Separate names with a comma.
Discussion in 'Game Development (Technical)' started by Fost, Aug 28, 2004.
which one is that?
Hey Fost, who does certs. for that price? I've got to get my Java stuff signed (we've had to put up with scary security cert warnings for years in Javaland).
To all the moaners in here - just get your code signed, grin and bear it. It shows you're serious and considerably more trustworthy. You wouldn't want some dodgy site to hack your Plimware wrapped game and have it divert all the money to their account now would you? This is no more or less sensible than SSL for http communications. It's about trust. Don't complain.
I agree with Cas here, it's simply something that will benefit all of us in the long run anyway.
However, most people here appear to be using shareware-specific payment processors/online publishers surely this is a service you should be lobbying them for?
It's a little uncanny that this thread just started, also. Is this a hint of bigger things to come in the future in terms of who controls your computer--and, by extension, your business? It's "harmless" and "sensible" now, but it's also conditioning for what's coming.
Viruses/malware are the Terrorism of computing. Think before you take the leap.
Do you get a discount for re-signing it each time you release an update?
It would be nice if terrorism could be wiped out with an Anti-Virus program. Seems to me like the real solution is to ship auto updating anti-virus software with Windows, rather than try to control what people run. Of course, that's not nearly as profitable as charging developers for useless certificates.
(Someone correct me if I'm wrong here) My understanding is that you can package as many files as you want with your digital ID/certificate, using the tools they provide. I don't believe you have to buy a certificate for each file. Thus the $400 dollars can be spread across multiple products and updates.
Apologies to everyone, I should have posted the place I saw Authenticode certificates for Â£66 (for one year) or $99 (which is actually cheaper than Â£66 with the current awful exchange rate ). This was InstantSSL.com
They don't seem to offer any java signing though for those who need it. (Might be wrong, but couldn't see it).
Wonder if they would do a bulk discount for a few of us....
But after a year your certificate expires and you have to buy a new one, right?
Yes, there usually is an expiration date on them, usually one or two years. I'm not sure what the time period is on Verisign certificates.
That's not a bad idea actually, if need be we could probably organise an IndieGamer (or IndieGamerUK, IndieGamerUS, etc) certificate that can be sold cheaply to people on this board who match a certain criteria
I'm not trying to make it an elitist thing but such a scheme would certainly require some safeguards to stop virus writers, spammers, or possibly simply games we don't feel are quality enough to use the certificate.
on the other hand that goes back to what I was saying earlier, perhaps this is something that the online publishers should be lobbied to provide
Great... So if there's an old version of your game on the net somewhere and someone tries to install it, they'll get a WARNING - THE LICENSE HAS EXPIRED!! DO NOT TRUST THIS SOFTWARE!!! IT WILL KILL YOUR WHOLE FAMILY WHILE YOU SLEEP!!! type message.
These licenses are themselves a fucking license to print money.
Agreed, a license to print money (damn, now where can I get one of those! )
On the other hand, I would guess that the crypto key stays the same so long as you keep updating the license, which you probably would if you want to remain selling your software.
However, like DavidRM said, how quickly will the consumer become used to the warning and totally blase about it?
I suspect that, given human nature and the time it will take for software companies to get all their software digitally signed especially the smaller ones like us, not to mention all the software that's already out their and unsigned, that there will be a slight initial panic but people will very quickly become used to ignoring it.
It is likely to eventually become the case that the default configuration of the OS will not allow users to run unsigned or broken or expired software. Hurrah for me with Webstart of course coz it's always 100% up to date But I can see that the days of traditional downloadable .exes may be numbered.
M$ of course are pushing the same model as Webstart, with clientside .NET looming on the horizon to be the preferred deployment format on Win32 in the next decade.
Buy into it folks, it's not going to go away!
I would NEVER buy an O/S that refused to le tme run unsigned exes. If they insist on that, ill stick with XP forever.
This is my PC, I own it, ill run anything I damn like on it as long as im not affceting others.
Anyone wanting $100 from me to verify I am not a virus writer can Fck Off!
Keep your hair on! That's not what I said was going to happen. The default configuration will probably eventually be to automatically disallow unsigned code. It will have to be overrideable otherwise developers are going to have a pretty hard time writing code on their own machines aren't they?
back to reality...
Hey our company (ie. day job) buys them from GeoTrust.
On average they're cheaper than the cost of Verisign..
Nice scare tactics Microsoft - let's play on the fears of everyone who risks downloading a virus thanks to your leaky operating system. Hey, why fix the holes when you can make more money out of them!
This is majorly bad news. Gamers with little technical knowledge are going to hit the "no" button every time. If your target audience is mostly non-technical (eg mothers - sorry mum!) and/or you don't want to lose casual gamers then - reluctantly - I have to say this certificate is a must.
As others have pointed out, at least it means that these same customers will be less likely to download cracked versions of our games because they won't carry any certification.
And I'm sure you're right about future OS's, princec. Microsoft have seen how they can monopolise development on their Xbox console through encryption (no one can produce any unauthorised third party software for it). I guess they want to tighten the iron grip they already have on the PC and generate another lucrative revenue stream.
The future's bright (for Microsoft)...the future's digital rights.
I think some people need to do more research before posting here. Your signing licence may expire each year, but the EXEs that you sign do not expire. There is no problem with old exes files expiring.
The point of the code signing is to verify the identity of the publisher and the integrity of the download. It's like PGP and MD5 for software. If the file download is tampered or altered, the customer will be notified. If you get a certificate, your downloads will show your company name, and any unsigned cracks of your software out there will show "Unknown Publisher". If you've ever had problems with customers who didn't realize they were running a crack, you'll see how this can be beneficial.
I'm with Cas, I think it's a good way to show you're trustworthy and it's best to get in on this early. Depending where you get your certificate from it's only $99 annually (I think Thawte is $200, Verisign $400) and you should be able to write it off as a business expense on your taxes.
PS Some of the top download sites are seeing an extremely rapid takeup of SP2. It's worth joining the ASP to learn the exact percentages just over the last two weeks. They've been talking about code signing in their newsgroups for some weeks too.
This article is about TCPA, but it potentially affects anyone publishing software. Digitally signing is, in most cases, good for developers. But with added security, you're going to lose freedom.
The question is how much you're willing to tolerate and how far they will push, little by little. Before you know it you don't have control of your software or business anymore unless you pay what they want you to pay and use their software for deployment and deploy only at their authorized locations and follow their rules about content, etc etc etc.
Where does it stop? That's the bigger issue, IMHO.