You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

03: How secure is it just to use the digital signature? Can someone spoof a digital signature?

Digital Signature Signed by the application vendors and it's near impossible to associate malicious content with a valid digital signature of a known application like Autodesk, Adobe etc.

However, we strongly suggest securing your environment with combo rules i.e. Signature with File Info. For more information on this topic please check this link of a video KB.

Certificates are generated by CA (Certification authority), such as Thawte, DigiCert, etc. Though it is possible and valid to generate more than one certificate with the same Subject Name. All trusted CAs are supposed to VERIFY certificate requests and their origin and ensure that a cert request for, Adobe Inc., actually came from Adobe and not John Doe., Public.

Even then CA issue a certificate for Adobe Inc., to a bad guy, Microsoft will have it removed from the trusted CA list.

Using THUMBRINT (or FINGERPRINT) also gives an added benefit. It is a unique identifier of the certificate. It is not included in the certificate but computed when needed using algorithms such as SHA1 or SHA256.

THUMBPRINT verifies a particular signature like dated for this year, versus an exact looking signature, but dated for another timeframe

Finally, please check this Microsoft Doc on how most application vendors associate digital signatures with their installers or EXE files. https://docs.microsoft.com/en-us/windows/win32/msi/digital-signatures-and-windows-installer

  • 1110
  • 09-Nov-2021
  • 661 Views