Never knew Windows had it, but then again I'm not a Windows user, however whenever I interacted with Windows machines it's been easy to install unsigned binaries downloaded from wherever (with warnings of various kinds, with the warning I distinctively remember being "this app is downloaded from the Internet, are you sure?", which is basically useless).
Is this policy not enabled by default in the various versions of Windows? I think it is in Windows 8, right? What about 7? And why don't developers use it?
2. Because code signing is snake oil. Lots of malware is signed even with leaked driver certificates of some Asian hardware manifacturers; thus getting some leaked code signing certificate should be easy if you are used to writing malware.
Well, code-signing with a certificate authority involved works only if you can trust the certificate authority AND the developer that signed the binary.
Debian/Ubuntu's main repositories work by vetting for the maintainers that package the official binaries, with the proper keys being distributed as part of those distros. OS X works by validating if the key is a developer registered with Apple.
No system is perfect, I'm sure there's plenty of malware available for Debian/Ubuntu or OS X, including repackaged popular software that looks almost legit to the unsuspecting eyes, but this process works much better if you can have a second authority (in addition to the certificate authority) that is able to say "this developer did bad things so his key is no longer considered valid" and this authority must be the maintainer/governor of the operating system as there's nobody else that really cares about malware. For Debian/Ubuntu that would be the community / Canonical, for Windows that would be Microsoft, for OS X that would be Apple.
I think what's missing actually is an ability to really cancel a certificate and issue a new one for a piece of software. This doesn't work with Windows code signing for a number of economic and technical reasons. For example, you can't verify that a certificate hasn't been revoked when installing offline, and you can't resign packages you have given to other developers to distribute.
So what this means is that code signing does not work for redistributable software or for hard media very well. Ideally it would work if you have a single trusted online source for signatures but then this renders the system far less useful for many applications.
I am not sold on code signing. We sign our code and centrally publish the signatures separate from the code, so that while the code may be signed, the signatures can be updated if we need to change the key.
It's not that the developer does something bad but that if you can't revoke a compromised key effectively and safely for all parties, then you can't revoke it at all. And code signing in its current incarnations (whether with RPMs or MSIs) has serious problems there.
If you don't need Windows Logo Certification, you can use a Comodo code-signing certificate for $99/year, and apparently some resellers sell it as low as $66/year. It's maybe not "cheap" for a freeware hobbyist, but most small commercial companies/developers should be able to cover that.
Another reason not to use it is that some developers have tried A/B split tests and found that users are slightly less likely to install the signed version. It will depend on your userbase, of course.
I bought mine as a single-person business, and verification was indeed a huge hassle. However, I purchased it through a reseller (KSoftware: http://codesigning.ksoftware.net/ ) who acted as support and escalated issues with Comodo on my behalf. They also have a free Windows app that makes code signing easier, though I think I still use the X2Net Code Signing tool in my build chain.
Early stage startup that ships Windows software here: no, code signing certs are not that expensive.
We paid $397 for a two-year code signing cert with DigiCert. Extended validation, which we would have happily paid for, costs about 2x but require physical access to our build server (which we don't have, using Azure / EC2.)
The price we paid for our code signing cert is comparable with the SSL star cert that we use - probably actually cheaper on an annual basis.
If you don't use it, IE gives you scary warnings that you have to fight through to download the software.
Most installers for windows software are signed. I just checked my downloads folder and of the more than a dozen installers in there every one was signed.
Is this policy not enabled by default in the various versions of Windows? I think it is in Windows 8, right? What about 7? And why don't developers use it?