>If MS was serious about this only being for security they could issue the certificates for free and prove me wrong.
Make it too easy, and the scamware software will just get a free cert and sign apps.
It takes some amount of effort, possibly by a human, to approve you to receive a cert.
Even the "free" certs I've applied for have taken time and human interaction on the side of the registrar, and I'm certain those certs are offered as loss-leaders for their other products.
I'm unfamiliar with many of these certificates, but is there any reason such 'scamware' woudln't be able to get one even though it costs money? Because, if they still can, they the whole certification business definitely seems like a big scam to me.
The certificate authority should revoke their signing certificate if their binary is found to contain malware, returning them to the big warning state.
Okay, "free" was poor phrasing. I should have said "no extra charge". Compare this to the situation described in the original article, where the developer had to buy a separate $59 certificate from a third party, on top of what Microsoft charges you for Visual Studio (which looks to be $499 for the cheapest non-evaluation version).
Express isn't an evaluation version. Also, it's trivially easy to get setup with BizSpark if you're a small startup and get free copies of Visual Studio.
No mobile apps, no conventional desktop apps, no command line apps... looks pretty "evaluaty" to me. Also: "private developers will have to pay $49 a year, corporations $99 a year."
So, on the one hand we have (from Apple):
Xcode (free or $5.00, depending on what kind of mood Apple is in that week)
Developer program with store access: $99/year
Code-sigining certificate: included.
From Microsoft we have:
Non-crippled Visual Studio: $499
Developer program with store access: $49-$99/year
Code-signing certificates: must be purchased separately from a third party.
Sorry, but Microsoft backpedaled after the bad press. You can download Windows 8 development tools for free now. [1]
Your info about "no command line apps" is also outdated. It USED to be true, but I have VS2010 Express, and it came with the command line tools:
c:\Devel\Msdev.2010\Common7\Tools>vsvars32
vsvars32
Setting environment for using Microsoft Visual Studio 2010 x86 tools.
c:\Devel\Msdev.2010\Common7\Tools>cl
cl
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.
usage: cl [ option... ] filename... [ /link linkoption... ]
c:\Devel\Msdev.2010\Common7\Tools>
I also use XCode, and it's ... not nearly as good as Visual Studio, though I am liking the new Eclipse-like "compile your code as you're typing it" real time error markup. A friend tells me that XCode can be configured to be sane, but I haven't given it a try yet.
Make it too easy, and the scamware software will just get a free cert and sign apps.
It takes some amount of effort, possibly by a human, to approve you to receive a cert.
Even the "free" certs I've applied for have taken time and human interaction on the side of the registrar, and I'm certain those certs are offered as loss-leaders for their other products.