My org without a pki wants to code sign.

If they buy a cert from Entrust and basically everyone trusts entrust, does that mean malicious code signed with an entrust cert would run on the system configured to run ‘allsigned’ scripts?



And it means you’d be able to track them down because a certificate is a digital identification card.