Deployment Security
Overview
Ensuring the security of Windows applications during deployment is critical for protecting users and maintaining trust. This guide covers the core mechanisms and best practices for securing application binaries, installers, and runtime environments on Windows platforms.
Code Signing
Code signing provides cryptographic proof that an application originates from a trusted publisher and has not been tampered with.
Signing a binary
signtool sign /a /t http://timestamp.digicert.com /v MyApp.exe
Key parameters:
- /a – Automatically select the best certificate.
- /t – Timestamp URL to ensure the signature remains valid after certificate expiration.
For detailed guidance, see Code Signing documentation.
Application Manifests
Manifests declare the privileges an application requires and enable Windows to enforce security policies.
Sample manifest
<?xml version="1.0" encoding="UTF-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Use the requireAdministrator level only when necessary; otherwise prefer asInvoker to run with the caller's privileges.
User Account Control (UAC)
UAC helps prevent unauthorized changes to the system. Proper manifest settings and signing reduce unnecessary prompts.
- Declare the minimum required execution level.
- Sign all binaries to assure users of authenticity.
- Avoid installing files to system-protected locations without justification.
Best Practices
- Sign every executable, DLL, and installer with a trusted certificate.
- Use strong, SHA‑256 timestamps.
- Include an application manifest that accurately reflects required privileges.
- Validate installer packages with Windows Installer (MSI) signatures.
- Leverage Windows Defender Application Control (WDAC) for enterprise deployments.