Is Authenticode a Solution?
Code signing is an important tool for certifying the authenticity and the integrity of programs. But as we will see, Authenticode does not provide “safety,” as is implied by Internet Explorer’s panel.
Signed Code is Not Safe Code
Code signing does not provide users with a safe environment where they can run their programs. Instead, code signing is intended to provide users with an audit trail. If a signed program misbehaves, you should be able to interrogate the signed binary and decide who to sue. And as the case of Fred McLain’s Internet Exploder demonstrates, once the author of a malicious applet is identified the associated software publisher’s credentials can be revoked, preventing others from being harmed by the signed applet.
Unfortunately, security through code-signing has many problems:
- Audit trails are vulnerable.
Once it is running, a signed ActiveX control might erase the audit trail that would allow you to identify the applet and its author. Or the applet might merely edit the audit trail, changing the name of the person who actually signed it to “Microsoft, Inc.” The control might even erase itself, further complicating the task of finding and punishing the author. Current versions of Microsoft’s Internet Explorer don’t even have audit trails, although audit trails may be added to a later release.
- The damage that an ActiveX control does may not be immediately visible.
Audit trails are only useful if somebody looks at them. Unfortunately, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access