How can digitally signed executable be "secure" ?

[Polaris]

Hi Experts:

I know the purpose of signing an executable (say, by VeriSign) is to make it
more securer. But can anyone explain why ?

If I use my private key to sign an executable, I guess the content of the
executable is changed ? Is it just the exe file header change? What if some
hacker exam the binary header and somehow can make an exe with same name as
mine and with same look in the file header (pretend to be signed digitally)?

Thanks in Advance !

Polaris

 

[Doug Knox MS-MVP]

http://www.answers.com/topic/digital-signature

 

[Harvey Colwell]

A digitally signed executable is guaranteed to not to have been tampered
with during transmission and that it does in fact come from the individual
that says they sent it (or was created by the individual that says he
created it). But in NO WAY does this mean that the executable is actually
safe. Digitally signed malicious has been distributed.

Of course, as soon as these signer was identified, the Certificate Authority
for that individual revoked their digital certificate. But the malicious
code still got installed by many people.

 

[Steven L Umbach]

The name of the file could be the same but the content of the file would be
different and then the hash value would not match the original. I am not
sure exactly what is used to determine the hash but I understand enough is
used to make the technology very secure. I believe file size is used as one
element so if the file contains one more or less character that alone would
be enough to make the hash different. If you are using Windows XP Pro or
Windows 2003 you can use Software Restriction Policies to make hash rules so
you could try changing a file and see what happens to the computed
ash. --- Steve