Why NOD32 not verify the existence of the Code Signing certificate ?

Only Nod flags it?

 

1/41 - NOD32

 

To Eugene Lachinov:
Do you talk about managed file (strong names) or native file verification(authenticode)?

Microsoft implementation can be slow because it can go online and ask certification authority (CA) thought OCSP protocol or by https to verify revocation list. Of course you can attack it by adding root certificate to trusted root of local machine.

It was made successful attak to MD5 digest algorithm a few months ago. A few weeks ago was published article which describe way how to decrease complexity of attacking sha-1.
http://www.theregister.co.uk/2009/06/10/digital_signature_weakness/

I thing 99% of root CA using MD5 or SHA-1. So do you thing that is still good idea.

 

Native file verification

Optional

I think that the codesigned file - it is a virus (description, actions) or not. Not "probably unknown NewHeur_PE virus".

 

Again Alert "probably unknown NewHeur_PE virus" ,
www.virustotal.com 1/40 - NOD32

~Virus Total link removed per Policy.~

 

Again Alert "probably unknown NewHeur_PE virus" ,
www.virustotal.com 1/41 - NOD32

 

Hello,

For information on how to submit virus or potential false positive samples to ESET's labs for examination, please see ESET Knowledgebase Article #141, "How to submit virus or potential false positive samples to ESET's labs."

Regards,

Aryeh Goretsky