Couple of days ago I stumbled on an excellent article about the pitfalls of code signing!<\/p>\n
https:\/\/arstechnica.com\/information-technology\/2017\/11\/evasive-code-signed-malware-flourished-before-stuxnet-and-still-does\/<\/a><\/p>\n Couple of excerpts:<\/p>\n \"Now, researchers have presented proof that digitally signed malware is much more common than previously believed.\"<\/em><\/p>\n \"Surprisingly, weaknesses in the majority of available AV programs prevented them from detecting known malware that was digitally signed even though the signatures weren't valid.\"<\/em><\/p>\n \"The third key weakness in the code-signing ecosystem was the failure of certificate authorities to verify the identities of people applying for code-signing certificates. \"<\/em><\/p>\n \"Malware with the same digital DNA as Stuxnet\u2014Duqu discovered in 2011 and the Duqu 2.0 that\u00a0infected Kaspersky Lab's corporate network starting in 2014<\/a>\u2014also used code signing.\"<\/em><\/p>\n Just because an executable is code signed does not really tell much.\u00a0 You can EDIT code signed executables and they will run just fine - assuming that you do not change the binary code that actually makes them run;)<\/p>\n You can protect your software by validating the code signature inside the application.\u00a0 That way if the signature is tampered with, you can prevent the program from running.<\/p>\n
\n
\n