When to trust a software publisher

Before deciding to trust a software publisher, do the following:

  • Make sure that the software has a valid digital signature. You can view the digital signature by clicking the publisher link in the Windows Internet Explorer 9 security dialog box that's displayed when you download a file.

    Digital signatures can show you:

    • Whether the software has a current certificate. Make sure the certificate hasn't expired or been revoked. This might indicate a problem with the company or software.

    • The identity of the software publisher.

    • If the program has been tampered with (possibly by a virus). If the program file has been changed, the digital signature will be invalid. Click the Security Status bar to the right of the Address bar. The security report will show you who the publisher is, and whether the file has been tampered with.

  • If you're unfamiliar with the publisher's name, search the Internet to make sure it's a widely recognized company or website, or that it's been recommended by someone you trust.

  • Make sure you understand the purpose of the software. If you aren't sure what the software does, find out more about it before you download it.