How many program, that you're using are without digital signature?

Are all programs \ installers that you use are digitally signed? Cuz I think even though this is supposed to be security feature to help people make sure the program is ganuine (untempered), there are way more unsigned but legitimate programs then there are signed ones. Am I wrong?

No and No.


I can not compare the numbers in general, but I can say that most of the programs I use on my system, mostly open source and some local language software are all unsigned. I add them all to “trusted files” every time I reinstall CIS.

Still, as there is no other way to discretely identify LEGITIMATE programs and MALWARE presently, I will go with the present scheme of Digital signature verification until there is another better and working solution.

How difficult it is to fake digital signature?

That’s why I don’t use the Trusted Vendors List. I trust no one! ;D

VERY difficult…

But not impossible…

is it possible to create a digitally signed file without stealing the certificats of a company ?

current computing power, put together is not enough computing power…

a valid one no.
non trusted one (self signed) yes.

Glad to hear that. :slight_smile:

So how does self-signed certificate looks like, compared to company (valid) one?

same as a valid one but OS will display warning

Actually :-X