Re: how to run application(exe) in browser

"Ajay Kalra" <ajaykalra@xxxxxxxxx> wrote in message
news:830b9ca5-4015-44ef-99da-992f589f1559@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
A signed control not only says who signed it (which could be a stranger
and
thus not mean much) but it also guarantees that the control was signed by
the person whose signature you see (and not someone else claiming to be
that
company), and also that the control was not since altered (perhaps with a
virus) after being signed. So a signed binary (control or exe) does have
more validity than an unsigned one.


I dont think so. I did this several years ago by paying Verisign and
there was nothing that anyone else couldnt have done. Person who
signed the control doesnt guarantee that the person is trustworthy.
The process is essentially meaningless for anyone other than major
corporations.


I sign my releases with my certificate that says DC Software Design, Inc.
That might be a stranger to you, but I had to submit documents proving my
business was established at the location I said it was.
Joe Malware Hacker could not have gotten a certificate that said DC Software
Design, Inc. since Verisign would have checked that. Well, in the past,
certificates have been issued for Microsoft that I guess were applied for by
other individuals, and the certificates were issued when they shouldn't have
been. But they have since been revoked, and are no longer recognized as
valid (Windows updates its cache of revoked certificates every so often;
it's a policy setting somewhere).

Personally, if I download shareware from some no name person, I find it
assuring when the .exe is signed by something that looks like it came from
that person. It's not foolproof, but to say it is essentially meaningless
is going too far the other way.

-- David



.

Relevant Pages

  • Re: Q323172 Update trashes Outlook Express, NAV and others
    ... as to the possibility of Dell having Windows 2000 on ... >Certificate Enrollment control. ... >that deletes the certificates on a user's system. ... The attacker may create a Web page that exploits the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Error number: 0x8DDD0004
    ... depth changes introduced in cumulative security update 896688 ... In Control Panel, ... Click Add/Remove Windows Components. ... Select the Update Root Certificates check box. ...
    (microsoft.public.windowsupdate)
  • Re: Build an CA with an external root certificate
    ... > our root are not trustworthy. ... Simply purchase any certificates that must be trusted by people ... Subordinate an issuing CA to an external provider (Verisign, ... the issuance and renewal process (don't care about control, buy or host, ...
    (microsoft.public.windows.server.security)
  • Re: site certificates
    ... The certificates in the root store contain ... If you are asking what an attacker can do once they control your IE ... The best idea is not to allow an attacker to control your IE session ...
    (microsoft.public.security)
Loading