Swan Lake: Watch graceful swans swim in a lovely mountain lake.
ProSaver: Never give up your favorite screensavers again!
How many times during the day do you have to use your signature? Yes, we sign things all the time, from checks and forms to contracts and other agreements. Why do we do this? Because your signature serves as an announcement to the world that (1) I really am who I say I am and (2) I stand behind this document and all it says.
Many people don't realize this, but a lot of software designers use their signatures too, just not in the way we commonly think of a signature. These programmers can "sign" their computer programs with what is called a "digital signature". Read on to find out what this means and how it helps to protect you and your computer.
Digital signatures have one major difference from physical signatures (aside from being digital, that is). Anyone is able to read your physical signature (unless, of course, you happen to be a doctor) in order to verify who you are. However, only a computer can read a digital signature. If we were to look at one, it would just seem like a long series of random letters and numbers. But they are very meaningful to a computer.
Here's how they work: In order to digitally "sign" a computer program or document, a software producer needs to have a pair of digital "keys". (These keys are given out by a "certifying authority" — more on that later.) The first key is called a private key. The information about this key is available only to important individuals in the company that need to know about it, and it is carefully guarded from anyone else. The second key is called a public key. As the name implies, this information is available to everyone in the world.
When a piece of software is ready to be distributed, a special computer program is used to add the digital signature to any files that need it. This program takes the private key and, combined with some information from the software being signed, it creates an even longer series of letters and numbers that are completely unique, based on the private key and the contents of the file being signed. (Anyone confused yet?)
After the software has been signed, it is ready to be sent out to the public. Now, when you download a file that has been signed, your computer will automatically read the signature. However, it can't do anything with it just yet. First, the computer must use the Internet to contact the "certifying authority" (we'll talk about that next) that originally gave out the digital keys. Your computer then downloads the public key and uses it to "unlock" the signature so that it can be properly read and verified.
Okay, now on to "digital certificates" and "certifying authorities". A certifying authority is an organization that is authorized to hand out pairs of digital keys that can be used to sign computer files.
All of the certifying authorities have three things that they must do. First, they create and keep track of "digital certificates". A digital certificate is information stored in a publicly accessible location on the Internet, and it contains information about both the certifying authority and the company that owns the certificate. The certificate also contains the public key that has been assigned to the software company.
Second, the certifying authority gives the private key to the company doing the signing. The certifying authority also keeps a record of this, and it is guarded very closely by them as well.
Last but not least, the certifying authority makes sure that both the digital certificate and the public key are available to the public at all times, so that any computer trying to verify a digital signature will able to get to all of the information it needs in order to continue.
And that's that! (Does anyone else have a headache?) Of course, each certifying authority does several other important things (such as making sure that no two companies receive the same keys), but these are their main functions in the computing world. Now on to the most important part: How does all of this help you?
Digital signatures and digital certificates do two very important things, and they are the same things that your signature does for you: Having a digital signature on a computer program guarantees that (1) the company selling the software really is who they say they are and (2) the company is willing to stand behind the software and its contents.
Now, what if you discover that the program you are downloading does not contain a digital signature? Well, this is when you must use your own good judgment. There are two things that a missing digital signature could mean: First, it might mean that the software company simply does not sign their files. Second, it could mean (although it not extremely likely) that the software has been tampered with in some way. For instance, it could mean that a hacker has inserted hidden spyware or a computer virus into the software.
As we said, this is not extremely likely, but it is a possibility nonetheless. So what should you do? The only thing you can really do is consider where you downloaded the file from. If you got the file directly from the software company's website, there's a very good chance that the software has not been tampered with and they have simply chosen not to include digital signatures. If, on the other hand, you have gotten the file from a massive online download site, you may want to at least consider the possibility of tampering before you continue. To be on the safe side, it would be a good idea, if possible, to try to find the software company's website and download the file directly from them for maximum safety.
There is one other possibility when downloading a digitally signed file: The computer may give you a warning message that the digital signature is invalid or corrupted in some way. If this happens, STOP IMMEDIATELY!! Do not install the software. This means that someone has almost surely tampered with the file, thus changing the digital signature. A file such as this will very likely contain a virus or other harmful program. The best thing to do in this situation is to find the software company's website, download a properly signed copy from them, and report the incident to the company, including the name of the site where you found the corrupted file. They will be very appreciative!
When you are dealing with WaveBreak Software, you will not have to worry about corrupt or dangerous files. All of our self-extracting installation files are digitally signed and certified for your safety and protection. When you download any of these files, Windows will usually give you a "security warning" window about the file. Just verify that the publisher is listed as WaveBreak Software and you are good to go! (See also our Soapbox article: Is it safe to buy software online?)
Home
|
Software
|
Downloads
|
Support
|
What's New
|
Soapbox
About Us
|
Contact Us
|
Privacy Policy
|
Terms of Use
|
Site Map
| Our Software: |
|
Swan Lake: Watch graceful swans swim in a lovely mountain lake.
ProSaver: Never give up your favorite screensavers again!
|