Dailydave mailing list archives
I love PKI :) (was Some Propaganda.)
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Thu, 16 Nov 2006 19:39:36 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dan () geer org wrote:
Joanna Rutkowska writes: | ...snip... | Existence of such tools, as Piotr is working on, should really convince | and encourage *all* developers to digitally sign their executables. | May I assume that if a signature is good, then code will be run while if a signature is bad, then code will not be run.
You should rather think of it this way - once the signature is broken (or doesn't exist in case of a Windows system file) then it's relatively easy to detect that something is wrong in the system. So, attacker should have not interest in breaking or removing signatures.
However, would Vista remember that a bit of code used to have a signature wrapped around it and now, magically, does not?
I don't think that Vista tracks such an information (and I'm too lazy to try). However, in the ideal world we could assume that all executables must have a signature, so anything without a signature would be easily detectable and suspected. No, Microsoft didn't pay me to write this;) Just to make it clear - I don't think that enforcing the use of digital signatures on all executables is an effective way to *block* malicious code execution. That would never work in 100%, as there is always a possibility to find a bug (in a signed application) and exploit it, not to mention that anybody could buy a signature and sign his or her malicious code with it. But I think that having digital signatures is the only way we could (start) building a reliable and systematic *integrity verification* tool for our OS (note that I didn't write "compromise detector"). Of course, that would allow us only to detect type I malware, but we need to start from something, right? ;) Focusing on type II malware detection, without first solving the problem of detecting type I malware doesn't make much sens. Also, it should be clear that signatures would not solve the problem of type 0 malware - i.e. will not detect a potential malicious executable (which is not interested in modifying other process or system kernel, but still is "malicious") signed with a valid signature. But type 0 malware detection is not really an OS integrity verification issue and this is something I leave to the "classic" A/V industry :) joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFXLAqORdkotfEW84RAnTYAJ9qIRsCHbHO87UCYxy14UzwtbiV+QCeNOuW WGI+qXL/Yu7L1L1zuOccDUM= =EesH -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Some Propaganda. Piotr Bania (Nov 14)
- Re: Some Propaganda. Arun Koshy (Nov 14)
- Re: Some Propaganda. Joanna Rutkowska (Nov 15)
- Re: Some Propaganda. Halvar Flake (Nov 15)
- Re: Some Propaganda. dan (Nov 15)
- I love PKI :) (was Some Propaganda.) Joanna Rutkowska (Nov 16)
- Re: I love PKI :) (was Some Propaganda.) ergosum (Nov 17)
- Re: I love PKI :) (was Some Propaganda.) Danny Quist (Nov 19)
- <Possible follow-ups>
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Marek Bialoglowy (Nov 16)