All code signing seems to do is result in Virus tools deciding you app is ‘safe’ and enable certain vendors to get ‘money for nothing’ (to quote the song).
What is to stop me establishing an office &c in order to get a signature for my virus?
Better still, I establish an office, write a neat app and put a virus in it that doesn’t activate until a fixed date a year in the future, just how will a certificate prevent my move for world domination?
I presume the certificate could be revoked, but wouldn’t my dastardly plan already have achieved global domination?
Don’t certificates, simply create a, potentially false, sense of security?