Hello.

I recently received this message (part only) from the Trend Micro Help Centre:-

Thank you for your email and the screenshot.
1.
Please ignore that Digital Signature and install and run the file anyway.

Really .......... I thought that's why warnings are given in the first place! Whilst I'm sure that, in that particular scenario, it was well-intentioned (and after having had the file checked by Sophos, I believe that there is nothing for me to be concerned about) it does leave me "wondering"!

However, I must admit that I do not fully understand exactly how the Digital Signature system is supposed to work. I "expect" to see a Digital Signature which, when I check (say after downloading a programme from the Internet) to have a date which is current .

However, (and as a "for instance") during my many re-installations of Windows XP since Christmas (7 in all now!) I discovered that in order to obtain Updates from Microsoft thereafter, I had to accept a Certificate which had a "out of date" signature. I did raise this with Microsoft, and was told that they were "aware of the problem" ............... and accept it anyway! I gather it has something to do with when the original "tool" was published and given its' Digital Signature, but I've always been sceptical about this.

This has just occured again when (now that my PC is, at last, free from Malware [ ??? ever the optomist!]) I attempted to join MSN - it required to "update" itself - and wants me to accept a sinature dated in 2004? (I haven't, yet!)

Someone "out there" must surely be able to explain to me how the Digital Signature system works ......... or, perhaps, that it doesn't always work as one might expect! I'm willing to learn (but it's getting much harder to remember!).

David B.

"BoaterDave" <BoaterDave@nospam invalid> wrote in message
news:(E-Mail Removed)...
Hello.

I recently received this message (part only) from the Trend Micro Help
Centre:-

Thank you for your email and the screenshot.
1.
Please ignore that Digital Signature and install and run the file anyway.

Really .......... I thought that's why warnings are given in the first
place! Whilst I'm sure that, in that particular scenario, it was
well-intentioned (and after having had the file checked by Sophos, I believe
that there is nothing for me to be concerned about) it does leave me
"wondering"!

However, I must admit that I do not fully understand exactly how the Digital
Signature system is supposed to work. I "expect" to see a Digital Signature
which, when I check (say after downloading a programme from the Internet) to
have a date which is current .

However, (and as a "for instance") during my many re-installations of
Windows XP since Christmas (7 in all now!) I discovered that in order to
obtain Updates from Microsoft thereafter, I had to accept a Certificate
which had a "out of date" signature. I did raise this with Microsoft, and
was told that they were "aware of the problem" ............... and accept it
anyway! I gather it has something to do with when the original "tool" was
published and given its' Digital Signature, but I've always been sceptical
about this.

This has just occured again when (now that my PC is, at last, free from
Malware [ ??? ever the optomist!]) I attempted to join MSN - it required to
"update" itself - and wants me to accept a sinature dated in 2004? (I
haven't, yet!)

Someone "out there" must surely be able to explain to me how the Digital
Signature system works ......... or, perhaps, that it doesn't always work as
one might expect! I'm willing to learn (but it's getting much harder to
remember!).

David B.

Bookmark this website.

http://computer.howstuffworks.com/question571.htm
--

Ronnie Vernon
Microsoft MVP
Windows Shell/User

Wow! I'll study this tomorrow!

David B.


"Ronnie Vernon MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "BoaterDave" <BoaterDave@nospam invalid> wrote in message
> news:(E-Mail Removed)...
> Hello.
>
> I recently received this message (part only) from the Trend Micro Help
> Centre:-
>
> Thank you for your email and the screenshot.
> 1.
> Please ignore that Digital Signature and install and run the file anyway.
>
> Really .......... I thought that's why warnings are given in the first
> place! Whilst I'm sure that, in that particular scenario, it was
> well-intentioned (and after having had the file checked by Sophos, I
> believe that there is nothing for me to be concerned about) it does leave
> me "wondering"!
>
> However, I must admit that I do not fully understand exactly how the
> Digital Signature system is supposed to work. I "expect" to see a Digital
> Signature which, when I check (say after downloading a programme from the
> Internet) to have a date which is current .
>
> However, (and as a "for instance") during my many re-installations of
> Windows XP since Christmas (7 in all now!) I discovered that in order to
> obtain Updates from Microsoft thereafter, I had to accept a Certificate
> which had a "out of date" signature. I did raise this with Microsoft, and
> was told that they were "aware of the problem" ............... and accept
> it anyway! I gather it has something to do with when the original "tool"
> was published and given its' Digital Signature, but I've always been
> sceptical about this.
>
> This has just occured again when (now that my PC is, at last, free from
> Malware [ ??? ever the optomist!]) I attempted to join MSN - it required
> to "update" itself - and wants me to accept a sinature dated in 2004? (I
> haven't, yet!)
>
> Someone "out there" must surely be able to explain to me how the Digital
> Signature system works ......... or, perhaps, that it doesn't always work
> as one might expect! I'm willing to learn (but it's getting much harder to
> remember!).
>
> David B.
>
> Bookmark this website.
>
> http://computer.howstuffworks.com/question571.htm
> --
>
> Ronnie Vernon
> Microsoft MVP
> Windows Shell/User

Hi Ronnie,

Many thanks for providing that link - I've now been there, read everything
(though not with total understanding!) and, as you recommended, I've
bookmarked it too!

You did not, of course, answer my question! I'm afraid that even after all
that reading I'm still uncertain of what I should do!
My strong inclination is that if I'm encouraged to open a file from an
'unknown publisher' I should not to so under any circumstances.
Additionally, I cannot understand why any major operation (like Microsoft or
Trend Micro) would not bother to ensure that everything they "offered" was
properly and currently signed.

Would you like to offer any other advice or comment?

Regardless, thank you for trying to help me.

David B.


"Ronnie Vernon MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "BoaterDave" <BoaterDave@nospam invalid> wrote in message
> news:(E-Mail Removed)...
> Hello.
>
> I recently received this message (part only) from the Trend Micro Help
> Centre:-
>
> Thank you for your email and the screenshot.
> 1.
> Please ignore that Digital Signature and install and run the file anyway.
>
> Really .......... I thought that's why warnings are given in the first
> place! Whilst I'm sure that, in that particular scenario, it was
> well-intentioned (and after having had the file checked by Sophos, I
> believe that there is nothing for me to be concerned about) it does leave
> me "wondering"!
>
> However, I must admit that I do not fully understand exactly how the
> Digital Signature system is supposed to work. I "expect" to see a Digital
> Signature which, when I check (say after downloading a programme from the
> Internet) to have a date which is current .
>
> However, (and as a "for instance") during my many re-installations of
> Windows XP since Christmas (7 in all now!) I discovered that in order to
> obtain Updates from Microsoft thereafter, I had to accept a Certificate
> which had a "out of date" signature. I did raise this with Microsoft, and
> was told that they were "aware of the problem" ............... and accept
> it anyway! I gather it has something to do with when the original "tool"
> was published and given its' Digital Signature, but I've always been
> sceptical about this.
>
> This has just occured again when (now that my PC is, at last, free from
> Malware [ ??? ever the optomist!]) I attempted to join MSN - it required
> to "update" itself - and wants me to accept a signature dated in 2004? (I
> haven't, yet!)
>
> Someone "out there" must surely be able to explain to me how the Digital
> Signature system works ......... or, perhaps, that it doesn't always work
> as one might expect! I'm willing to learn (but it's getting much harder to
> remember!).
>
> David B.
>
> Bookmark this website.
>
> http://computer.howstuffworks.com/question571.htm
> --
>
> Ronnie Vernon
> Microsoft MVP
> Windows Shell/User