It's a significant hurdle, especially if getting something signed requires some kind of certification process and company identity verification.
It also ensures that the OS vendor has a copy of the binary (although it will only be the first stage, I assume). Without signing, attackers can push malware onto one machine without anyone else getting a copy.
It also ensures that the OS vendor has a copy of the binary (although it will only be the first stage, I assume). Without signing, attackers can push malware onto one machine without anyone else getting a copy.