How do I get rid of the "Unknown Publisher" security warning? Posted on Fri Jan 8 2010 in FAQs by Tim
When you try to launch an EXE that has been download from the web, you may be presented with a secruity warning that looks something like the one below. This isn't a problem with your application, it's caused when you download ANY unisgned application from the web.
The publisher information that Windows is looking for doesn't come from the version information in your EXE, but from a digital signature that is added to your application. This signature has to be certified by a trusted authority (which means it's going to cost you some money).
A digital signature provides a way for the browser to determine the identity of the publisher, that the appliction has not been altered since it was signed, and to verify when it was signed.
Before XP SP2, to most users, there was no obvious difference between a signed and unsigned executable, but in XP SP2, when downloading a program with Internet Explorer and choosing to open it (or even if saved to a file and later opened later), a warning dialog will be displayed for an unsigned executable.
A warning dialog is still displayed for a digitally signed executable, but it's much less ominous and a link to your digital certificate is provided, giving the user more confidence that the file is safe to download and run.
You can download the tools you need to sign your executables from Microsoft as part of their Authenticode tools.
Frequently Asked Questions About Authenticode
Signing and Checking Code with Authenticode
Before you can start digitally signing your code, you will need a code signing certificate (or digital ID) from a certification authority (CA). You will need a Class 3 digital certificate for code signing. The most well known CA (and the most expensive) is VeriSign ($400/year). Others, such as Thawte ($199) are considerably cheaper. Microsoft maintains a list of Root Certificate Program Members.
You can get FREE certificates (or create your own) but I'd recommend against them (except for testing) because there's no way for Internet Explorer to verify the publisher.