Re: strange software > winsupdater.exe

[Valdis.Kletnieks () vt edu]

On Thu, 17 Mar 2005 03:08:14 PST, Harlan Carvey said:

> However, you _can_ get a warm fuzzy if the file has
> the MS file version information compiled into it. 

And you verify the authenticity of your warm fuzzy how, exactly? 

const char MS_version[] = "bogus MS file version info goes here";

(Remember - we've already had major worms that crafted a totally bogus
"X-Virus: scanned by" header claiming a real AV had scanned it....)

> That warm fuzzy can be increased if the file is
> digitally signed by MS.

First, go back and re-read http://www.cert.org/advisories/CA-2001-04.html

Second, remember that you're worried that the machine is compromised - and
you're asking it to verify the signature.  Again, if the box is compromised,
the DLL that verifies signatures could be backdoored as well.

This is why you *really* need to boot from a known-clean CD and verify the
signatures from there.

Attachment: _bin
Description: