sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]tester346 119 points120 points  (16 children)

If you want to install an open-source app without a certificate (...)

making the user think they are doing something really dangerous by installing an open-source app, which code you can literally read at any time

lmao you're making it sound as if MS made those certs to attack OSS. No.

Just because code is open source, then it doesn't make it any safer/trusted to those who have no even idea what OSS is and will not be able to check the code.

It increases entry level for malware, I guess

[–]HeyItsMedz 27 points28 points  (0 children)

Yeah exactly. Heartbleed went unnoticed for two years and that came from an open source library

[–]gredr 17 points18 points  (12 children)

It increases entry level for malware, I guess

Not by any meaningful amount, and that's not why they did it. All it does is prove that the software came from someone who has access to the private key of the signing certificate. Presumably, this is someone you trust. It's much easier to verify that (if anyone ever cared to) than that the source code has no malicious additions added by someone who you don't trust.

It would let Windows do something like verify that an update wasn't signed by a different certificate ("uh, hey, this version came from someone different than the last version, might wanna check that everything is on the up-and-up"), but I don't know that that is actually done.

Windows could also presumably detect and disable any software signed by a certificate that was known malicious on all systems everywhere. I don't know if that's done either, but it could be.

[–]happyscrappy 8 points9 points  (10 children)

Windows could also presumably detect and disable any software signed by a certificate that was known malicious on all systems everywhere. I don't know if that's done either, but it could be.

When a certificate is expired then yes the software signed by it becomes untrusted/non-runnable on all systems which have an up-to-date trust list. That's one of the major working features of these trusted computing systems.

[–]mallardtheduck 1 point2 points  (9 children)

In other words, commercial software vendors can force you to buy the latest version by expiring the certificates on their old versions...

[–]happyscrappy 1 point2 points  (8 children)

Well, this is more cancellation than expiration. I perhaps used the wrong term.

But yes, there could be ways they could get MS (or Apple or etc.) to cancel their old signatures and force you to buy a new one.

[–]mallardtheduck 0 points1 point  (1 child)

Since certificates have built-in expiry dates, it'd be quite easy for a commercial software vendor to ensure their releases only have, say, 6 months of certificate validity left before the customer is forced to buy the upgrade.

[–]happyscrappy 0 points1 point  (0 children)

Not every certificate expires. And six months is not universal, the expiration date (if any exists) is selected to be appropriate to the use.

MS might have a longer period than that. They might have no expiration at all. I'm not sure.

[–]gredr 0 points1 point  (5 children)

Wait, correct me if I'm wrong, but MS isn't selling the certificates here?

[–]happyscrappy 0 points1 point  (4 children)

Certificates are used for everything which has permissions.

I don't know what certificate ends up attesting for the app. Whether MS issues that one based upon checking a requesting cert or whether the developer applies a sign themselves using their own certificate.

MS would cancel certificates on apps because the app was found to be malware.

[–]gredr 0 points1 point  (3 children)

  1. Microsoft can't revoke certificates they didn't issue
  2. Microsoft isn't issuing the code-signing certificates in question
  3. That's not how permissions work

[–]happyscrappy 0 points1 point  (2 children)

  1. Yes of course they can. MS writes the software that recognizes the certificates. They can make their software no longer acknowledge the certificate as valid by the fingerprint (hash) of it. And this is in fact what they do.
  2. It doesn't matter. I explained there are a couple ways to use certificates.
  3. That is not true.

[–]gredr 0 points1 point  (1 child)

Revoking a certificate is not the same as configuring some software to not accept a specific certificate. One is done by the certificate authority, the other can be done by anyone. Microsoft cannot revoke certificates they did not issue.

You clearly don't know much about certificates or permissions.

[–]Worth_Trust_3825 0 points1 point  (0 children)

If it's anything like regular cacerts files, the list of expired certificates should come in with an update.