Digitally signed malware is easy to spot of course. ;-) However a whitelist should only contain trusted vendors. Accepting any digital signed piece of software isn't a good idea.
Richard -----Original Message----- From: Alex Eckelberry [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 10:10 AM To: Florian Weimer Cc: Richard M. Smith; funsec Subject: RE: [funsec] Texas Bank Dumps Antivirus for Whitelisting * Florian Weimer: > You should insist on AuthentiCode signatures from your vendors. > After that, you only need to maintain a list of vendors. I've seen a fair amount of malware that is digitally signed. I just don't buy the AuthentiCode argument. Alex _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.