Does code-signing a software app improve the conversion rate?


10

My small software company ships both SaaS and downloadable versions of software. I was wondering if signing the "downloadable" apps with a code-signing certificate will improve conversions?

Well, I know it will (at least by removing the Windows' warning messages), but the question is - how much? Is that improvement worth chasing?

Software Conversion

asked Feb 11 '11 at 02:35
Blank
Jitbit
267 points
Top agency to build award-winning mobile apps: Utility NYC
  • I don't know the conversion rate but considering it'a more secure and professional and only costs about $50-$200 you should definitely do it. – The Dictator 9 years ago
  • Although it is likely a good idea it may depend on who you are marketing to. If I asked **anyone** in my family what code-signing was they wouldn't have a clue (nor care). If your software is mission critical financial software for business I would expect the customer to care. – Scunliffe 9 years ago

2 Answers


11

We have been code signing all of our executables for years. Windows warnings on non-signed executables grow more dire with each new release. Windows 7 warns you every time you start an installed program (that isn't signed)!

Comodo lets resellers handle their code signing certificates and you can find great bargins out there. We paid under $200 for a 3 year certificate. And when you code sign an executable you always time stamp it, so the signing stays valid even after your certificate has expired.

Finally, code signed programs have a hidden advantage. Once you code sign a file, if that file gets modified, the code signing for that file is invalid. So if your customer claims he installed your program and it gave his computer a virus, trojan, or another related problem- you ask them to right click on the file and check the code sign status. If the file is not code signed- their computer modified your program. If it is still code signed, you can easily scan it for a problem.

Note you need to code sign all executables in your package. You code sign the program itself, the installer, and if you deilver it on a CD with a menu system- that program too.

Note added Oct 1, 2011- Windows 8 will have a new feature (that also requires new hardware). Basically in Windows 8 a user will have the option to have the computer hardware check the digital certificates of every module, dll, and exe that loads at boot time. No signature means no boot.

answered Feb 11 '11 at 03:49
Blank
Gary E
12,510 points
  • Thanks for the answer! Found a good deal on this, preparing to sign... One more question - if the program comes with some DLL-files installed - they should be signed as well, right? Thanks in advance – Jitbit 9 years ago
  • None of our programs use dll's - so I don't know the answer to that! – Gary E 9 years ago
  • On your original question, does a code signing improve conversions- you know at least some people get scared off by Window's warnings. No one I know who bought a certificate is willing to run an A/B test to see just how bad it gets. Once you start, you just keep going. – Gary E 9 years ago

0

Code signing is a great idea and should be done wherever possible (including enforcing SSL for access to your website - certainly any parts that can be accessed after login). It limits the opportunity for your application to be used as an infection vector for a start. Even if you self sign (not using a known and registered CA) the benefit is great.

If you have an application that may be included in an SOE it may not be acceptable unless it is signed.

Regards,
ShaneG

answered Feb 11 '11 at 22:54
Blank
Shane G
341 points

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Software Conversion