BUDDY said:
authentic code ? digital certificates? hash?
how do I no that the origianl setup program
that was released buy the programer hasn't been altered or changed,without
a digital signed certificate or hash info included with the program ? hah ?
Seriously??? Is this a legitimate question?
Ah, you don't... of course, even then, you have to rely upon whatever
HAS been supplied as being what it is *supposed* to be, and who its
supposed to be from, that's the product, location, verification method,
AND the worth of the purported validation.
Its like any other similar authority and verification; who do you trust
to supply you with the product, service, whatever, and the
verification... ANYTHING can be forged or altered, including
certificates, authenticode, and hash values, ask any competent hacker.
Even the supposed Trust suppliers like Verisign could potentially be
forged, and a hack could, potentially, produce seemingly valid hash.
Questions would include: Who's certificate is going to verify, self or
otherwise, and how trustworthy is it; what program created the hash and
what did you use to verify; did you SEE the creation of the hash and/or
did it come DIRECTLY from the supplier; do you KNOW and trust the
supplier; who verified the authenticode and do you TRUST that
party/site/whatever; etcetera.
It boils down to whom you trust... which is much abused out here...
As an advisement, please do not cross-post... pick the appropriate forum.
To the forums: if you know where this originally came from, please kill
the cross-postings..
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
