How important is it to digitally sign our executables?

Question

We produce a content management system. It\'s a database-based system, used only by businesses and organizations, and never downloadable from the Internet. That is, it\'s not th

Answer 1

Pro: If using Verisign certificates, Windows Error Reporting can be used

Actually, to use Windows Error Reporting you need Verisign or other code accepted signing certificate, but you need the certificate only to access the WinQual system. The exe itself does not have to be signed at all, the error reporting works absolutely fine on unsigned exes as well.

Con: Signing has some maintenance overhead, how much I don't know. Would love to here from you...

The maintenance overhead highly depends on the quality of your build pipeline. If you build your application manually, then yes, it means a few more steps. However, if you have a build pipeline and your builds are automated, code signing means adding a few lines into the build scripts and storing the private key of the code signing certificate so that the build can access it (if you have a build server, your code signing certificate will most likely need to be stored on it).

Pro: When Vista/7 show one of those annoying UAC messages, signed apps are presented a bit more nicely

As for UAC prompt - does you application really need elevated or admin privileges to run? The best way to avoid this prompt is not to require any elevated privileges at all.