undefined | Better HN

0 pointsepistasis9y ago0 comments

And presumably those certificates are revoked, or will be revoked soon.

Nothing is 100% accurate in security. But code-signing is still far more protective than virus scanners. Given evading a virus scanner and evading code-signing, one of these is far easier than the other.

0 comments

3 comments · 1 top-level

iancarroll9y ago· 2 in thread

> And presumably those certificates are revoked, or will be revoked soon.

The way code signing works means this doesn't matter. So long as the certificate wasn't revoked when the file was signed, the signature will be indefinitely valid.

Ignoring the fact good AVs are difficult to evade because of things like behavior blocking and heuristics, you also won't be able to protect yourself against adware, because they are borderline legal and are almost always signed.

epistasisOP9y ago

Of course code signing could allow revocation, not sure what you mean by it not being done currently.

Antivirus doesn't stop adware either, does it? If you're going to start disallowing certain software it's going to be far easier to do it based on certificates than it will be on heuristics.

iancarroll9y ago

Doing revocation checks on every executable whenever it's launched would introduce non-trivial latency with starting applications and a _lot_ of load on revocation servers. It probably wouldn't be feasible.

And yes, AVs stop adware ("potentially unwanted programs") unless you tell them not to.

1 more reply

j / k navigate · click thread line to collapse