signed malware

Hello. Three short items:1. Is it true that all software needs is a signature to be allowed? 2.If true is comodo having issues because if this? 3. Is there a work-around? Thank you.

Hi there. :slight_smile:

  1. No, a signature isn’t enough; CIS only trusts a signature if it is included in Comodo’s “Trusted Vendor List” and is still valid. Software with a signature that is invalid or not found on the list is treated the same as an unsigned file.

  2. Not really. Because Comodo doesn’t trust just any signature such problems are reduced; in the rare cases where malware has managed to be signed with a signature that is on the list it is quickly dealt with by the vendor revoking it and Comodo removing it from the Trusted Vendor List; either of these will make CIS no longer trust that signature.

  3. In most cases Comodo removes untrustworthy signatures before the users even know about it, so I personally wouldn’t worry about this too much, but it is possible to remove some or even all vendors from the Trusted Vendors List (see this post for directions). Maintaining it manually in this manner has the downside of the list no longer being automatically updated.

Anyway, I hope all that made sense and answers your questions. :slight_smile: