Hacker News new | past | comments | ask | show | jobs | submit login

There are two problems: how on earth samsung may have the idea to produce this kind of software and who is signing software without giving a look at what he is signing. A problem of software development mentality (on windows) and a problem of responsability.



> who is signing software without giving a look at what he is signing.

Versign would by proxy, as one example. A certificate authorized to sign code was purchased from them. Samsung would directly, to prove that this shit software came from them.

Just like SSL/TLS. I could set up an SSL website that performs drive-by attacks, would Verisign sign that? Yes, yes they would.

Vericode isn't an gate keeper like Macs certificates are. It's designed to improve security: if I download a Samsung installer Windows will tell me that it is indeed from Samsung (during the UAC elevation) because the signature checks out. This means that I can be certain that unbeknownst malware won't be installed on my PC alongside the Samsung malware.

The story is different with WHDL (drivers), those are signed by Microsoft (in addition to yourself, I think).


Samsung signed the software, of course. Who else would?


when you are asking for companies to verify all the software that is signed by their certs, im quite certain you are not at all considering the consequences.


Signing software only proves that it came from you. It doesn't say anything about what the software does. That's what your reputation is for.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: