To Buy A Cert Or Not To Buy A Cert?
Today I received some insightful feedback from a reader named “Shirley” from velvetblues.com regarding her experience using fileai.com. In her comment she said that she “received a security warning and opted out” when trying to use the site for the first time.
Unfortunately, I understand where she’s coming from. In this day an age, when you’re browsing the web and a window pops up entitled “Security Warning” most peoples’ initial reaction is to click the “Cancel” button. The problem is, that’s the way Signed Java Applets work on today’s modern browsers, and a Signed Java Applet is what enables fileai.com to do cool things like accept drag-and-drop files, negotiate through gnarly firewall and router network configurations, and transfer files directly without having to upload them to a server.
There is one thing I can do to make the Security Warnings a little less scary, but it’ll cost me $300 - $500 to do so. 
If I purchase a Code Signing Certificate from Verisign or Thawte (the same companies that sell SSL Certificates that make web pages secure) then my Signed Java Applet Security Warnings will change from this:
to something like this:
(Obviously they won’t say “Northwestern University”, but you get the idea.)
So I guess the questions is: If I spent the $300-$500 to buy a Code Signing Certificate to make the Security Warnings say that my Signed Java Applet was “Verified”, would that make any of you more willing to click “Run” or “Trust”? Or is just the fact that there is a Security Warning staring you in the face enough to make you go somewhere else?
Thanks for all the great feedback, and please keep it coming! 
July 5th, 2008 at 4:18 pm
Don’t waste your money. I’m not going to send/share anything on the internet anywhere that I worry about being stolen. I think a little common sense goes a long way.
July 5th, 2008 at 8:51 pm
Well, I definitely think that this application might be more popular if signed… I mean, I’d click the ‘Run/Trust’ button.
However, at this stage, it is not worth the investment. Perhaps, once you get past the ‘beta’ phase, it’ll be a good idea… I still think it would be good to have a alternate non-applet version.
July 20th, 2008 at 7:50 am
I’m looking for a service which which I can send large files securely to my counterpart at the shortest possible transfer rate. I’ll consideration using this service if can ‘feel’ or ’see’ that it is safe. Such as - able to see the address of the relevant web-page to begin with ‘https’ instead of ‘http’. And of course those certificates from CA matter. Since I do not know the creator of this web-sites in person, this is the only way that I can ‘feel’ and decide whether the service is secured. Being a non-technical person, I’ll take any security warning from from Microsoft or Firefox seriously.
Thanks
July 20th, 2008 at 9:34 am
That’s totally understandable … If things don’t “feel” right you’ll be less inclined to continue.
You also brought up another issue: Buying an SSL certificate to secure the entire web site. SSL certificates only secure information transferred between your web browser and a web server. Since [ file ai ] uses a Java Applet to transfer the files peer-to-peer, having an SSL certificate on the site won’t affect that in any way.
But yes, it would help in the overall security “feel” of the site.
July 30th, 2008 at 1:00 pm
Hey, I was looking around for a while searching for network security certification and I happened upon this site and your post regarding To Buy A Cert Or Not To Buy A Cert?, I will definitely this to my network security certification bookmarks!