Distributing executable programs and other files to users of the Windows operating system is always a little fishy because they cannot really trust them, due to all the Spam and malware that is freely being distributed around the world. In a relatively closed environment signed and/or encrypted mail can be used, but that is difficult when sending to previously unknown parties or when offering the files as downloads.
Microsoft’s Authenticode tools make signing code using a digital certificate quite easy. Ideally, you’d sign the code with a certificate which is automatically trusted by the receiving party (i.e. a certificate which has been issued by one of the trust centres already known to Windows), but even if you use your own Certification Authority (and inform the concerned parties about it), users benefit from the additional security.
We run a CA based on OpenSSL and issue our own certificates. After
installing certificate with Enhanced Key Usage of
(220.127.116.11.18.104.22.168.3) into your Windows certificate store, you can sign and
timestamp an executable with
signcode -s my -cn "Certificate Common Name" -t "http://timestamp.verisign.com/scripts/timestamp.dll" prog.exe
More information about
signcode can be found in the documentation on
Signing and Checking Code with Authenticode at Microsoft.