A well-behaved computer system should allow various programs to interoperate with each other on the system while at the same time protecting good programs, and their data, from malicious programs such as spyware. For example, a good system should take efforts to prevent a spyware program from accessing confidential information about a user, or from logging keystrokes that the user may enter into the computer (e.g., in an effort to obtain the user's personal information). However, distinguishing “good” programs from “bad” can be a real challenge. One mechanism by which such a distinction can be made is by use of trusted third parties that verify that a particular software developer is legitimate, such as by checking public records concerning the developer. The third party, known generally as a certification authority or certifying authority, may then assign the developer a cryptographic key that is private to the developer and that the developer can use to sign its applications. The signing creates a public key that users of the program can see, and can thus use to verify that the developer is legitimate. The programs or the operating system on a computing device can also use such certificates to determine the level of access to provide to an application.