310    Chapter 5 • Communication Security: Web Based Services

                 This is the primary benefit of code signing. It provides users with the identity
             of the software’s creator. It allows them to know who manufactured the program
             and provides them with the option of deciding whether to trust that person or
             company.When the browser is about to download the component, a warning mes-
             sage is displayed, allowing them to choose whether it is to be installed or loaded
             into memory.This puts the option of running it in the user’s hands.

             Problems with the Code Signing Process

             A major problem with code signing is that you must rely on a third party for
             checking authenticity. If a programmer provided fake information to a CA or stole
             the identity of another individual or company, they could then effectively distribute
             a malicious program over the Internet.The deciding factor here would be the CA’s
             ability to check the information provided when the programmer applied for the
             certificate.
                 Another problem occurs when valid information is provided to the CA, but the
             certificate is attached to software that contains bad or malicious code.An example
             of such a problem with code signing is seen in the example of Internet Exploder,
             an ActiveX control that was programmed by Fred McLain.This programmer
             obtained an Authenticode certificate through VeriSign.When users running
             Windows 95 with Advanced Power Management ran the code for Internet
             Exploder, it would perform a clean shutdown of their systems.The certificate for
             this control was later revoked.
                 Certificate Revocation Lists (CRLs), which store a listing of revoked certificates,
             can also be problematic.Web browsers and Internet applications rarely check certifi-
             cate revocation lists, so it is possible for a program to be used even though its certifi-
             cate has been revoked. If a certificate was revoked, but its status was not checked, the
             software could appear to be okay even though it has been compromised.
                 These problems with code signing do not necessarily apply to any given CA.
             Certificates can also be issued within an intranet using software such as Microsoft
             Certificate Server. Using this server software, users can create a CA to issue their
             own digital certificates for use on a network.This allows technically savvy individ-
             uals to self-sign their code with their own CA and gives the appearance that the
             code is valid and secure.Therefore, users should always verify the validity of the CA
             before accepting any files.The value of any digital certificate depends entirely on
             how much trust there is in the CA that issued it. By ensuring that the CA is a valid
             and reputable one, administrators can avoid installing a hacker’s code onto their
             system.




          www.syngress.com