To get Windows to trust your code (in my case a Silverlight Out-of-Browser XAP file), you need to sign it with a certificate. With a Silverlight OOB app, this makes the difference when installing between seeing this: or this: Also, trusted applications can automatically update themselves (when adding the necessary code of course) while untrusted ones can’t. That’s when you get the following error: “Cannot update application, the installed application and update candidate differ in certificate/signature state.” To avoid this