Hi Richard,

> Ah, so this "reputation" is something Chrome has now, do you think Google
> are linking in the data from www.virustotal.com as its part of their
> portfolio into their reputation calculation on Chrome?

IMO, yes!!

> Kaspersky AV has something similar, but when I looked at it and played
> around, on the surface it just showed how many people were using said
> program in different parts of the world and obviously whatever program
> didnt have any known virus in it by virtue of it still be used.
> It didnt seem that useful.

If you monitor your web logs, you'll notice that there will be something
going on after the first downloads. Various protection software vendors
start to download the files from your web again and again (sometimes
simultaneously) to get their hands on your files for "sandbox execution".

> So an EV cert for least hassle especially if you want to produce off the
> shelf software for many people, but also for bespoke systems if you dont
> want to annoy the customer if the installation doesnt go smoothly.
>
> Std Cert could cause some problems for some people when you least need it,
> regardless of if its a bespoke system for one site or an off the shelf
> system for many people anywhere in the world.
>
> No Cert, good luck to anyone. You get what you pay for so to speak, but
> you could make a few quid if you charge for support calls, which could
> then be used to buy an EV cert and reduce that repetative behaviour. <vbg>
>
> I assume the code signing certs beit std or EV I buy can also be used for
> web servers and email servers as well or would they be different certs I
> would still need to buy?
> Also I have to think, do I want all my eggs in one basket with a std or EV
> cert than doesnt expire for at least 12months, ie one cert becomes a high
> value target on my computer, even if I keep it in cold storage like a USB
> stick when its not in use.
>
> Decisions decisions.<g>

The main differences between Standard and EV certificates are that EV
certificates...

- ... are even more expensive ($628 instead of $200 for three years),

- ... you have to use a "dongle",

- ... after you have received the EV certificate, you have instant
application reputation with SmartScreen. With the Standard certificate, you
should build your reputation first (this takes 1-2 days if you do it right
<g>).

IMO, Std Certs are the way to go <g>.

Friedrich