If the certificate the malware is signed with has been revoked then it will not be trusted by Comodo.
However, if nobody has reported it yet, then the certificate will still be considered legitimate and will be trusted by Comodo.
Does this answer your question?
But in the mean time it will wipe out peoples computers because until comodo is update it will allow everything to connect to the internet and download who knows what because they have a trusted vender license. Just because something is signed does not mean it should automatically be allowed to connect to the internet without the users permission. This action shows that the application cannot be trusted as well as comodo for bypassing user wants.
Just because something is signed does not mean it should automatically be allowed to connect to the internet without the users permission.
It is signed and on the trusted vendor list.
This action shows that the application cannot be trusted as well as Comodo for bypassing user wants.
Right… You can’t trust Microsoft either because they allow the driver to load on x64. They don’t even have a trusted vendor list, so they allow any properly signed driver to load. 88)
this is a problem with all security software. There are two things that can be done. Have the security software have no trusted list and ask you about everything. Which people will complain about because the software is not user friendly.
Or some company can invent a new code signing certificate that cannot be stolen or cracked. The nice thing is that comodo is in the position to do this.
I must say there is a third option 
Is create a “A&S Program”; Either for free or paid (I would highly recommend a free program though but can be both :D)
Jake
Mathematically, of course it can be cracked. The only encryption method that is 100% safe is the one-time pad, which is also the most useless.
If I’m not wrong (and please correct me if I am as I haven’t actually researched this :o) the problem today isn’t that the digital certificates are being cracked, but that some companies/individuals are willing to sign malware.
Is this right? If not then please direct me to a link so I can be correct in the future. 88)
Yes, you’re right.
Digital signatures are very difficult to fake with our current technology, but they’re not “mathematically” uncrackable. My comment was a response to the quote from Melih.
Of course they can be cracked but it is doable in a good time period? Like SHA1 can be cracked but it would take about 10 years using very powerful servers.
Also, stealing a certificate will render it useless becasue it will not be valid anymore.
I read about a year ago that enthusiasts gathered “home made” supercomputers using PS3 (CELL processor)…
Alex
That’s the way I’ve chosen to go and I have no complaints.
~Maxx~
[attachment deleted by admin]
Quoted Melih with making impact on ‘there is no way practically’. But appears there is – which is proven by the fact malware writers managed to use valid digital signature to sign malware (info from the 1st message).
---->
I heard Microsoft and Verisign revoked the stolen Realtek certificate, does it mean I’m safe now?Due to the way certificates work, a revoked certificate doesn’t mean the malware will not run anymore. You will still get infected by Stuxnet and the driver will still load without any warning. The only effect of the revoke process is that the bad guys will not be able to sign any further malware with it
There was a lot of fanfare on Saturday when Microsoft and Verisign announced that they had worked together with Realtek to revoke the certificate in question, implying that this somehow improved the safety and security of users. One of our researchers, Mike Wood, who will be presenting a paper this year at Virus Bulletin on the use of certificates by cybercriminals, helped me out by looking into the specifics of how Windows treats signed drivers and DLLs.Mike came to two conclusions. One was that a driver signed with a certificate during its validity period will never expire. That the signing certificate is now expired is irrelevant because the rootkit was signed when the certificate was valid.
Second, Mike determined that the conclusion I had drawn in this week’s Sophos Security Chet Chat was incorrect. I thought that when the certificate was revoked this would prevent drivers that had been signed by it from loading into Windows. This is only partially true; it will only prevent drivers from loading that were signed after the certificate was revoked. This means all existing copies of Stuxnet that are in the wild will still happily load.
Why revoke the certificate at all? I have no clue. It accomplishes absolutely nothing as far as I can tell, except giving the appearance that the powers-that-be are taking actions to protect us
Why revoke the certificate at all? I have no clue. It accomplishes absolutely nothing as far as I can tell, except giving the appearance that the powers-that-be are taking actions to protect usIt prevents future infections by this specific certificate. That's still good enough in my book.
Unfortunately revoking a certificate does not help to expose already infected systems nor the spread of stuxnet for example.
Things could be tightened up by not allowing any driver without a valid signature. That would mean that vendors will have to maintain driver’s signatures until years after release. That’s a change.
Correct me if I’m wrong, but with CIS V5.3 a file signed with a revoked certificate would not be trusted. Thus revoking a certificate is very important.
Freeware and open source developers are already being ■■■■■■■ over by Microsoft’s driver signing ■■■■. Now you want time stamp certificates gone, so developers have to pay money to the CAs every year just to keep their existing software working?
That would be the solution when following the above line of thinking. I was thinking out loud when connecting their dots.
I am aware that this would greatly hurt the open source community.
Well I use Comodo because it alerts me and asks me for every single thing.
I want to know exactly what is going on and I want the option to disallow it if I feel the need for that.
I do NOT want anything trusted without my personal approval.
I would like an easy way to disable the TVL, better management of the TVL and the option to Opt-out of updates to the TVL, only allowing program updates to show notifications.
Please add support in the wish board for a topic like:
Add ability to deselect vendors from the trusted list.
Or create one or more wishes yourself. That way your ideas will be seen for sure.
Good if it is so, but that is only your supposition, right :-X