Software EV SSL: The next weapon against malware?

Who really made your software?

The technology that protects consumers from spoof websites could be unleashed as the next weapon in the fight against malware.

Security company Verisign is looking at creating a system to certify software is what it claims to be, rather than malware masquerading as a software upgrade, for instance.

The vision is for a system which will work similarly to Verisign Extended Validation SSL (EV SSL), which turns web browsers' address bar green to guarantee that sites are genuine and not malicious.

The proposed system for authenticating software could flash up a symbol during the installation process certifying software was created by the organisation it purported to be.

The plans are being discussed by the Certification Authority Browser Forum, a voluntary organisation of certification authorities and vendors of internet browser software, including Microsoft, that helped develop the EV SSL certificate system.

silicon.com Financial Services

Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!

Verisign would offer certificates to software makers who passed its screening and auditing criteria - much in the same way that it does to online organisations signing up for EV SSL certificates.

The operating system would hold a list of certificates issued to trustworthy software makers and check for the certificates within the software during installation.

A spokesman for Verisign said: "We are looking to expand the SSL to other certificate types where we will know the identity of the author of a piece of software before you install it on the machine.

"The OS would control what it looks like."