If a file is signed does that mean it is clean?

Please read post #27

Thanks

 

Here's a fake Kaspersky digital cert on this nasty i DL'd today

fil3.exe = Trojan/Zeusbot - VT Result: 20/42 (47.62%)







Scan clearly shows Unsigned



Obviously for anyone taking even a casual look at it, it's red flag alert time. But not many people would

 

Did you test it on CIS to see if it would bypass it?

Thanks.

 

Who me ? I don't have CIS. If you want to test it, PM me

 

Ok, I wil do that.

 

Hmm. So you admit that you don't know much about crypto and then you go on to tell someone who does know something about it that they don't know what they're talking about. Interesting.

BTW, Windchild is right. It would take longer than the age of the universe to crack a 128 bit key even if every computer on earth worked on it at once. The RSA asymmetric cipher has been around since the mid 70's and it has not been cracked yet. AES is the standard for symmetric crypto and its been around over 10 years and has not been anywhere close to broken. It has had reduced round variants reduced in complexity, but there's no known attacks on the full round version.

DES has been around since the 70's and even though the original keylength is too short to be secure now, there is triple-DES which is 168 bits (it has been reduced by cryptanalysis to 112 bits now, but 112 bits is still ungodly strong).

 

I do not want to insult you but with all due respect I never said that I did not know cryptography I only said that I cannot talk about it. Do you know the difference between "cannot talk" and "don't know"?

Thanks.

 

To all wizards of cryptography. Here are two challenges for you. Simple ABC really, for all you geniuses. Please break the purple and the enigma machines.

P.S.: These machines have been broken since WWII. Their codes have been part of the curricula of a lot of cryptography circles, some sort of the Bletchley Park of the 21st century. Thus I would like someone who pompously claims that he knows cryptography to try. These machines are the only ones I can mentioned since their codes have been declassified.

Nothing to difficult for the cryptography geniuses of this thread; it is just like an open book exam. Please make me proud. Please PM me your answer whenever you are ready and I'll give you a Pass or Fail grade. Please do not be afraid of the assignment William F. Friedman and Alan Turing tried and succeeded, well you can too. To make thing easy you can even copy their works if you like and try to replicate their approaches in breaking purple and enigma. Please try very hard and do not let me down.

Thanks.

 

Tried it- fil3.exe.
CIS v5 beta fails but it,s a known bug now, to be fixed. See here.

http://forums.comodo.com/beta-corne...e-execution-t60089.0.html;msg422319#msg422319

 

Why would we want to "break" a cipher that has been broken since WWII? I mean this is public knowledge and is not a challenge at all.

 

When someone says they "cannot speak" about a subject, it is normal for the other party to assume they mean that they don't know enough to talk about it. The last thing I would expect is that the other party is some NSA spook who is under some secret oath. So, excuse me for the confusion.

~ Snipped as per TOS ~ You obviously have no idea about cryptography. I am finished with this thread.

 

I did. Unfortunately it answered none of my questions.

Seriously, can we stop with the evasiveness and the mystery play? You said you started this thread for discussion and finding solutions. You're going to achieve neither by getting offended over disagreements. There's no need for that. I don't have any fancy solutions to any of the issues, and I suppose others don't have such solutions either. And you seem pretty happy with what F-Secure has suggested in their paper. So what's the big problem here?

I'm fairly sure he does know the difference. It's probably just that he has a hard time deciding what to make of your "I cannot talk about crypto" comment. I have that problem myself, you see. I guess you're not going to reveal why you can't talk about cryptography, so, that'll remain a fascinating mystery to us. But apparently you are going to drop off codebreaking assignments for us and boast about giving grades - and, you know, not actually explaining why others haven't got a clue but you do. So, I guess one is supposed to infer from all of this that you're some kind of an expert on cryptography, maybe doing cryptanalysis for some three-letter-agency in your country, and that's why you can't talk about crypto. And I guess one is supposed to just believe that an expert on cryptography would be a) sitting on a Windows security forum talking about how scary they find malware with stolen digital signatures to be and b) testing security software from Comodo of all vendors. Ok, if I swallow all of that stuff, will you then answer my question on whether the Kaspersky-signed trojan you tested with CIS had a valid signature or not? Or is this 'discussion' going to continue like an "I'm not talking to you" act at the kids' sandbox?

World War Two encryption machines haven't got much to do with a discussion on digital signatures on malicious files. But if you can explain why they'd be relevant, I'm all ears. But rest assured I'm not going to be taking on any assignments from people who don't bother to answer simple questions that are actually relevant to the topic. Or do anything at all about anything that's been broken for longer than most Wilders members have lived. Get real.

 

Thanks, guys. Invalid signature it is, as expected.

 

Aigle did you try that in 4.1 D+ and sandbox? Also what about some other HIPS such as MD or the HIPS in Online Armor?

thanks for the info

 

@ aigle

Good you got it and tested it

Your Comodo link is only viewable by Comodo Forum members

 

Who told you that I was offended?

Great, let's leave it at that.

P.S.: I like mystery.

Man I'm as clueless as you. No more no less

Who told you that I was an expert? You are inferring too much.

Man you are so easy to be fooled.

Well for someone who knows something I thought this assignment should have been regarded by you as kindergarten work.

In the end I would like to ask you to refrain yourself from making assumptions about me.

Thanks.

 

@ everybody

I can see that some would like to turn this thread into a cryptography mania. However, this thread is not about cryptography. Such a subject could be a subset of the argument but not its entirety. If one has an interest to discuss cryptography, therefore such a person is free to create a specific thread just for that purpose.

Thanks.

 

I tested only version 5 beta. Wil try again after they fix it.

 

Well said. In today’s highly connected world, an instance of a well-respected and trusted source (e.g., Kaspersky or Symantec) having their VeriSign Class 3 Coding Signing certificate stolen would become public knowledge quite quickly, I suspect.

I appreciate the point, but, in fairness, let’s recognize that the subject of the thread is indeed about “signing” -- which is an application of cryptography.

 

Please read further along on post #67 when I said: "Such a subject could be a subset of the argument but not its entirety."

Thanks.

 

Does anybody here KNOW which windows 7 services/features must be active so that the digital signatures are checked or verified?

If I have used the wrong terminology please forgive that.

 

Uh, how do you think digital certs work? They operate by using cryptography. The subject of cryptography is very appropriate here.

 

Please re-read post #67 and read post #70 if you have not.

Thanks.

 

It is fixed now.

 

after reading this thread a while back I attempted a proof of concept.
(file was not detected before digital signature)

only 1 detection? why don't more anti viruses notice this trend.