Malware and signed code

B

Bill Sanderson

(courtesy of Robear Dyer, and written by Joe Faulhaber, a name folks here
will recognize)

http://blogs.technet.com/mmpc/archive/2008/11/06/malware-and-signed-code.aspx

See the paragraph spotlighting mpcmdrun.exe.

This is pretty interesting, and highlights the importance of creating a
secure channel for updating antimalware products. Mpcmdrun is the code which
brings in updates to Windows Defender. It is also involved in Microsoft
Forefront and Microsoft Windows OneCare Live.
 
B

Bill Sanderson

The other thought I had in reading this article is that I wonder whether
we'll see the equivalent of the "green bar" high-assurance certificates for
code signing?

The article mentions that Microsoft hasn't been able to trace validly
code-signed malware to the author, when the purpose of signing code is
intended to assure users that the code can be traced to a (presumably
legitimate) author.

It turns out there are gaps in the procedures used to issue these
certificates, as has been the case with other certificates. This probably
shouldn't come as a surprise! It also highlights the importance of being
able to check CRL's (Certificate revocation lists) which should be updated
once signed malware is detected and the relevant Certificate issuer is
notified.

(I wonder who the issuers consider qualified to declare a piece of signed
code as malware? There are a lot of snakes in this barrel...)
 
R

Randy Knobloch

Bill said:
(courtesy of Robear Dyer, and written by Joe Faulhaber, a name folks here
will recognize)

http://blogs.technet.com/mmpc/archive/2008/11/06/malware-and-signed-code.aspx

See the paragraph spotlighting mpcmdrun.exe.

This is pretty interesting, and highlights the importance of creating a
secure channel for updating antimalware products. Mpcmdrun is the code
which brings in updates to Windows Defender. It is also involved in
Microsoft Forefront and Microsoft Windows OneCare Live.
Click to expand...

Thanks for this, Bill!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Automatic scans don't work on Win2K 8
What would you like in Windows Defender 2.0? 70
Microsoft Security E-mail Spoofs with Malware 5
Microsoft's Security Essentials isn't the best antivirus program, according to Microsoft 10
Windows Defender Chat Transcript 6
WTD: Nvidia Videocard for 4x AGP Slot 0
OpenOffice.org Newsletter (02/2004) 3

Top