Bitdefender And Digital Signature Authentication

coolcool1227
coolcool1227 ✭✭✭
edited December 2012 in Antivirus

1) Does Bitdefender verify the "Private Key" for signing the files or simply check the Certification Authority (CA)?


2) How does Bitdefender protect in the situation when the document is saved - a point at which a new digital signature would have to be created?


3) What if the files is fakely digitally signed, but is still malicious? Does Bitdefender don't detect the malicious behavior of fakely signed files?

Comments

  • coolcool1227
    coolcool1227 ✭✭✭

    Any reply?

  • Nedim
    Nedim
    Any reply?


    You know you have to be patient to get reply here.


    I m waiting too.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Bitdefender keeps a direct connection with our cloud servers and all digital signatures are verified.


    Also, usually when a digital certificate is revoked, Microsoft releases a hotfix that is immediately pushed via Windows Update, so is recommended to always have Windows Update turned on and set to Automatic.


    Under these parameters, the situations from 2. and 3. are practically avoided via security settings from the operating system. Also, since we are talking about digital signatures and malware, I believe that most situations involve .sys files via a rootkit infection that are signed with fake are revoked digital certificates.


    Please read the articles from hotforsecurity.com about Stuxnet.


    Thank you!

  • coolcool1227
    coolcool1227 ✭✭✭
    edited February 2013
    Hello :)


    Bitdefender keeps a direct connection with our cloud servers and all digital signatures are verified.


    Also, usually when a digital certificate is revoked, Microsoft releases a hotfix that is immediately pushed via Windows Update, so is recommended to always have Windows Update turned on and set to Automatic.


    Under these parameters, the situations from 2. and 3. are practically avoided via security settings from the operating system. Also, since we are talking about digital signatures and malware, I believe that most situations involve .sys files via a rootkit infection that are signed with fake are revoked digital certificates.


    Please read the articles from hotforsecurity.com about Stuxnet.


    Thank you!


    Sorry I can't understand fully. First kindly re-phrase your reply for non-cloud systems, means e.g I disable my internet connection, then what will happen?


    Also you did not clear the first question. The 2nd one is related to Document Protection, a separate option provided by some vendors in their security suites. And for the third one I means that a fakely signed malicious file was missed by Bitdefender by digital signature authentication, then how will it can detected by other techniques integrated in Bitdefender signature, heuristics, behavioral blocking etc. I don't think so , my questions are related to the security settings of the OS as I am not talking about OS systems files etc, and what you replied is related to the Vulnerability Scan feature in the Antivirus.

All Time Leaders

Categories

Defenders of the month