Re: Why are programs not digitally signed to protect against viruses?
From: John [MSFT] (no.email.please_at_online.microsoft.com)
Date: 06/29/05
- Next message: Roger Abell: "Re: F-Secure Blacklight"
- Previous message: Bigbruva: "Re: F-Secure Blacklight"
- In reply to: Steven L Umbach: "Re: Why are programs not digitally signed to protect against viruses?"
- Next in thread: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Reply: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 19:49:31 -0700
Most windows files are signed - not within the EXE/DLL but by a separate
signature catalog. You can verify the signatures with sigverif.exe tool.
You can scan entire directories & groups of files, or you can narrow down to
a specific file.
This allows signing of files other than executables - such as INFs.
********************************
Microsoft Signature Verification
Log file generated on 6/28/2005 at 7:48 PM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion:
Service Pack 2
Scan Results: Total Files: 1, Signed: 1, Unsigned: 0, Not Scanned: 0
User-specified search path: machine.inf
User-specified search pattern: C:\WINDOWS\inf
File Modified Version Status
Catalog Signed By
------------------ ------------ ----------- ------------
----------- -------------------
[c:\windows\inf]
machine.inf 8/3/2004 2:5.1 Signed
sp2.cat Microsoft Windows Publisher
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:mfGdnYlXq7vkfFzfRVn-pw@comcast.com...
> My guess is that may be related to issues with cost, development time, and
> performance. Windows XP Pro offers Software Restriction Policies which can
> be used to restrict what applications a user can install and execute based
> on hash, certificate, and path rules with default security levels of
> unrestricted or disallowed. If you are interested in SRP see the link
> below. The free tools from SysInternals - Process Explorer and Autoruns
> will also tell you is the executable associated with a process is
> digitally signed or not though as you mention that fact that a file is not
> digitally signed does not mean it is malicious. --- Steve
>
> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
>
> "S Marsden" <S Marsden@discussions.microsoft.com> wrote in message
> news:42761726-E97B-4B7D-8FD1-DA004E6F8DCD@microsoft.com...
>> Why are Windows and all other software programs' dll's not digitally
>> signed?
>> Wouldn't this make it a lot easier to determine what files on a computer
>> were
>> valid, and which were potential viruses?
>>
>> When a dll or exe or cab file is signed, and you right click that file,
>> you
>> will see a tab for "Digital Signatures" and you can verify that the file
>> is
>> actually from who it says it is from. The "Versions" tab on file
>> properties
>> shows the company but this can be easily spoofed by anyone who writes
>> their
>> own program.
>>
>> Whenever we have a virus, we painstakingly go through each service and do
>> google, and symantec searches on it, to try and verify its authenticity.
>> A
>> digital signature for each file would allow this process to be automated.
>> The
>> computer could be scanned and all unsigned suspect programs could be
>> identified automatically.
>
>
- Next message: Roger Abell: "Re: F-Secure Blacklight"
- Previous message: Bigbruva: "Re: F-Secure Blacklight"
- In reply to: Steven L Umbach: "Re: Why are programs not digitally signed to protect against viruses?"
- Next in thread: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Reply: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
