"Trusted" in TVL/whitelist means nothing, trust no one !!

there is the reason :

http://techblog.avira.com/2011/02/21/malware-signed-with-fake-avira-certificate/en/

This won’t harm CIS users because the certificate is invalid and then CIS will never trust it!
So I don’t see what this has to do with CIS and “means nothing”.

So if you just see this fake signature do not trust him!
This is clear .
So where is the problem ?

[attachment deleted by admin]

@ronny: nothing to do specifically with CIS but all kind of security softwares. i focus on the TVL-like and others Whitelisting system.

@slayer: maybe you and most of us can recognize it as a fake but not the common user, who even dont know what a signature is.

this one is a fake but an original one can be used. so my title.

trust no one

This should be mentioned on other sites, not here.

Agree, I replied to your post to prevent people to believe CIS would be vulnerable to such abuse, which in this case it is not.

Agree, I replied to your post to prevent people to believe CIS would be vulnerable to such abuse, which in this case it is not.

ok i see your point of views, sorry it was not in my intention ^^

i post it just to inform (maybe the title was a bit strong) ^^

edit: quotation marks corrected by Mod. kail

No problem.