Leo down at The PC Security Channel came out with this video
yet another example of why a digital signature is NOT enough verification to allow something.
3 Likes
Digital Signature vs Verifying/Validating the owner of the signature are two different things.
2 Likes
malware…with a real digital signature
1 Like
Although I’m not normally a fan of his, this was an excellent video.
The fact that the Digital certificate was valid and counter signed would allow the malware to bypass most security application. Fortunately Comodo uses an additional check in that the application must also be vetted by Comodo before being trusted, and without that check the application would be plopped into containment.
This additional barrier for malware to cross is of great value and far too often overlooked.
4 Likes
You are spot on @cruelsister . There are so many security layers that are not really understand by an average person. They simply look at “detection” thinking this is the only way to protect themselves.
1 Like