Implementations
IBM's Lotus Notes has had PKI signing of code from Release 1, and both client and server software have execution control lists to control what levels of access to data, environment and file system are permitted for given users. Individual design elements, including active items such as scripts, actions and agents, are always signed using the editor's ID file, which includes both the editor's and the domain's public keys. Core templates such as the mail template are signed with a dedicated ID held by the Lotus template development team.
Signed JavaScript is also popular; signed scripts are allowed to perform additional actions such as cross-domain referencing.
Microsoft implements a form of code signing (based on Authenticode) provided for Microsoft tested drivers. Since drivers run in the kernel, they can destabilize the system or open the system to security holes. For this reason, Microsoft tests drivers submitted to its WHQL program. After the driver has passed, Microsoft signs that version of the driver as being safe. On 32-bit systems only, installing drivers that are not validated with Microsoft is possible after accepting to allow the installation in a prompt warning the user that the code is unsigned. For .NET (managed) code, there is an additional mechanism called Strong Name Signing that uses Public/Private keys and SHA1 hash as opposed to Certificates. However, Microsoft discourages reliance on Strong Name Signing as a replacement for Authenticode.
Read more about this topic: Code Signing