VSTO & .NET & Excel

June 6, 2011

COMODO Code Signing Certificate

Filed under: .NET & Excel, COM Add-ins, Excel, Installation Tools, VSTO & Excel — Dennis M Wallentin @ 8:38 pm

During the last couple of years security has become more important. Today it plays a central role in many businesses around the world. As external consults we must be aware of it but perhaps more important is that we support it in a way that actually add more security to their business.

Through the years I have strongly advocated that all kind of software solutions should be digital signed with a Code Certificate. In that way customers know that the solutions come from secured and trusted vendors. After all, who wants to download and install softwares from “unknown”?

Within the online Excel developer community it still has not yet become a de facto standard to digitally sign any add-ins or individual workbooks with a certificate.

From what I can understand it’s related to the following:

  • It’s too expensive to buy.
  • It’s too difficult to configure and use a digital certificate.
  • “My customers don’t require it.”

I will start with the last item on the list. If the customers are not aware of it it’s difficult to require it, right? So instead of making a (wrong) conclusion I instead suggest that You try to educate the customers about software security in general and more specific about digitally signing of solutions. Personally I would appreciate it very much if an external consultant gave me an introduction to security.

The second argument is also something that can easily be fixed. It actually exist good guidelines and if we just follow them we would manage to both configure and use the digital certificate.

Finally the price level, for years many Excel developers say it’s too expensive to buy which also become a defence for not taking it seriously. At least, that’s my impression.

For years ago there existed a few vendors that wanted US$ 400 per year for a Code Signing Certificate. But time changes to the better even in this case. Today it exist several more vendors who offer a far better price than what many Excel developer claim it costs today.

To sum up, the list of “excuses” is no longer valid as I believe it exist an attractive solution for all of them.

Recently I found a new vendor who offer COMODO’s Code Signing certificate for a very attractive price. On the vendor’s site they also offer tools to be used with the Code Signing Certificate and also guidelines or link to guidelines on how to use certificate. And top of it, the vendor offers an excellent support.

I suggest You take a closer look at K Software‘s site which can be found at the following URL:

http://codesigning.ksoftware.net/

And as You will note when visiting their site; they explicit target small businesses.

Kind regards,
Dennis

Ps: I have no commercial interest in K Software’s business. My opinion about them is only from a very satisfied customer.

Advertisements

5 Comments »

  1. Thanks, Dennis! I just ran across this an appreciate the mention.

    To any reader – email or call me and I’ll help you through the whole process.

    Comment by Mitchell Vincent — June 30, 2011 @ 9:00 pm

  2. Late to the party on this, but just wanted to weigh in here…

    I have a vendor who sold us a product that needs to run on startup. Easy to do in XP, we just drop it into the start folder and it runs when someone logs in. But with Windows Vista and Windows 7, this is not the case. Instead, we get UAC prompts that need to be cleared before the program will run. The problem for us is that this is a virtual server whose sole purpose is to run this software. No one looks at this machine daily, and we want it patched automatically for security reasons. All it needs is a digital signature to fix this issue, but the vendor doesn’t seem able or interested to do it.

    I think if you’re selling a commercial product in this day and age, and it is packaged in an executable format, you need to have that signature. It’s not an option any more.

    Comment by Ken Puls — August 2, 2011 @ 11:11 pm

    • Ken,

      Thanks for taking Your time to make a comment. I think You hit the nail’s head when You says it’s not an option no more.

      I see the same development on other platforms too. Apple’s new operating system, Lion, seems to follow Vista/7 standard. On the Linux platform it seems to be have been built-in from start.

      Thanks,
      Dennis

      Comment by Dennis Wallentin — August 3, 2011 @ 2:35 pm

  3. ***** tremendous things here. I am very satisfied to see your article. Thanks so much and i’m looking forward to contact you. Will you please drop me a e-mail?

    [I have removed the first word – Dennis]

    Comment by Simonne Policare — September 14, 2011 @ 5:09 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: