When you let someone from your cable company into your house, you don't know that person, but you have learned to trust the company. The Software Trust Index is our way of evaluating whether you can trust the company that wrote the software you have downloaded and run.
Through PC Matic's real time computer protection software, Super Shield with Application Allowlisting, our cybersecurity team has visibility of the good and bad files that attempt to run on each users computers. We aggregate these files by publisher. To determine a publishers trust, we looked at two dimensions.
The first dimension is whether the file has been digitally signed. Most software publishers purchase a digital signature license that they attach to software they publish. They do this to protect their software but also to establish user trust. As one might guess, very little malware is digitally signed. It makes sense since malware's goal is to escape detection.
Digital signatures are not expensive but they must reveal company details that virus, malware and ransomware makers are unwilling to share. The problem is that many legitimate software companies do not sign all of their software applications. Perhaps the most noticeable example is Microsoft.
Unlike Google, Adobe, McAfee, and even PC Matic Security Software, Microsoft has not signed all of their applications and they continue not to do so. The fact that Microsoft does not sign all of their code represents a fairly large security hole in the Windows ecosystem. In fact, the largest single known vendor of viruses is in fact Microsoft. Of course, Microsoft is not writing viruses, but the people that do have discovered that they can write viruses and place Microsoft's name on those viruses. This would never happen if Microsoft signed all of their code.
The second dimension are actual viruses or malware. If a publisher has had viruses or malware published under their names, then that impacts the publisher's trust. We weight malware more heavily to create our software trust index. Does it matter where your antivirus software is made?