What exactly does a broken signature mean?

Hello,
First a little history if I may please.
AVG found the following errors approx a week ago.
C:\WINDOWS\Installer\f38be.msi";"The file is signed with a broken digital signature, issued by: AVG Technologies.
C:\WINDOWS\Installer\7c8c4.msi";"The file is signed with a broken digital signature, issued by: AVG Technologies.
C:\WINDOWS\Installer\52eba0.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
C:\WINDOWS\Installer\409009.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
C:\WINDOWS\Installer\304810.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
C:\WINDOWS\Installer\16cecc.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
C:\WINDOWS\Installer\16cea3.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
C:\WINDOWS\Installer\14589.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.
C:\WINDOWS\Installer\128200.msi";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.

AVG is not stating this is a virus but just letting me know the status of the files.
I did the following to make sure my system is clean.
MalwareBytes quick and full scan
SuperantiSpyware full scan
AVG Rescue CD full scan
Avira Rescue CD full scan
Slaved HD into system with Norton and ran full scan
Sent the files in question to VirusTotal
After all this everything was clean, not even any cookies.

After researching this and being told by AVG to basically ignore this I am more confused as ever.
For example, one file will state the author is Microsoft by placing the cursor over it but if I check the properties, it stated the certificate if from AVG. All of the dates on the certificates are not expired, it just states “The digital signature is not valid”.

What could cause a file to be broken?

As you can probably tell I am not that computer savvy so any help would be greatly appreciated.

Thank you.

 

Well,

Google for digital signatures, you will get a hunch.

Broken could mean litterally broken, thus the algorithme of old public private encryption mechanismes might be broken, either because the private key is publicly known (or updated) or the algoritme is old (we shifted from 32 to 64 to 128 bits to .. encryprion algorithmes).

So since they are allready installed, nothing to worry about (can't be revoked and your system is clean).

Next time when you face something simular, upload the files to a multi AV-scanner like you did. You can tell Windows/Vista to only elevate signed programs http://netsecurity.about.com/od/secureyourwindowspc/tp/uacpolicy.htm

Now run REGEDIT and look what your settings are:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System

"ValidateAdminCodeSignatures"
User Account Control: Only elevate executables that are signed and validated 1 = ON 0=OFF (default)

When you try to install an unsigned program, you get a strange "could not connect to server" error (stupid Windows/Vista error description), don't be terrified by it, means that the program was not signed.


Regards Kees

 

Unfortunately, this implementation brings two problems:

1- Many legitimate applications are not digitally signed;
2 - There's a considerable lag between the moment a person executes an application with administrative rights and the moment the box to allow such action/enter credentials appears.

This is not too appealing, I'm afraid. Besides, it cripples user experience.

 

Thank you Kees1958 for the reply.

Your description led me to a few webpage’s that I had overlooked before.