Sunbeltblog comments
Hmmm...on the certificate
ormond systems limited
Belize City
BZ
So this is how Vista's signing requirement improves security?
1.) Will Thawte revoke this cert?
2.) Will Vista's install even check the assembly for revoked certs?
Pretty sad state of affairs...
I did send a note to Thawte on their tech support link. Who knows when the cert will be revoked.
Firecodec seen 2 weeks ago carries a commodo cert as well as it predacesor.
I think this is what to expect for future,some will have to light fires under many cert carriers,yes?
That is indeed a problem. I watched that over the past years and the code signing companies simply sign all kinds of stuff - including real (!) malware - and i am not only speaking about spyware or adware. Problem is here as in any other security company: Resources. It takes far too long to research every new application for code signing in deepth. So stuff gets signed that shouldn't ever seen the light of any operating system...
Mike
red-codec.net red-codec.v3.001.exe
Seems to be the flavor of the day,also using inno installer and has a certificate as well.
Cheers Mike,hows Clearwater treatin ya?
MJ
I've seen a number of malware files, including a rootkit, with certs from Commodo.
Just wanted to comment that this has been helpful. I have been hijacked with this program. Interesting that when I went to ADD or DELETE programs in the control panel, it showed up as Anark client 4, and made to look like I installed it back in April of this year. What a mess.
Thawte-issued certs have been used to sign malware for years. When challenged they refuse to revoke, or give any contact details to allow the malware producer to be identified.
Certainly code-signing is not supposed to ensure safety in itself (although the CA agreements include a clause against malware so Thawte et al would be well within their rights to revoke anyhow). But it *is* supposed to positively identify the originators of offensive code so they can be followed-up and sued.
Without that element the certs are completely useless. It is unclear whether the CAs actually have proper contact information themselves: they might simply be failing to do the supposed identity checks, rather than deliberately hiding information to protect their shady customers.
However Verisign (who own Thawte) were quite happy to revoke Atsiv's code cert when Microsoft leaned on them, on the flimsy pretense that it counted as malware.
(Of course Verisign/Thawte owe their happy situation - of being able to pick up stacks of cash for just sitting on a few private keys all day picking their nose - entirely to MS's generosity in keeping them in Windows's Trusted CA list, so we can expect them to kow-tow. And their malware-writing customers pay them too. Us lot, who they're supposed to be serving by guaranteeing trust, are of no consequence.)
Good example of the concerns I have about the whole cert situation.
This promotes some degree of the phrase:
"This file has been digitally signed and certified"
Leads one to believe that it has been checked out extensively and its author went to the trouble of the digi sig to maintain thier good reputation.
This just isnt the case,digi sigs are completely useless and totally misleading and should not be given the crediability they have allready.
Commodo,im my eyes,has one more hard strike against them,again,thier words and work are worth f00p00 to me,mean nothing.
Looks like clearwater has silenced the SunGod? 
From whois for power-antivirus-2009 com (which domain status is suspended, but DNS and WWW servers works very well) I take one word "Volovoso" and with Google Search I found another domains which are very similar [that same EULA, Policy privacy etc.]. Some works, some not:
- thespybotpromo com
- softtraf com
- spyshredderscanner com
- malwscan com
Commenting by HaloScan
