If you sign a windows (native, not .NET) application with a code signing certificate, does this somehow prevent it being subsequently infected with a virus?
Obviously if you sign an already infected file, you've got a problem...
views:
116answers:
2
+1
A:
Since it checks integrity of file, it would help. However, there is nothing preventing virus from stripping signature.
If more applications employ this as a measure viruses will just strip signature and infect it anyhow.
Josip Medved
2009-07-30 09:48:49
Thanks - At what point does the file integrity get checked - on every execution?
Roddy
2009-07-30 10:35:01
I would assume so. However, notice that a lot of things can be changed via group policy so I cannot vouch for that.
Josip Medved
2009-07-30 11:16:27
+2
A:
If the application is signed, it can't be altered without invalidating the signature. So if nothing else, it's easier to identify that the application has been tampered with.
If it were an Office document, template or add-in with signed VBA modules, then (depending on the user's macro security settings), Office would pop up a dialog alerting the user before executing the macros - or refuse point blank to execute them. (It would detect that the macros did not have a valid signature, not that the file had been tampered with). I don't think that standard applications (EXEs) work like this, though.
Gary McGill
2009-07-30 10:19:38
Trouble is that the OS doesn't automatically display any warning that an exe has been tampered with. You have to check the digital signature. Even then the message and graphics are very similar to the standard not signed so it's very hard to pick out.
Tony Toews
2009-12-18 03:14:36