How can digitally signed executable be "secure" ?

24 May 2006 7:55 PM

Polaris

Hi Experts:

I know the purpose of signing an executable (say, by VeriSign) is to make it
more securer. But can anyone explain why ?

If I use my private key to sign an executable, I guess the content of the
executable is changed ? Is it just the exe file header change? What if some
hacker exam the binary header and somehow can make an exe with same name as
mine and with same look in the file header (pretend to be signed digitally)?

Thanks in Advance !

Polaris

24 May 2006 8:41 PM

Doug Knox MS-MVP

http://www.answers.com/topic/digital-signature

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

Show quote Hide quote

"Polaris" <etpola***@hotmail.com> wrote in message news:eO5FWw2fGHA.3456@TK2MSFTNGP05.phx.gbl...
> Hi Experts:
>
> I know the purpose of signing an executable (say, by VeriSign) is to make it
> more securer. But can anyone explain why ?
>
> If I use my private key to sign an executable, I guess the content of the
> executable is changed ? Is it just the exe file header change? What if some
> hacker exam the binary header and somehow can make an exe with same name as
> mine and with same look in the file header (pretend to be signed digitally)?
>
> Thanks in Advance !
>
> Polaris
>
>

25 May 2006 1:40 AM

Harvey Colwell

A digitally signed executable is guaranteed to not to have been tampered
with during transmission and that it does in fact come from the individual
that says they sent it (or was created by the individual that says he
created it). But in NO WAY does this mean that the executable is actually
safe. Digitally signed malicious has been distributed.

Of course, as soon as these signer was identified, the Certificate Authority
for that individual revoked their digital certificate. But the malicious
code still got installed by many people.

Show quoteHide quote

"Polaris" <etpola***@hotmail.com> wrote in message
news:eO5FWw2fGHA.3456@TK2MSFTNGP05.phx.gbl...
> Hi Experts:
>
> I know the purpose of signing an executable (say, by VeriSign) is to make
> it more securer. But can anyone explain why ?
>
> If I use my private key to sign an executable, I guess the content of the
> executable is changed ? Is it just the exe file header change? What if
> some hacker exam the binary header and somehow can make an exe with same
> name as mine and with same look in the file header (pretend to be signed
> digitally)?
>
> Thanks in Advance !
>
> Polaris
>

25 May 2006 2:30 AM

Steven L Umbach

The name of the file could be the same but the content of the file would be
different and then the hash value would not match the original. I am not
sure exactly what is used to determine the hash but I understand enough is
used to make the technology very secure. I believe file size is used as one
element so if the file contains one more or less character that alone would
be enough to make the hash different. If you are using Windows XP Pro or
Windows 2003 you can use Software Restriction Policies to make hash rules so
you could try changing a file and see what happens to the computed
ash. --- Steve

Show quoteHide quote

"Polaris" <etpola***@hotmail.com> wrote in message
news:eO5FWw2fGHA.3456@TK2MSFTNGP05.phx.gbl...
> Hi Experts:
>
> I know the purpose of signing an executable (say, by VeriSign) is to make
> it more securer. But can anyone explain why ?
>
> If I use my private key to sign an executable, I guess the content of the
> executable is changed ? Is it just the exe file header change? What if
> some hacker exam the binary header and somehow can make an exe with same
> name as mine and with same look in the file header (pretend to be signed
> digitally)?
>
> Thanks in Advance !
>
> Polaris
>