TVL VS signed malware

Freeware and open source developers are already being ■■■■■■■ over by Microsoft’s driver signing ■■■■. Now you want time stamp certificates gone, so developers have to pay money to the CAs every year just to keep their existing software working?

That would be the solution when following the above line of thinking. I was thinking out loud when connecting their dots.

I am aware that this would greatly hurt the open source community.

Well I use Comodo because it alerts me and asks me for every single thing.

I want to know exactly what is going on and I want the option to disallow it if I feel the need for that.

I do NOT want anything trusted without my personal approval.

I would like an easy way to disable the TVL, better management of the TVL and the option to Opt-out of updates to the TVL, only allowing program updates to show notifications.

Please add support in the wish board for a topic like:
Add ability to deselect vendors from the trusted list.
Or create one or more wishes yourself. That way your ideas will be seen for sure.

Good if it is so, but that is only your supposition, right :-X

This improvement was listed in the release notes (“FIXED! AV does not validate the revocation status of the certificates in signed binaries”).

AV :-\ That’s not funny: how about Firewall/Defense+ components

It was fixed; thus it does validate the revocation status of the cert in signed binary’s

hope this helps


You didn’t tell smth new if you were referring to release notes displayed above. If you were not, then what was fixed?

Secondly, release notes tell “FIXED! AV does not validate the revocation status of the certificates in signed binaries”. So now AV does validate the revocation status. But AV is irrelevant, because Fw/D+ components of CIS are of special interest (whether they can recognise revoked cert and not trust it), not AV.

It is relevant because of how an unknown file gets assessed:

When an executable is first run it passes through the following CIS security inspections:

Antivirus scan
Defense+ Heuristic check
Buffer Overflow check

These are the first things CIS checks.

And if AV is not installed (by the way, officially supported CIS setup), is it relevant?

Why not give the option to allow a person to not use the trusted vender list and help prevent the spread of malware. every time I have had a problem it was beyond repair and could not submit any files so you better start surfing the web and find these viruses malware if you want to find the problems I have had my computer wiped out multiple times simply because of the ads many “trusted” vendors put on their page. They should be required to pay a $5000 fee for not checking their own page to the people they infected with the ads. I have had my computer wiped out twice on the microsoft page alone. The bad part If my computer didn’t allow the trusted vendor to just automatically connect to the internet, the malware would not have been able to wipe out my computer. I blame all firewall companies that use trusted vender lists to bypass what a customer wants. Why not allow the customer set it to ask if they want to use the trusted vender list or not and display a warning that when the vendor list is disable you will be prompted any time a new program wants to connect to the internet. Not hard but it does prove one thing the only thing any of these software companies that force the use of a trusted vender list are only after money and are telling their customers to go to h… I don’t use foul language but all of you companies that are ignoring your customers are getting on my nerves. >:-D >:-D >:-D

And I only use the firewall not any of the other garbage that comes with it. So don’t tell me about steps that my computer doesn’t do for an excuse on why you refuse to give the option to disable the trusted vender list. I use another antivirus and spyware to avoid false positives which I always get from comodo.