I was working on a project recently that involved creating a Java applet to select and upload files to a web server. After some investigation, I found that embedding such an applet in web browser required paying a certification authority $150 for a signing certificate. This fee does not include any sort of attestation that the applet is not malicious; it simply associates it with a known publisher (who is willing to pay $150) and prevents man-in-the-middle modifications. My next thought was: why don’t I just create a stand-alone executable? An executable is easier and cheaper to deploy, and it is more access to the system. From a security perspective this seems completely backwards. Not only should it be easier to safely deploy a simple program, such as one that uploads selected files, but there should also be more checks on anonymous executable downloads. The current web download trust model is broken, and this article shows how to fix it with user-generated feedback following the wiki model. (more…)