Re: Why are programs not digitally signed to protect against viruses?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/29/05 

Date: Wed, 29 Jun 2005 10:09:42 -0500

Hi Roger.

I believe that you can do with certificate rules. There is a catch however
in that even with a default disallowed security level the operating system
will allow a lot to be executed in the system folders and program files
folders to allow the computer to startup and let user logon. One would have
to remove the default exemptions for disallowed and explicitly define the
files that can be executed with certificate rules if there are files that
are not digitally signed in the default exemptions which more than likely
there are currently and to mitigate the risk if malicious files could be
written to the folders covered by default exemptions. I tried such one time
with path rules and was able to get the computer to boot up and logon. ---
Steve

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:%23tV9MZIfFHA.1204@TK2MSFTNGP12.phx.gbl...
> Correct me if I am wrong Steve, but one can also, for example, use
> SRP to state such as: don't let it run unless it is signed by our org or
> by Microsoft, which would cover approved apps and the OS.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server: Security)
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:mfGdnYlXq7vkfFzfRVn-pw@comcast.com...
>> My guess is that may be related to issues with cost, development time,
>> and performance. Windows XP Pro offers Software Restriction Policies
>> which can be used to restrict what applications a user can install and
>> execute based on hash, certificate, and path rules with default security
>> levels of unrestricted or disallowed. If you are interested in SRP see
>> the link below. The free tools from SysInternals - Process Explorer and
>> Autoruns will also tell you is the executable associated with a process
>> is digitally signed or not though as you mention that fact that a file is
>> not digitally signed does not mean it is malicious. --- Steve
>>
>> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
>>
>> "S Marsden" <S Marsden@discussions.microsoft.com> wrote in message
>> news:42761726-E97B-4B7D-8FD1-DA004E6F8DCD@microsoft.com...
>>> Why are Windows and all other software programs' dll's not digitally
>>> signed?
>>> Wouldn't this make it a lot easier to determine what files on a computer
>>> were
>>> valid, and which were potential viruses?
>>>
>>> When a dll or exe or cab file is signed, and you right click that file,
>>> you
>>> will see a tab for "Digital Signatures" and you can verify that the file
>>> is
>>> actually from who it says it is from. The "Versions" tab on file
>>> properties
>>> shows the company but this can be easily spoofed by anyone who writes
>>> their
>>> own program.
>>>
>>> Whenever we have a virus, we painstakingly go through each service and
>>> do
>>> google, and symantec searches on it, to try and verify its authenticity.
>>> A
>>> digital signature for each file would allow this process to be
>>> automated. The
>>> computer could be scanned and all unsigned suspect programs could be
>>> identified automatically.
>>
>>
>
>