Digital Signature Software

Question

What is the digital signature software? What it takes to digitally sign software?

I'm using the Kaspersky antivírus and the software I wrote, in Delphi, is flagged by the antivirus software due to lack of digital signature, as an untrusted software.

To use my software I need to go to the Kaspersky and set it as a trusted application.

Observing this article I see that the use of certificates is required:

Before you can get started, you'll need a code-signing certificate and associated private key.

Then immediately says I can generate a key in my infrastructure:

You can generate your proper code-signing certificate using your internal Windows public key infrastructure (PKI) or you can buy one from a commercial Certification Authority (CA) such as Verisign.

So, I ask:

1. How can I generate a certificate on my own infrastructure?
2. What are the advantages and disadvantages of obtaining a digital certificate?
3. What are the advantages and disadvantages to digitally sign software?
4. What is the difference between a certificate generated in my own infrastructure against a certificate obtained by a certifying institution?

Answer 1

Check this other question so you can understand more about certificates:

How do the processes for digital certificates, signatures and ssl work?

Basically signing a software guarantees that you are the author of the software and it has not been modified in any way by another party. For example if you check your PCs drivers, you will see they have a signature (i.e Microsoft Windows). this means we can be sure Microsoft made that driver. However there is nothing stopping me from creating a fake signature that has "Microsoft Windows" as name. This is what Certificate Authrotities are for, you could say they are trusted entities that contain records of each person/company and its true Public Key. That way even if I create a fake signature that has Microsoft as a name, a client will notice that the public key im giving it and the public key on record from the CA don´t match and thus I am an impostor.