Digital Signatures - An Idea That Went Wrong

Charlotte Wants To Know What's Up With Digital Signatures
When I went to Registry Mechanic to use the "try it" version, I got a message that this software did not have a valid digital signature and should not be run. As a result, I did not use it.

Our Answer
Can you think of anything in your personal experience that sounded like a good idea on paper but in reality it turned out somewhat different than the original idea. That's what happened to the once "glorious" idea of digital signatures.

We're not aware that Registry Mechanic does not have a digital signature, because we never pay attention to them, and perhaps after reading this answer you won't either.

A little background:

Digital signatures were created in the beginning to give consumers that the software they were downloading was genuine. Well, there's nothing wrong with that, right? But big companies started to realize they hit a big $$$ bonanza. Because digital signatures cost nothing to produce and sell for hundreds, even thousands of dollars, many companies are jumping into the game and issuing "digital certificates". At one time only one or two companies sold digital signatures, now there are a  growing number of companies that will sell you a digital signature, some of them obscure, maybe some even questionable. All you have to do to get one is have the money to buy it.

All a digital signature guarantees is that the software you're downloading came from the company who made it. This doesn't mean a whole lot considering some of the web's most notorious spyware and adware (like Zango and Hotbar) display valid digital signatures. So if anyone can get one if they have the money what do they really mean as far as your trust? Close your eyes. What do you see?

These days everybody and their brother is getting into the "digital signature" business and anyone with the money can get one. Now you really don't know much about either company anymore: you don't know about the company that issued the digital signature and you sure can't trust the company who got one either. The digital signature idea was a good one on paper, but in reality it doesn't work. Once the digital signature companies, who charge from several hundred to thousands of dollars for a digital signature, realized that they could make a fortune and started to issue them to anyone with the money, digital signatures lost all meaning.

None of our software (Cloudeight) has a digital signature. We cannot afford it and it wouldn't guarantee you anything except that Cloudeight actually made the software. With dozens of suspect companies, including numerous adware and spyware companies, having digital signatures these days, it's easy to draw the conclusion, then, that digital signatures are meaningless.

Small companies like Cloudeight can't afford digital signatures. We'd have to buy one for each file we offer for download. We offer over 5000 files for download. If all of our software had digital signatures, we'd not be around anymore to be writing this answer. The same holds true for thousands of other small companies. But the big spyware and adware companies, making millions of dollars while messing up your computer, can easily afford to buy as many digital signatures as they need. These are supposed to make you "trust" them. Do you trust Zango just because they have a digital signatures. Do you not trust us because we don't have one.

Whether or not Registry Mechanic has a digital signature or not (and we don't recall them not having one) is meaningless. We don't recommend or not recommend software based on digital signatures - we never have and never will.

In a nutshell? Don't rely on digital signatures as a guarantee of anything, except that the company that has one had the money to pay for one and that the company that claims they made the software probably made it.

Does a digital signature mean an application or download is safe? No.

Does the absence of a digital signature mean an application is not safe? No.

Does a digital signature mean much of anything at all? Now you can answer that question!


RoboForm 6.7 Box Save 20% With this special offer!
RoboForm 6.7
The world's most trusted password
management and form-filling software
Works with Firefox 3.0 and I.E. 8 !!


*Reduce your many passwords to just one
Automatically logs you into online accounts
Fills forms with just one click
Prevents Phishing and Keylogging, much more
Get More Information and SAVE 20% On RoboForm Right NOW!


Make our Start Page your Home Page   Close This Window

All content is copyright ©2006 Cloudeight Internet LLC