R&R 12.5.01 not Code Signed

[Top_Dev_User]

I received the latest version of R&R Report Works yesterday and was very surprised to find that it was not code signed. Our customers will not run software that is not code signed.____Here are a few things to know about code signing.____Recent operating system updates to Windows XP (Service Pack 2) and the new Windows Vista and Windows 7 make it vital to use digital signatures in your application files and installation packages. Vista and Windows 7 use code signing more widely than earlier versions of Windows. With the increased level of warnings in Vista and Windows 7, signing your application and installation files gives end users the reassurance they need to proceed with the installation. You also get a friendlier Microsoft alert when your EXE files are code signed.____Are there plans to code sign your products in the near future? This is a deal killer for us.____Price comparison - why pay 6 times more than you need to?!____Do the math: a Verisign Code Signing Digital ID costs $499 for 1 year, $895 for 2 years and $1,295 for 3 years. A Thawte Code Signing Digital ID costs $299 for 1 year and $549 for 2 years. A Go Daddy Code Signing Certificate costs $199.99 for 1 year, $359.98 for 2 years and $509.97 for 3 years.____An original Comodo Code Signing Certificate via Lindersoft costs $79 for 1 year, $143 for 2 years and $200 for 3 years!____

[cstrasser]

For years, we^ve been signing our products that install over the web (such as the RattleRR ActiveX control and CAB files). We use either Verisign or Thawte (one of their subsidiaries) for our certificate.____Generally, we haven^t had any need to sign the products that we deliver via CD or download equivalent. Recently, I analyzed the behavior of signed vs. unsigned code on a variety of systems over several scenarios. The results are at:____http://www.livewarepub.com/pdf/code_execution_behavior.pdf____Because we have the certificate, the signing itself isn^t a big deal, although there are many executables, DLLs and OCXs to address. The issue comes with rebuilding the installation and creating a new master. We^ll evaluate this and let you know the result.

[Top_Dev_User]

Is there an update on this crucial issue?____>Because we have the certificate, the signing itself isn^t a __>big deal, although there are many executables, DLLs and OCXs __>to address. The issue comes with rebuilding the __>installation and creating a new master. We^ll evaluate this __>and let you know the result. __

[Top_Dev_User]

It^s now April 16th. You were going to "evaluate" the code signing issue and post a result (that was back in December). Four and one half months later, still nothing but the sound of crickets.____If you are not going to comply with Microsoft^s standards let us know, please, so we can start looking for a report writer that does comply. We have no choice in this matter. On locked down machines with restricted users, unsigned code literally raises a red flag. Government agencies and fortune 500 companies will not tolerate that and all of our customers fall into one of those two categories.____