Re: Why are programs not digitally signed to protect against viruses?
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 06/29/05
- Next message: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Previous message: Imhotep: "Re: Confidentiality of email"
- In reply to: John [MSFT]: "Re: Why are programs not digitally signed to protect against viruses?"
- Next in thread: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jun 2005 01:29:20 -0700
Yep, and MS started doing that what was it, before W2k release, but
with (fairly) complete coverage starting with W2k.
BTW, what is that OS mentioned in your post ?
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion:
Service Pack 2
Sounds like current service on XP to me !!
-- Roger Abell Microsoft MVP (Windows Server: Security) "John [MSFT]" <no.email.please@online.microsoft.com> wrote in message news:%23i8MuUFfFHA.748@tk2msftngp13.phx.gbl... > Most windows files are signed - not within the EXE/DLL but by a separate > signature catalog. You can verify the signatures with sigverif.exe tool. > You can scan entire directories & groups of files, or you can narrow down > to a specific file. > > This allows signing of files other than executables - such as INFs. > > ******************************** > > Microsoft Signature Verification > > Log file generated on 6/28/2005 at 7:48 PM > OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: > Service Pack 2 > Scan Results: Total Files: 1, Signed: 1, Unsigned: 0, Not Scanned: 0 > > User-specified search path: machine.inf > User-specified search pattern: C:\WINDOWS\inf > > File Modified Version Status > Catalog Signed By > ------------------ ------------ ----------- ------------ > ----------- ------------------- > [c:\windows\inf] > machine.inf 8/3/2004 2:5.1 Signed sp2.cat > Microsoft Windows Publisher > > > > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message > news:mfGdnYlXq7vkfFzfRVn-pw@comcast.com... >> My guess is that may be related to issues with cost, development time, >> and performance. Windows XP Pro offers Software Restriction Policies >> which can be used to restrict what applications a user can install and >> execute based on hash, certificate, and path rules with default security >> levels of unrestricted or disallowed. If you are interested in SRP see >> the link below. The free tools from SysInternals - Process Explorer and >> Autoruns will also tell you is the executable associated with a process >> is digitally signed or not though as you mention that fact that a file is >> not digitally signed does not mean it is malicious. --- Steve >> >> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx >> >> "S Marsden" <S Marsden@discussions.microsoft.com> wrote in message >> news:42761726-E97B-4B7D-8FD1-DA004E6F8DCD@microsoft.com... >>> Why are Windows and all other software programs' dll's not digitally >>> signed? >>> Wouldn't this make it a lot easier to determine what files on a computer >>> were >>> valid, and which were potential viruses? >>> >>> When a dll or exe or cab file is signed, and you right click that file, >>> you >>> will see a tab for "Digital Signatures" and you can verify that the file >>> is >>> actually from who it says it is from. The "Versions" tab on file >>> properties >>> shows the company but this can be easily spoofed by anyone who writes >>> their >>> own program. >>> >>> Whenever we have a virus, we painstakingly go through each service and >>> do >>> google, and symantec searches on it, to try and verify its authenticity. >>> A >>> digital signature for each file would allow this process to be >>> automated. The >>> computer could be scanned and all unsigned suspect programs could be >>> identified automatically. >> >> > >
- Next message: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Previous message: Imhotep: "Re: Confidentiality of email"
- In reply to: John [MSFT]: "Re: Why are programs not digitally signed to protect against viruses?"
- Next in thread: Roger Abell [MVP]: "Re: Why are programs not digitally signed to protect against viruses?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
