I'm not going to go through all the posts, but it boils down to this; public key infrastructure is a robust battle tested system. Further, there is precedence in windows; signed drivers. We simply extend this a bit to allow for;
- Corporations to setup their own PKI root and signing operations
- Home users to add alternative PKIs if necessary, BUT the important thing here would be that MS be THE primary source for application signing. Alternative PKIs for home users would be a last resort type of thing.
- Prompts might be involved when running software that has not been signed and will not be signed.
MS certainly knows how to secure a root cert, and it's a trivial thing for most corporations to learn how to do ( offline storage of CA, a designated company rep is the only one with access ). Further, there are provisions in place for certificate revocation ( again, back to the already battle tested PKI ).
All of this makes more sense than UAC, if the goal is to prevent unauthorized applications from running/installing. UAC simply trains users to accept a prompt, not to actually understand what they are being asked.
- Corporations to setup their own PKI root and signing operations
- Home users to add alternative PKIs if necessary, BUT the important thing here would be that MS be THE primary source for application signing. Alternative PKIs for home users would be a last resort type of thing.
- Prompts might be involved when running software that has not been signed and will not be signed.
MS certainly knows how to secure a root cert, and it's a trivial thing for most corporations to learn how to do ( offline storage of CA, a designated company rep is the only one with access ). Further, there are provisions in place for certificate revocation ( again, back to the already battle tested PKI ).
All of this makes more sense than UAC, if the goal is to prevent unauthorized applications from running/installing. UAC simply trains users to accept a prompt, not to actually understand what they are being asked.