What exactly does a broken signature mean?

Discussion in 'other security issues & news' started by oma53, Nov 29, 2010.

Thread Status:
Not open for further replies.
  1. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Hello,
    First a little history if I may please.
    AVG found the following errors approx a week ago.
    C:\WINDOWS\Installer\f38be.msi";"The file is signed with a broken digital signature, issued by: AVG Technologies.
    C:\WINDOWS\Installer\7c8c4.msi";"The file is signed with a broken digital signature, issued by: AVG Technologies.
    C:\WINDOWS\Installer\52eba0.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
    C:\WINDOWS\Installer\409009.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
    C:\WINDOWS\Installer\304810.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
    C:\WINDOWS\Installer\16cecc.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
    C:\WINDOWS\Installer\16cea3.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
    C:\WINDOWS\Installer\14589.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
    C:\WINDOWS\Installer\128200.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.

    AVG is not stating this is a virus but just letting me know the status of the files.
    I did the following to make sure my system is clean.
    MalwareBytes quick and full scan
    SuperantiSpyware full scan
    AVG Rescue CD full scan
    Avira Rescue CD full scan
    Slaved HD into system with Norton and ran full scan
    Sent the files in question to VirusTotal
    After all this everything was clean, not even any cookies.

    After researching this and being told by AVG to basically ignore this I am more confused as ever.
    For example, one file will state the author is Microsoft by placing the cursor over it but if I check the properties, it stated the certificate if from AVG. All of the dates on the certificates are not expired, it just states “The digital signature is not valid”.

    What could cause a file to be broken?

    As you can probably tell I am not that computer savvy so any help would be greatly appreciated.

    Thank you.
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well,

    Google for digital signatures, you will get a hunch.

    Broken could mean litterally broken, thus the algorithme of old public private encryption mechanismes might be broken, either because the private key is publicly known (or updated) or the algoritme is old (we shifted from 32 to 64 to 128 bits to .. encryprion algorithmes).

    So since they are allready installed, nothing to worry about (can't be revoked and your system is clean).

    Next time when you face something simular, upload the files to a multi AV-scanner like you did. You can tell Windows/Vista to only elevate signed programs http://netsecurity.about.com/od/secureyourwindowspc/tp/uacpolicy.htm

    Now run REGEDIT and look what your settings are:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System

    "ValidateAdminCodeSignatures"
    User Account Control: Only elevate executables that are signed and validated 1 = ON 0=OFF (default)

    When you try to install an unsigned program, you get a strange "could not connect to server" error (stupid Windows/Vista error description), don't be terrified by it, means that the program was not signed.


    Regards Kees
     
    Last edited: Dec 1, 2010
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Unfortunately, this implementation brings two problems:

    1- Many legitimate applications are not digitally signed;
    2 - There's a considerable lag between the moment a person executes an application with administrative rights and the moment the box to allow such action/enter credentials appears.

    This is not too appealing, I'm afraid. Besides, it cripples user experience.
     
  4. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Thank you Kees1958 for the reply.

    Your description led me to a few webpage’s that I had overlooked before.
     
Loading...
Thread Status:
Not open for further replies.