A PKZIP Anecdote
In 1995 and 1996, a program called PKZIP30.EXE was placed on many Internet software libraries. This purported to be 3.0 beta release of the well known file compression program PKZIP
Unfortunately, downloading this program, caused ones disk to be erased ……
This is equivalent to a crook turning up at your door in a fake Niagara Mohawk (or what have you) van. In real world, if we are careful, we ask to see credentials of purported service person.
In Web security, one needs digital signatures to establish the credentials of a particular program -- in particular one would expect that PKZIP30.EXE be digitally signed by PKWare the company that created PKZip
Certification Authorities supply “Software Publisher’s Certificates” from “certification authorities” who presumably verify credentials of the organizations that they are certifying