Sometimes InstallShield developers are confused about whether or not to sign their applications and installations. The decision is really easy. But first, what is digital code signing?
Digitally signing your installation and your application assures end users that neither your installation nor the code within your application has been tampered with or altered since publication. To sign your code, you need to obtain a code signing certificate from a certification authority such as VeriSign, Thawte, Comodo, etc. When you digitally sign your installation, end users are presented with a digital certificate when they run it. Herein lies the difference between signing and not signing.
If you have not signed your installation, the user will see this when they run it:
What the user sees when you haven’t signed your installation
If you have signed your installation, the user will see this:
What the user sees when you have signed your installation
Obviously, it’s a big difference. You should always sign your applications and installations. It just makes end-users feel better about installing your product.