Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates

IEBlog

Windows Internet Explorer Engineering Team Blog

Microsoft SmartScreen & Extended Validation (EV) Code Signing Certificates

  • Comments 20

Today two Certificate Authorities (CAs), Symantec and DigiCert, announced the introduction of EV code signing certificates. Their announcement is a positive development for users and businesses because it helps both sides reduce fraud and increase trust. We want to provide some more details about what this means for Microsoft’s SmartScreen and the Windows 8 application ecosystem in general.

Windows Store & Windows 8 Apps

The introduction of the Windows Store and Windows 8 Applications will be a significant opportunity for developers to distribute and monetize their applications. Windows 8 Applications are required to pass the Windows Store developer onboarding and application review process. This process is designed to give users confidence in the safety of their purchase while also making the install process as frictionless as possible. Windows 8 applications are not in scope for SmartScreen Application Reputation checks or warnings – these apps are reviewed, code signed, licensed & distributed by the Windows store directly.

Desktop Apps

Desktop applications remain an important part of the Windows experience and Microsoft remains committed to the safety of the desktop experience and our users. We recognize that Internet Explorer (IE) isn’t the only way users download applications from the Internet, so Windows 8 now uses SmartScreen to perform an application reputation check the first time users launch applications that were downloaded from the Internet.

This evolution of SmartScreen from IE-only to system wide is a significant improvement for Windows users. We have seen incredible results with this feature in IE9 (more here & here). Hundreds of millions of users have avoided malware infections due to these new experiences and we’re happy to bring this protection to Windows users, regardless of browser choice. For more details on the IE9 application reputation feature and the data models read this post. For more information on security & safety features in Windows 8 (including Windows SmartScreen) read this post.

The deeper integration of SmartScreen Application Reputation also means that desktop app developers have an additional motivation to sign their code and establish reputation. We’ve talked in the past about the importance of digitally signing code for both establishing reputation and proving the authenticity of programs. I’m happy to say the development community has responded to this call to action. Since the release of SmartScreen Application Reputation in IE9 we’ve seen a 10% global increase in signed downloads, from 73% at IE9 RTM to >83% today.

As we’ve discussed in the past, SmartScreen builds reputation for both individual programs and for the certificate used to sign that code. Code signing is important to our reputation intelligence because this higher level identity allows us to build reputation across multiple programs signed by a publisher. It is also important for publishers because signed programs inherit the reputation of the certificate with which they are signed; this means every program a publisher distributes doesn’t need to build reputation individually.

EV Code Signing

Today we are announcing our support for an important advance in code signing - the availability of EV code signing Certificates. We’re also announcing that EV code signing certificates will integrate with the SmartScreen Application Reputation technology in Internet Explorer 9, Internet Explorer 10 and in Windows 8.

Microsoft has been working with the CA industry over the past year to help make EV code signing certificates available. This code signing standard has a couple of key advancements from a safety and identity perspective. First, they require a more rigorous vetting and authentication process similar to that of EV SSL certificates that are in use today. This process requires a comprehensive identity verification and authentication process for each developer. Secondly, the EV code signing certificates require the use of hardware to sign applications. This hardware requirement is an additional protection against theft or unintended use of a code signing certificate.

Programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. Other factors are considered when generating reputation and determining product experiences and EV-signed programs will be closely monitored over time. We think the improvements in the vetting and security of these certificates are a great development for both users and developers.

Starting today, EV code signing certificates are now being issued by Symantec and DigiCert, and the integration with SmartScreen is already live (IE9, IE10 & Win8).

Detractors may claim that SmartScreen is “forcing” developers to spend money on certificates. It should be stressed that EV code signing certificates are not required to build or maintain reputation with SmartScreen. Files signed with standard code signing certificates and even unsigned files continue to build reputation as they have since Application Reputation was introduced in IE9 last year. However, the presence of an EV code signing certificate is a strong indicator that the file was signed by an entity that has passed a rigorous validation process and was signed with hardware which allows our systems to establish reputation for that entity more quickly than unsigned or non-EV code signed programs.

Best Practices

Developers should still follow the best practices we’ve suggested in past blog posts. We have added to that guidance the additional options of distributing apps thru the Windows Store and the option of EV code signing:

  • Distribute your apps through the Windows Store
    Windows 8 Applications are required to pass the Windows Store developer onboarding and application review process. Windows 8 applications are not in scope for SmartScreen application reputation checks or warnings in Windows 8.
  • Digitally sign your programs (Standard or EV code signing)
    Reputation is generated and assigned to digital certificates as well as specific files. Digital certificates allow data to be aggregated and assigned to a single certificate rather than many individual programs. Although not required, programs signed by an EV code signing certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals. Only Authenticode Certificates issued by a CA that is a member of the Windows Root Certificate Program can establish reputation.

    At this time, Symantec and DigiCert are offering EV code signing certificates.
  • Don’t sign or distribute malicious code
    Distributing code detected as malicious will remove the reputation from a file and also any reputation from the associated digital certificate – even if signed with an EV code signing certificate.
  • Apply for a Windows Logo or Windows 8 Desktop App Certification
    Learn more about these programs here:

We’re pleased with the announcement today of the availability of EV code signing certificates and we’re also happy to be able to bring SmartScreen Application Reputation to a new set of Windows users soon with Windows 8.

—Jeb Haber, Lead Program Manager, SmartScreen

  • Loading...