When to trust a software publisher
This information applies to Windows Internet Explorer 7 and Windows Internet Explorer 8.
A software publisher is a person or company that creates or packages software. The publisher can be the website you are downloading a file from or a software retailer. Before deciding to trust a software publisher, ask yourself the following questions.
Choose software from a publisher you already trust, such as a widely recognized company or website. Consider a company or website you've had a satisfactory experience with previously, or one that has been recommended by someone you trust.
Some websites will try to get you to download software that you don't need. Research the software and find out why the website is asking you to download it.
If so, check the digital signature to be sure that it's valid, that the software publisher is the one you expected, and that the file has not been tampered with. You can view the digital signature by clicking the publisher link in the Internet Explorer security dialog box that is displayed when you download a file.
A digital signature can show you:
Whether the software has a current certificate. Make sure the certificate has not expired or been revoked, possibly indicating a problem with the company or software.
The identity of the software publisher.
Whether the program has been tampered with (possibly by a virus). If the program file has been changed, the digital signature will be invalid. This will be shown in the security report when you click the Security Status bar to right of the Address bar. The security report will show you who the publisher is, and whether the file has been tampered with.