In Java, the method that Glenn describes is called “code signing”, and it works much the same way that your browser does when it prevents MitM attacks when it goes to an https (TSL secured) site: It uses a PKI certificate to prove that the program was not tampered with.
1.) The developer creates a private key - public key pair, and sends it to a “certificate authority” to sign.
2.) The certificate authority then adds their public key to it, signs it with their private key, and sends that back to the developer.
3.) The developer adds this signed set of public keys to their release project, computes the checksum, and then signs that with their private key.
4.) in order to run the software on a computer, a system administrator has to add the certificate authority’s public key into the “trusted certificate authorities” store.
So now when someone tries to run the program on their computer, the java plugin will:
1.) check if the certificate authority is in the trusted authority store. if not, it won’t run the program.
2.) check if the certificate authorities’ signature is valid - it does this by decrypting the signature with the public key and checking if it matches the checksum. if it’s not valid, then it’s a forgery. it won’t run the program.
3.) check if the developer’s signature is valid - it does this by decrypting the signature with the public key and checking if it matches the checksum. if it’s not valid, then it’s a forgery. it won’t run the program.
4.) check if the stored checksum matches the computed checksum. if it doesn’t match, then the program has been tampered with. it won’t run the program.
In addition to that, it does a number of other checks. But that’s the main part, IMO.
For more information, you can read up on “code signing certificates”.