the publisher”. Having said that it is worth noting that obtaining a code signing certificate is not free and that companies or individuals that apply for a code signing certificate do have to pay a fee and do have to prove their identity to the company that issues the certificate.