And what is exactly the difference between "downloading a random executable from the Internet" and "downloading a random digitally signed with a random signature executable from the Internet"?
Either the author is random or it is not, and the signature is not really going to discriminate much in this area...
not quite "two billion" lol and the cheapest I know of is Digicert. You're looking at $499/year or$699/year for the extended validation cert (this is a higher quality cert that passes more security checks.) What is this validation you ask? All kinds of identity verification on the business and it's owner to ensure they are who they say they are and they are located where they say they are. The idea is that bad actors aren't willing to pay $$$ annually for any reason much less to expose their identity. Lockdown uses the EV cert.
Either the author is random or it is not, and the signature is not really going to discriminate much in this area...